Ulumio Insights provides a comprehensive security platform for hybrid multicloud environments, enabling detailed threat detection, investigation, and rapid response through a visual security graph and specialized dashboards.
Mind Map
클릭해서 펼치기
클릭해서 인터랙티브 마인드맵 전체 보기
Welcome to the Ulumio Insights overview.
We'll begin with the security graph view
which provides an overall systems view
of our entire hybrid multicloud
environment. This includes Azure, AWS,
and GCP resources within our estate.
Next, we'll go to the insights hub where
a single pane displays all the various
dashboards related to lateral movement
risk. Whether it's malicious traffic,
risky services, connectivity across
different parts of our environment, or
potentially unauthorized use of public
LLMs. To examine malicious IP activity
in more detail, we can navigate to the
malicious IP dashboard. Here, we analyze
traffic to or from known malicious IPs.
We can zoom into the global threat map
to identify which geographic regions are
involved. We can further explore which
specific types of workloads are
connected to malicious IPs.
Additionally, the traffic query results
display heavily decorated flows where AI
and ML models have added extra context
to connections and workloads. Once we've
identified a resource that might be
impacted or involved in malicious IP
activity, we can investigate that
resource further. We can view the
security graph from the perspective of
this resource including all its
neighbors in a single richly detailed
view. We can also review other
activities associated with it. For
example, there might be risky traffic or
signs of potential data exfiltration.
Based on this analysis, if we suspect
the resource is compromised, we can take
immediate action. quarantine it with one
click directly from insights to isolate
the workload and prevent it from
connecting with other parts of the
environment while we proceed with
Let's look at another insights dashboard
risky traffic.
Suppose an OC indicates a specific
threat actor is present in our
environment and we know that this actor
uses SMB for lateral movement. We can
investigate SMB activity within our
environment. We focus on the involved
workloads and their types. We examine
traffic patterns from workloads showing
unusually high SMB traffic with one
particular workload standing out. We
might decide to focus our investigation
on that specific workload. As with the
malicious IP dashboard, we can see if
there's any traffic between zones and
across clouds. Our focus remains on this
workload with unusually high SMB
activity. And we can again explore this
workload by viewing its resource traffic.
The security graph centered on this
workload and its direct neighbors
reveals what it interacts with such as
resources in AWS and GCP. We can also
investigate other activities beyond SMB
such as RDP or Rustesk which are often
high-risk protocols.
If action is needed, we can further
examine the resources attached to this
workload, the cloud environment, network
devices, etc. We might also review
detailed traffic flows for additional
assurance and then use the one-click
quarantine to isolate it. That's a quick
overview of Alumio insights. We hope you
텍스트나 타임스탬프를 클릭하면 동영상의 해당 장면으로 바로 이동합니다
공유:
대부분의 자막은 5초 이내에 준비됩니다
원클릭 복사125개 이상의 언어내용 검색타임스탬프로 이동
YouTube URL 붙여넣기
YouTube 동영상 링크를 입력하면 전체 자막을 가져옵니다
자막 추출 양식
대부분의 자막은 5초 이내에 준비됩니다
Chrome 확장 프로그램 설치
YouTube를 떠나지 않고 자막을 즉시 가져오세요. Chrome 확장 프로그램을 설치하면 동영상 시청 페이지에서 바로 자막에 원클릭으로 접근할 수 있습니다.
