0:05 Welcome to the Ulumio Insights overview.
0:07 We'll begin with the security graph view
0:09 which provides an overall systems view
0:11 of our entire hybrid multicloud
0:15 environment. This includes Azure, AWS,
0:18 and GCP resources within our estate.
0:20 Next, we'll go to the insights hub where
0:22 a single pane displays all the various
0:24 dashboards related to lateral movement
0:26 risk. Whether it's malicious traffic,
0:29 risky services, connectivity across
0:31 different parts of our environment, or
0:33 potentially unauthorized use of public
0:36 LLMs. To examine malicious IP activity
0:38 in more detail, we can navigate to the
0:42 malicious IP dashboard. Here, we analyze
0:45 traffic to or from known malicious IPs.
0:47 We can zoom into the global threat map
0:50 to identify which geographic regions are
0:52 involved. We can further explore which
0:54 specific types of workloads are
0:57 connected to malicious IPs.
0:59 Additionally, the traffic query results
1:02 display heavily decorated flows where AI
1:04 and ML models have added extra context
1:07 to connections and workloads. Once we've
1:09 identified a resource that might be
1:11 impacted or involved in malicious IP
1:13 activity, we can investigate that
1:15 resource further. We can view the
1:17 security graph from the perspective of
1:19 this resource including all its
1:21 neighbors in a single richly detailed
1:24 view. We can also review other
1:26 activities associated with it. For
1:28 example, there might be risky traffic or
1:31 signs of potential data exfiltration.
1:33 Based on this analysis, if we suspect
1:36 the resource is compromised, we can take
1:38 immediate action. quarantine it with one
1:41 click directly from insights to isolate
1:42 the workload and prevent it from
1:44 connecting with other parts of the
1:45 environment while we proceed with
1:51 Let's look at another insights dashboard
1:54 risky traffic.
1:56 Suppose an OC indicates a specific
1:58 threat actor is present in our
2:00 environment and we know that this actor
2:03 uses SMB for lateral movement. We can
2:05 investigate SMB activity within our
2:07 environment. We focus on the involved
2:10 workloads and their types. We examine
2:12 traffic patterns from workloads showing
2:14 unusually high SMB traffic with one
2:17 particular workload standing out. We
2:19 might decide to focus our investigation
2:22 on that specific workload. As with the
2:24 malicious IP dashboard, we can see if
2:25 there's any traffic between zones and
2:28 across clouds. Our focus remains on this
2:30 workload with unusually high SMB
2:33 activity. And we can again explore this
2:34 workload by viewing its resource traffic.
2:40 The security graph centered on this
2:42 workload and its direct neighbors
2:44 reveals what it interacts with such as
2:48 resources in AWS and GCP. We can also
2:50 investigate other activities beyond SMB
2:53 such as RDP or Rustesk which are often
2:56 high-risk protocols.
2:58 If action is needed, we can further
3:00 examine the resources attached to this
3:02 workload, the cloud environment, network
3:05 devices, etc. We might also review
3:07 detailed traffic flows for additional
3:09 assurance and then use the one-click
3:12 quarantine to isolate it. That's a quick
3:15 overview of Alumio insights. We hope you
