How Kloudless Empowers Threat Detection Through Real-Time Event Monitoring David Hallinan Published: March 26, 2020 *This article is part of the Kloudless Guide to Cloud Security, A comprehensive guide to all things Cloud Security in 2020 for security software of all verticals.Hackers pose a very real threat to modern enterprise businesses. Firewalls can be broken into or legitimate credentials that can be procured that allow hackers to incur significant damage. Emails or messages with malicious attachments disguised as innocuous can result in data breaches or millions of dollars in lost capital. As a result, IT security software must take comprehensive measures to ensure that an organization can detect users and other entities that look to compromise the systems that they try to infiltrate.User and entity behavior analytics (UEBA) is one such means of ensuring that an organization is protected. UEBA is a type of cybersecurity process that analyzes the normal conduct of users to detect behavior that deviates from the standard operating procedures of these users. For example, a user that downloads a very small amount of files regularly suddenly switching to downloading vast amounts of data would trigger the system to alert an organization of this irregularity. UEBA does this by using a combination of machine learning, algorithms, and statistical analysis to detect these deviations in behavior.UEBA is not only for end-users, though. A large number of the behaviors that UEBA tracks are insider threats, ranging from employees that have been compromised to users with access to a system that may be planning to carry out targeted attacks on servers, applications, or more.A very large part of UEBA is the ability to trigger event notification when something out of the ordinary occurs, and this is often carried out by a vast array of real-time event monitoring hooks to report events that may seem out of the ordinary. Threat intelligence and threat detection ensure peace of mind for data centers that very well may mean the difference between an organization succeeding or failing due to compromisation.Detection Made EasyTo provide large-scale threat protection, data security solutions need to connect to SaaS apps to gain visibility into user behavior and data. Kloudless offers the ability to connect with over 100 cloud services in the same development time it would take to connect to a single one, so the ability to connect with your users’ preferred services is a quick and painless process for your development team. Kloudless also has you covered with tools like our Unified OAuth flow for individual accounts as well as admin accounts for org-wide access. Our Activity Monitoring API provides you with the tools necessary for thorough user and entity behavior analytics so that your security solution can identify and track threats in real-time. We offer org-wide activity monitoring of all connected cloud accounts with our Team API and EventBridge support.Kloudless is an EventBridge PartnerKloudless is happy to announce that we are an AWS EventBridge partner. Kloudless has extended its activity monitoring functionality with EventBridge’s powerful routing, filtering, analytics, and data delivery guarantees, giving our customers that already use AWS a powerful new means of receiving event data. Product teams building apps in AWS no longer need to implement webhook processing or poll, queue, and filter data on their own, leaving more time to focus on their business logic instead.Kloudless developers using EventBridge receive a stream of activity occurring in their customers’ connected cloud accounts directly within their application stack in AWS. Kloudless publishes events for both basic CRUD activities such as new, updated, or deleted files and objects, as well as more granular audit-type activities such as updates to collaboration controls or group memberships. Developers no longer need to process webhooks from Kloudless or write code in their app to poll, queue, and filter these events; they can instead use EventBridge to filter and route activity to AWS Lambda, Amazon Kinesis, SNS topics, SQS queues, and more. Engineering teams using Kloudless and EventBridge are able to save time and launch product integrations faster by focusing on business logic rather than boilerplate code. “EventBridge lets you easily access changes in data that occur in both AWS and SaaS applications via a highly scalable, central stream of events,” said Moe Alhassan, Partner Solutions Architect at AWS. “It’s fully managed, so it handles everything from ingesting and delivering the Kloudless Unified Event stream, to security, authorization, and error-handling, making it easy to build scalable event-driven applications. And because EventBridge is serverless, there is no infrastructure to manage and you only pay for the events you consume.”When customers connect with Kloudless and EventBridge, data is sent directly to AWS and no longer requires a separate API call from their app or server to Kloudless. The immediate benefit is a reduction of API calls which vastly shortens the time required to acquire event data. Data that would take as long as 30+ seconds to receive can now be obtained in as little as a few seconds. For customers already using the AWS ecosystem, this means reduced complexity and a much-simplified implementation of subscribing to event data, as there is no need to write additional code to process code from Kloudless. Applications process event data directly from AWS, which in most cases, they are already familiar with. Another major benefit for applications looking to take advantage of EventBridge is the additional functionality provided by AWS that Kloudless does not provide, such as filtering event notifications at a granular level to only specific types of events or routing them to different locations based on the event metadataUse CasesEventBridge helps provide Kloudless customers with a bevy of functionality applicable to a host of different use cases. Some of the following are specific benefits that codebases can take advantage of by using EventBridge with Kloudless.Data Sync and CollaborationBusiness users store data in a wide range of locations, including cloud storage, CRM applications, calendar tools, or even within chat applications. This means that integrating with a user’s existing SaaS apps is a fundamental requirement for any business app. Apps can prompt users to pull in any data from their existing software services via the Kloudless Unified API, and can then keep it in sync by listening for activity Kloudless publishes to Amazon EventBridge. When Kloudless publishes a new event to an app in AWS, the app can make further API requests to Kloudless to perform actions like downloading an updated file, updating a CRM record, or refreshing knowledge of a calendar event.UEBA, CASB, DLP, and eDiscoveryData security solutions are tasked with monitoring changes that occur in a customer’s tenant. Those changes may be a new or updated file, a user being added to a group, changes to collaboration settings that result from a file being shared externally, or even several login failures to a particular user account from a certain IP address. Kloudless Activity Monitoring enables security solutions such as for UEBA, CASB, DLP, and eDiscovery, by providing audit log level detail in a consistent and uniform manner via Amazon EventBridge. Kloudless monitors org-wide activity in connected cloud accounts using admin credentials regardless of whether the cloud service requires polling, listening to webhooks, crawling for data, or custom protocols. Once an application using Kloudless is aware of a change via EventBridge, it can take action using Kloudless’ Unified APIs to access, modify, or delete files and objects, collaboration settings, or user and group data.Everything Your Data Security Solution Needs to SucceedFrom account connection to sync and scan, from detection to remediation, Kloudless can power your report dashboard with every tool a modern data protection suite needs right out of the box. We provide “out of the box” connectivity with every cloud service your security solution needs to monitor, and if we don’t provide what you need, we can build it quickly with our custom connector feature. We want to be able to help you help your users, and we think we’re really the only ones out there doing just that.To learn more about what Kloudless can offer your data security solution, please head over to our solutions page and get started reading about how we can help you and your users’ data stay safe or send us an email to email@example.com*This article is part of the Kloudless Guide to Cloud Security, A comprehensive guide to all things Cloud Security in 2020 for security software of all verticals.