We have said repeatedly that the term "solution" is hype-talk and has no real meaning unless the problem being solved is articulated as well. In the case of LORIC, that problem - or, more accurately, set of problems - is, in fact, clearly articulated. This tool set does not try to be all things to all enterprises. It is specific and addresses three important cloud issues: Visibility into cloud applications, threat detection for cloud applications, and compliance in the cloud including detecting configuration changes and their management as well as incident response automation. That sounds fairly simple and straightforward. Straightforward it is. Simple, it's not. LORIC addresses these three challenges using, among other things, machine learning and supervised learning patterns.
There is a lot of hype surrounding machine learning. Stanford University defines machine learning as the "science of getting computers to act without being explicitly programmed." In fact, if you want to learn more about machine learning, it is the topic of a course on Coursera. In the case of LORIC, machine learning is applied in its classical sense. For example, it is applied during activity and behavior monitoring to detect threats and anomalies. Once an anomaly is detected, LORIC applies the appropriate remediation by pushing a new security configuration to the affected target and then enforcing that configuration's policies.
Since LORIC has the advantage of knowing several thousand threat vectors, the results of monitoring may lead to threat prediction. Predictive treat analytics allows LORIC to evaluate risks and take appropriate remediation steps. Should an incident occur, LORIC can respond automatically and then loop back to test and ensure that the incident is, in fact, remediated and the weakness that allowed it has, as well, been remediated. This is a full 360 degree, closed loop system that incorporates detection, remediation, testing and then back to detection.
LORIC sits in the cloud as a SaaS application that requires no hardware, software or proxies on the endpoint. The user experience, therefore, is not impacted. The administrator simply needs to configure LORIC to interact with the cloud services the organisation wishes to protect and LORIC begins to inspect activity associated with those services. Along the way, the administrator can view threats and anomalies on a dashboard and LORIC logs and remediates automatically.
The admin dashboard is typical of those we are seeing today. It is clear, comprehensive and uncluttered. However, a close look will reveal some interesting aspects. For example, you might see several instances of Office 365. That is because there likely are multiple users of Office 365 in the organisation and groups may well apply different policies/configurations. We all know that one size rarely fits all and that certainly is the case here. So it only makes sense that LORIC would allow multi-instances so that different deployments of a cloud resource are seen and evaluated separately. Even though there are multiple instances - and multiple services shown as well, of course - there is a single dashboard so that the administrator can see the entire cloud enterprise under a single pane of glass.
Drill-down is excellent and the concept of key security indicators (KSIs) is very important as is the instantiation of early warning indicators. KSIs give the early warning that something is afoot. For example, a user with a high number of failed login attempts in a relatively short period of time may give early warning of a brute-force attempt. Similarly, a list of users with the most failed login attempts may give the same early warning. The KSIs can be edited to be consistent with the organisation's security policies.
Another important output of LORIC is the list of risk events. This list - a bit like a specialised log - describes the risk and ranks it as high, medium or low. Drilling down gets admins specific log data that provides as much detail as is available from the cloud resource itself, in addition to what LORIC has been able to derive.
Finally, there is a full incident management system built in that allows ticketing and incident remediation if the administrator wants to get involved beyond the automated remediation present in the tool set.
On the threat side there is an equally good drill-down system and the dashboards are equally clean, comprehensive and uncluttered, as one would expect. Policy management is straightforward - something we have come to expect - and there are, at this writing, 168 pre-made policies but, of course, you can create your own as well.
At a glance
Price £4 per user per month.
What it does Combines security configuration management, threat detection, predictive analytics and automated incident response for cloud assets from branded applications, such as Microsoft Office 365, to infrastructure, such as AWS.
What we liked A strong security management tool built on a solid premise of visibility into cloud applications, threat detection for cloud applications and compliance in the cloud.