Multi-Cloud Event Log Analytics and User Behavior Monitoring

Cloud storage consists of logical constructions that are beyond the management of enterprises in contrast to traditional on-premise storage systems.  Consequently, this results to loss of control and ineffectiveness of traditional security tools applied to secure cloud storage.


In order to mitigate this security lapse and provide secure enterprise file syncing and sharing options, we employ log event aggregation and analysis to detect suspicious user  behaviour and activities against CloudRAID cloud accounts and resources. All event logs and activities from CloudRAID cloud accounts are collected, aggregated and analysed for malicious activities. Machine learning techniques and Complex Even Processing  (CEP) strategies are employed to detect malicious file sharing activities and unusual requests from users and devices. This approach introduces security control and counter-measures against several attack vectors.

Secure Cloud Configuration Management and Risk Analysis

We use CSBAuditor, a novel cloud security system that continuously audits Cloud Storage Broker (CSB) resources e.g. CloudRAID, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. This approach is particularly imperative given the increasing attacks against cloud storage owing to misconfigurations, which have led to several data breaches e.g. the Verizon AWS S3 data breach. 


Our methodology consists of consistent maintenance of the cloud state via a continuous snapshotting mechanism thereby ensuring fault tolerance and visibility. We adopt the principles of chaos engineering by integrating BrokerMonkey, a complimentary system that continuously injects failures into our reference CSB system, CloudRAID. Hence, CSBAuditor is continuously tested for its efficiency in detecting unauthorized changes made in the cloud accounts which could indicate cloud attacks. Furthermore, unlike similar systems CSBAuditor employs security metrics for risk analysis by computing numeric severity scores for detected vulnerabilities using several methodologies e.g. the Common Configuration Scoring System. Hence, the limitation of insufficient or binary-based security metrics in existing cloud auditing schemes is overcome and the security of monitored cloud services is quantitatively measured.