| Info |
|---|
This article explains security controls that Cloudaware designed and implemented into Wazuh for IDS module. |
| Table of Contents |
|---|
Introduction
Cloudaware offers Intrusion Detection functionality as part of its Threat Center bundle. Our platform customizes out-of-the-box Wazuh event collection flow and registration process. Cloudaware customizations are designed to make Wazuh suitable for cloud-based environments with high inventory turnover. In addition, Cloudaware Wazuh is designed to support Docker and Kubernetes environments.
...
During this registration process, a bi-directional trust is established. Wazuh server will reject the connections from agents that do not present valid certificates and Wazuh agents will reject servers that do not match the domain name of the certificate signer.
Data Protection
Out-of-the-box Wazuh agents and Servers use HTTPS for all communications, thus providing encryption in transit. Cloudaware deploys additional security controls to encrypt data at rest using LUKS disk volume encryption, thus providing data encryption at rest.
...
Intrusion Detection and Audit Logging
All Wazuh servers run the Wazuh agent by default. The data from Wazuh agents is collected on an internal log collection server that is isolated on its own highly restricted network segment. Our SOC team monitors and audits security events emanating from customer serving Wazuh servers.
...