Select Page

Jun 29, 2023

Cloud Investigation and Response Automation (CIRA) is emerging–here’s what you need to know.


There’s a new cybersecurity acronym on the rise (yes, another one), and we thought we’d take a moment to explain what it is, why it’s important, and how you can begin to identify the capabilities of your organization and your vendors when it comes to coverage in this area.

According to the Gartner® report titled, Emerging Tech: Security — Cloud Investigation and Response Automation Offers Transformation Opportunities, “cloud investigation and response automation (CIRA) is emerging to automate the investigation and collection of digital forensics in the cloud. Product leaders must adopt transformative cloud technologies to address demand for expanding data collection, analysis, collaboration and future business models.”

Key findings from this report include the following:

  • “Runtime visibility and threat detection are critical aspects of investigations into breach events and help characterize and validate attack methodologies for forensics and incident response activities.
  • Threat detection capabilities are overlapping in multiple areas of security, causing customers to stretch to understand how providers fit across their product needs.
  • Expanding data sources and SaaS delivery in forensics are transforming incident characterization and analysis speed and improving efficiencies in incident response.”

Hillstone Networks is delighted to be included in this report on emerging technology from Gartner, specifically as noted in the area of workload runtime visibility. To that end, let’s take a closer look at Hillstone’s cloud workload protection platform, CloudArmour.

CloudArmour is a cloud workload protection platform that enables protection for hosts including Kubernetes clusters. In addition to the following core capabilities, CloudArmour integrates natively with both Hillstone’s security solutions and third parties via APIs. This critical differentiator enables Hillstones Integrative Cybersecurity approach which prioritizes coverage, control and consolidation to enable business continuity amidst rapid digital transformation. To that end, CloudArmour’s capabilities include:

Comprehensive visibility of complex cloud workloads

From system status, vulnerabilities, network flows, security incidents and threats, CloudArmour automatically synchronizes with container registries, Kubernetes clusters and hosts in real-time. Key components such as images, apps, services, and clusters, as well as the OS, network cards, and processes in the host are all visible in the CloudArmour dashboard.

Dynamic network micro-segmentation

CloudArmour adapts to different cloud platforms and workloads in a non-invasive manner while still enabling granular policy creation and enforcement. With automatic detection of application dependencies, and patented traffic-steering technology, CloudArmour enables microsegmentation at scale that’s ready for any cloud environment and easy to monitor, manage and maintain.

Machine learning-powered threat detection and runtime protection

When pulling in telemetry from multiple, integrated systems, the ability to make sense of it all and find real threats in a barrage of signals is essential. CloudArmour uses machine learning to build behavioral models that provide high-fidelity detection and alerting across all cloud workloads. These detections can then be automatically deployed as rulesets across all hosts and containers, saving countless hours and improving security posture.

Vulnerability management across lifecycle and production

Beyond simply scanning deployed applications for vulnerabilities, CloudArmour integrates with the continuous integration and continuous deployment workflows of the digitally-transformed enterprise. By “shifting left” to address application vulnerabilities at their earliest manifestations, CloudArmour increases coverage beyond containers, virtual machines and cloud hosts.

Compliance assessments and enforcement built in

Aligning with the growing cloud security posture management (CSPM) trends, CloudArmour leverages built-in checks for CIS Benchmarks to offer recommendations for risk remediations across all cloud workloads and containers with native support Kubernetes, Docker, Linux, images and runtime configurations.

Hillstone Networks has established Integrative Cybersecurity as a model for business continuity and cyber resilience on the tenets of coverage, control, and consolidation. By aggregating the key considerations of runtime visibility, multi-source threat detection and diverse environmental support found in CIRA into a comprehensive platform, Hillstone Networks is already in the market and ready for this emerging technology trend.

Gartner, Emerging Tech: Security — Cloud Investigation and Response Automation Offers Transformation Opportunities, By Lawrence Pingree, Mark Wah, Published 5 June 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.