SECURITY-AS-A-SERVICE BUILT FOR AWS

Similar documents
SECURITY-AS-A-SERVICE BUILT FOR MICROSOFT AZURE

SECURITY-AS-A-SERVICE

SIEMLESS THREAT MANAGEMENT

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SIEMLESS THREAT DETECTION FOR AWS

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Securing Your Amazon Web Services Virtual Networks

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Getting Started with AWS Security

SYMANTEC DATA CENTER SECURITY

Securing Your Microsoft Azure Virtual Networks

CLOUD WORKLOAD SECURITY

AWS Reference Design Document

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

TRUE SECURITY-AS-A-SERVICE

PT Unified Application Security Enforcement. ptsecurity.com

Title: Planning AWS Platform Security Assessment?

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

A Risk Management Platform

McAfee Skyhigh Security Cloud for Amazon Web Services

Cloud Security Strategy - Adapt to Changes with Security Automation -

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Microsoft Networking Academy

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Reinvent Your 2013 Security Management Strategy

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

ALERT LOGIC LOG MANAGER & LOG REVIEW

RSA INCIDENT RESPONSE SERVICES

SIEM Solutions from McAfee

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Automating the Top 20 CIS Critical Security Controls

RSA NetWitness Suite Respond in Minutes, Not Months

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security & Compliance in the AWS Cloud. Amazon Web Services

RSA INCIDENT RESPONSE SERVICES

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Five Essential Capabilities for Airtight Cloud Security

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Hackproof Your Cloud Responding to 2016 Threats

Closing the Hybrid Cloud Security Gap with Cavirin

Best Practices in Securing a Multicloud World

Continuously Discover and Eliminate Security Risk in Production Apps

Qualys Cloud Platform

Safeguard Application Uptime and Consistent Performance

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Securing Microservices Containerized Security in AWS

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Lift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies

Unlocking the Power of the Cloud

Qualys Cloud Platform

CyberPosture Intelligence for Your Hybrid Infrastructure

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

BUYER S GUIDE EVALUATING VULNERABILITY ASSESSMENT SOLUTIONS

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Solution Overview Gigamon Visibility Platform for AWS

Securing the Software-Defined Data Center

THE ACCENTURE CYBER DEFENSE SOLUTION

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology

AWS Well Architected Framework

Additional Security Services on AWS

Managed Endpoint Defense

RiskSense Attack Surface Validation for Web Applications

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Data Sheet Gigamon Visibility Platform for AWS

Pulse Secure Application Delivery

McAfee Cloud Workload Security Product Guide

Carbon Black PCI Compliance Mapping Checklist

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Advanced Techniques for DDoS Mitigation and Web Application Defense

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Deep Security Integration with Sumo Logic

The Why, What, and How of Cisco Tetration

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Operationalizing the Three Principles of Advanced Threat Detection

Modern Database Architectures Demand Modern Data Security Measures

Imperva Incapsula Website Security

Architecting for Greater Security in AWS

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Security Camp 2016 Cloud Security. August 18, 2016

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

locuz.com SOC Services

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Vulnerability Management

Datacenter Security: Protection Beyond OS LifeCycle

Traditional Security Solutions Have Reached Their Limit

Transcription:

SOLUTION BRIEF: SECURITY-AS-A-SERVICE BUILT FOR AWS Alert Logic Security-as-a-Service solutions integrate cloud-based software, analytics and expert services to assess, detect and block workload threats and help you comply with mandates like PCI, HIPAA and SOX COBIT. We focus on threats most relevant to workloads on AWS by defending your full web application and infrastructure stack, including hard-to-detect web app attacks such as SQL injection, path traversal and cross-site scripting. Integrated expert services for detection, blocking and compliance augment in-house security and empower cloud and application professionals. With native API-driven automation and templates for AWS and DevOps tool chains, Alert Logic solutions provide agile security that scales. Focus on the most cloud-relevant threats with full-stack protection of your web application and infrastructure stack Accelerate production with API-driven automation and elasticity Add security experts to your team overnight without hiring staff Preserve application performance with lightweight agents and auto-scaling support Simplify with one service that works across cloud and on-premises environments Alert Logic has a head start in the cloud, and it shows Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider that can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations. Forrester 2016 MSSP WAVE Report

SECURITY-AS-A-SERVICE FOR AWS 2 FOCUS ON THE MOST CLOUD-RELEVANT THREATS WITH FULL-STACK SECURITY Security in AWS is a shared responsibility. AWS is responsible for security of the Cloud, such as physical security, instance isolation and protection for foundation services. You are responsible for security in the Cloud, meaning you must secure your applications and data within AWS. When moving from your own data center to cloud computing, your list of security responsibilities may actually be shorter. But that doesn t necessarily make it easier. AWS invests at scale to secure the network against DDoS and scanning as well as hardening hypervisors against attack. Users can configure hosts that terminate and regenerate from a master image at regular intervals, creating immutable infrastructure that prevents host-based threats from retaining a foothold. Cloud innovations such as these are making it more difficult and less profitable for adversaries to attack the lower end of your application and infrastructure stack. While the bottom of the stack is hardening, the top is softening. Businesses are increasingly dependent on inherently vulnerable custom web applications. Accelerated by a potent mix of hybrid IT environments, rapid CI/CD cycles, open source frameworks and languages such as Apache Struts, Rails, and PHP, web-based applications are complicating the enterprise attack surface with more inherited and developed vulnerabilities, while inviting exploits that are increasingly difficult to prevent. Web application attacks are the #1 attack vector causing data breaches, tripling as a proportion of all breaches from 9.4% to 30% from 2014-2017 according to the Verizon 2017 Data Breach Investigations Report. Web App Attacks POS Intrusions Miscellaneous Errors Privilege Misuse Cyber-espionage Everything Else Payment Card Skimmers Physical Theft/Loss Source: Verizon DBIR 2017 Crimeware Denial of Service Web app attacks are now the #1 source of data breaches 1 47 74 89 UP 300% SINCE 2014 184 207 222 Web application attacks are the #1 source of breaches. Source: Verizon DBIR 2017 277 289 But less than 5% of data center security budgets are spent on app security Source: Gartner 571 $23 to $1 10% 20% 30%

SECURITY-AS-A-SERVICE FOR AWS 3 Alert Logic invests in proprietary research and threat intelligence to understand vulnerabilities, exposures, exploits, methods and attack behaviors at each layer of your application and infrastructure stack and the open source and commercial components within them. We integrate these unique full-stack insights with other global sources of threat intelligence and content to continually enrich vulnerability and exposure scanning, threat detection analytics, incident reports and blocking logic. The result: vulnerability scans, incident reports and live consultations that give you context and confidence to know when and where to act. Full-stack security includes continuously updated vulnerability coverage and threat detection logic for all layers of your application and infrastructure stacks. REBALANCE YOUR DEFENSES FOR CLOUD THREATS Web applications have long been under-protected. Enterprise spending on network perimeter security has dwarfed application security 23:1 1, yet 59% of IT security professionals said traditional tools work somewhat or not at all in hyperscale cloud environments 2. Forcing cloud traffic to pass through perimeter appliances like next-generation firewalls and intrusion prevention appliances creates performance choke points and single points of failure that disrupt business and slow down production applications. The reflex to block more and more attacks at the perimeter is also increasingly ineffective. Blocking requires ultrahigh confidence decisions to be made in milliseconds, but few threats announce themselves so clearly anymore. Those responsible for the most breaches such as SQL injection and cross-site scripting hide in plain sight. They slip past even expensive next-gen firewalls because high-confidence detection requires analysis of multiple data points gathered over time from multiple vectors to confirm. Alert Logic develops and uses multiple technologies to strike the right balance for cloud and hybrid environments. Web Security Manager Premier, our in-line Web Application Firewall (WAF), targets attacks that follow patterns consistent enough to trigger high-confidence millisecond blocking decisions. A dedicated team in our SOC continuously tunes your blocking and white-listing logic to each of your applications to avoid false positives. The WAF is load-balanced on AWS to support cloud-scale application performance and availability. For the remaining majority of attacks, where there is no immediately clear black or white, we use the gold standard in detection: analytics and experts together. Alert Logic ActiveWatch - your personal managed detection and response service - uses multiple layers of analytics, including machine learning and anomaly detection as well as signatures and rules. Analytics are used and enhanced by experts from a variety of disciplines including security research, threat intelligence, data science, and Security Operations Center (SOC) analysts. Together, they act as your virtual security team in the cloud, providing 24x365 monitoring, enriched incident reports, remediation advice and live notification within 15 minutes of critical incidents.

SECURITY-AS-A-SERVICE FOR AWS 4 Partnering with Alert Logic allows me to keep a leaner team. Also, instead of drowning in false positives, we only have to wake up at night when there s an actual problem. - Wayne Moore, Head of Information Security, Simply Business ACCELERATE PRODUCTION WITH API-DRIVEN AUTOMATION AND AGILITY You can see cloud computing s disruptive effect on traditional enterprise security as application, operations and security teams struggle to reconcile opposing security models. The old world: weeks-long, change-controlled, manual releases into IT-controlled data centers guarded by perimeter firewalls. The new world: minutes-long, developer-controlled, automated releases and continuous delivery into cloud platforms where monolithic security gateways inhibit cloud-scale applications. Alert Logic helps bridge these two worlds with a single workload security solution that uses APIs to integrate into cloud, hosted and on-premises environments. For AWS, Alert Logic has designed security from the ground up for agility and scale. Our microservices architecture and RESTful API are combined with advanced logic that natively understands AWS API outputs, blending security seamlessly into your CI/ CD pipeline and dynamic production environment: Buy and pay monthly through AWS Marketplace Start vulnerability scanning in minutes, expert detection within hours Scan continuously without manual requests for permission from AWS Be notified of vulnerabilities throughout your continuous delivery process Launch and monitor within Docker containers Adapt security infrastructure automatically as your environment auto-scales Visualize impact with dynamic topology mapping The Alert Logic Cloud Insight service, for example, consumes output from AWS CloudTrail and AWS IAM to continuously discover and model your AWS environment, audit for unsecure configurations, and run agentless scans on software for CVEs (Common Vulnerability Exposures). Most software vulnerability scanning solutions require manual requests from users with root access for permission to perform penetration testing. Pre-authorized by AWS to scan any time, Cloud Insight scans new instances within minutes of being logged by CloudTrail.

SECURITY-AS-A-SERVICE FOR AWS 5 In addition to CVE scanning, Alert Logic Cloud Insight performs configuration auditing for AWS environments, alerting you to exposures such as overly permissive security groups or AWS Identity and Access Management (IAM) policies, ELBs using insecure ciphers and Amazon Simple Storage Service (Amazon S3) that allow unauthenticated access. Configuration exposures and software vulnerabilities are presented in a visual map of your topology helps you explore, understand and see where to take action in your environment. You can pivot by AMI, Instance ID & Type, IP range, Availability Zone, tags and keywords. Grouping instances by AMI shows you the source of the vulnerability, reducing the noise of all the AMI-generated instances with the same vulnerability. 24x365 THREAT MONITORING FOR DOCKER Containerization has emerged as a popular way for DevOps teams to enable rapid, yet stable, deployment of code changes across all types of production environments. However, it is critical that security teams have visibility to container-level network activity in order to identify potential threats to the environment. Alert Logic provides security coverage for your containers across numerous deployment models, while also helping you to meet your compliance requirements. Our multi-purpose agent, which is easily added directly into your operating system golden image, binds to Docker0, allowing us to capture network activity such as: Container-container traffic Container-host traffic Container-outside world traffic As a result, we are able to capture all available traffic on the host, which is then processed, analyzed and monitored to ensure your Docker environments are protected. UNDERSTAND WHY, WHERE AND HOW TO REACT TO AMAZON GUARDDUTY FINDINGS. Cloud Insight Essentials translates Amazon GuardDuty findings into incidents you can understand, with enriched resource detail and workflow to prioritize and accelerate your responses, including: A clear explanation of the Amazon GuardDuty finding Added details about affected resources such as tags and VPCs Prioritized short- and long-term recommendations to stop active attacks now, and to prevent similar attacks in the future Console-based and API-based workflow to initiate, track and resolve incidents

SECURITY-AS-A-SERVICE FOR AWS 6 API-DRIVEN SECURITY AS AN AGILE, CLOUD-SCALE SERVICE One service: Alert Logic Cloud Defender provides an integrated, comprehensive security and compliance solution. Experts Included. Deploying Alert Logic on AWS is fast and easy. Our software-as-a-service architecture scales to support large migrations and expanding deployments across multiple regions in AWS and on-premises environments. 8 1 7 HTTPS 4 2 AWS CloudTrail IAM WAF Master Auto-Recover 3 Vulnerability Scanning Threat Detection Agent 5 DB Server ZONE A CloudFormation WAF Worker DB Server VPC Elastic Load Balancer Web Traffic Elastic Load Balancer WAF Worker WAF Worker 6 Threat Detection DB Server ZONE B Conceptual example of a simple 3-tier application 1. Continuous discovery: Maintains asset and topology model 2. Misconfiguration checks: Identify misconfigurations in accounts and services 3. Continuous scanning: Resources and VPCs are scanned within minutes of being created 4. Continuous detection: Network and log collectors auto-register as new instances launch 5. East-West visibility: Traffic between instances inspected to see lateral movement attack progression 6. Elastic WAF: In-line blocking auto-scales to preserve app performance 7. Continuous compliance: CloudTrail, IAM logs parsed into standard taxonomy for PCI, HIPAA and SOX reporting, then, stored and searchable for years in our cloud 8. Offloaded analytics + expert monitoring: Heavy compute and data storage is done in our cloud with 24x365 monitoring 1 Gartner Research G00269825, Joseph Feiman, 2014 2 2016 Cloud Security Spotlight Report, Information Security Linkedin Group Partner, 2016 2017 Alert Logic, Inc. All rights reserved. Alert Logic and the Alert Logic logo are trademarks, registered trademarks, or servicemarks of Alert Logic, Inc. All other trademarks listed in this document are the property of their respective owners. 0318US

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback