ALIENVAULT USM FOR AWS SOLUTION GUIDE

Similar documents
DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

SIEMLESS THREAT DETECTION FOR AWS

Incident Response and Forensics in your Pyjamas

SIEM Solutions from McAfee

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

McAfee Skyhigh Security Cloud for Amazon Web Services

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

AKAMAI CLOUD SECURITY SOLUTIONS

SIEMLESS THREAT MANAGEMENT

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Background FAST FACTS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Getting Started with AWS Security

align security instill confidence

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

RiskSense Attack Surface Validation for IoT Systems

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Reinvent Your 2013 Security Management Strategy

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

ForeScout Extended Module for Splunk

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Unified Security Management vs.

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Title: Planning AWS Platform Security Assessment?

Security & Compliance in the AWS Cloud. Amazon Web Services

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Privileged Account Security: A Balanced Approach to Securing Unix Environments

ALERT LOGIC LOG MANAGER & LOG REVIEW

SECURITY-AS-A-SERVICE BUILT FOR AWS

Best Practices in Securing a Multicloud World

SIEM: Five Requirements that Solve the Bigger Business Issues

Architecting for Greater Security in AWS

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

locuz.com SOC Services

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Enhanced Threat Detection, Investigation, and Response

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Securing Your Digital Transformation

Five Essential Capabilities for Airtight Cloud Security

CYBER SECURITY WHITEPAPER

Trustwave Managed Security Testing

Automating the Top 20 CIS Critical Security Controls

Unlocking the Power of the Cloud

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Vulnerability Management

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

How AlienVault ICS SIEM Supports Compliance with CFATS

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Office 365 Buyers Guide: Best Practices for Securing Office 365

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

SecureVue. SecureVue

the SWIFT Customer Security

Training on Amazon AWS Cloud Computing. Course Content

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Intermedia s Private Cloud Exchange

Continuous protection to reduce risk and maintain production availability

Securing Your Amazon Web Services Virtual Networks

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Spotlight Report. Information Security. Presented by. Group Partner

CloudSOC and Security.cloud for Microsoft Office 365

Compliance with CloudCheckr

HIPAA Compliance and Auditing in the Public Cloud

RED HAT CLOUDFORMS. Chris Saunders Cloud Solutions

Hackproof Your Cloud Responding to 2016 Threats

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

GDPR COMPLIANCE REPORT

WHITE PAPER. Five AWS Practices. Enhancing Cloud Security through Better Visibility

Clearing the Path to PCI DSS Version 2.0 Compliance

Magento Commerce Architecture and Security Model Last updated: Aug 2017

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

PALANTIR CYBERMESH INTRODUCTION

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Security Camp 2016 Cloud Security. August 18, 2016

Acalvio Deception and the NIST Cybersecurity Framework 1.1

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Run the business. Not the risks.

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Transcription:

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management for AWS environments. It is an AWS-native security solution for securing your ever-changing AWS environment against an evolving threat landscape: Scalable, centrally managed collection of essential security capabilities that identify suspicious or malicious behavior Built for the Amazon Shared-Responsibility security model, maximizing visibility of potential threats and makes it easy to use built-in AWS security features like CloudTrail and Security Groups Threat intelligence from AlienVault Labs Threat Research team maximizes the effectiveness of your security monitoring program and provides a global view of emerging threats Purpose-built for the unique resource-allocation and scalability requirements of the cloud environment, and satisfies rigorous monitoring and reporting requirements The USM for AWS platform includes all of the essential security capabilities you need to quickly identify and respond to malicious behavior and unsecure configurations in a single application, including: Asset discovery API-powered Asset Discovery Vulnerability assessment AWS infrastructure assessment Authenticated Vulnerability Assessment Intrusion Detection Behavioral Monitoring Log management (elastically scalable and searchable) Including S3 and ELB access log monitoring and alerting SIEM USM for AWS is an AWS-native solution that accelerates and CloudTrail monitoring and alerting simplifies threat detection and response, on day one. Event correlation AlienVault USM for AWS also helps you meet compliance requirements, including PCI DSS, HIPAA, FISMA, GLBA and ISO 27002. It is highly customized for operation in the AWS environment and integrates with the Amazon API to provide immediate visibility and threat detection. The Migration to Public Cloud Computing Organizations large and small are adopting cloud services. According to Spiceworks 1, 65% of organizations in North America and 56% in EMEA have already adopted cloud services. The adoption rate ranges between 68% for organizations with less than 19 employees to 53% for organizations with 500 or more employees. The services these organizations have adopted include web hosting, email hosting, productivity (including file sharing and online collaboration), application hosting, and backup/recovery. The implication of this migration to the cloud is that a significant portion of your organization s data is likely already in the cloud, or will be on its way shortly, and you need to ensure its security. Shared Responsibility for Security The Amazon environment offers significant advantages for many organizations with its innovative technology model. However, one aspect of this innovation that can present unanticipated challenges is its Shared Responsibility security model. As stated on AWS security portal 2, You must secure anything you put on the infrastructure or connect to the infrastructure. That means that if you rely on AWS, you need to evaluate the configuration of your network access and security controls regularly. Otherwise, you could inadvertently deploy insecure configurations, putting your instances and assets at risk. 1 Spiceworks State of IT Report 2014 2 http://aws.amazon.com/security/ 2

Targeting AWS Accounts AWS accounts are being targeted today by attackers who take advantage of the complete control AWS APIs provide and the lack of visibility most IT teams have over their AWS environments. Two common attacks are: Theft of compute power from compromised accounts for purposes like Bitcoin mining Use of compromised accounts to store data exfiltrated from other victims (such as credit card information, electronic health records, or porn) In addition to identifying malicious behavior directed towards your AWS resources, you also need to identify usage of AWS resources for shadow IT purposes. These unauthorized instances could be hosting applications and/or sensitive data while bypassing traditional IT controls, leaving your organization exposed to data breach. The bottom line: you need to ensure your AWS environment is secure. Unified Security Management for AWS The AlienVault Unified Security Management (USM) for AWS platform provides you with the security awareness and threat intelligence that you need to be able to detect and respond to threats, and manages compliance in your AWS environments. USM for AWS gives you visibility into: The state of your AWS infrastructure What assets are in your environment Assets that are misconfigured or vulnerable to exploits Who is using your resources and how they are using them Malicious activity targeting your environment Concerned About Account Credential Compromise? The single platform architecture of USM for AWS delivers the power and effectiveness of integrated security technologies to address common threats like compromised accounts. Key features include: Detect anomalous user activity Correlate all log data to detect unusual behaviors and alert on possible credential compromise Brute-force permission enumeration Identify attempts to use brute-force techniques to elevate permissions to compromise instances. Launch of new server types Alert on launching of new server types regardless of the instance to ensure all new servers comply with policies. USM for AWS is a completely AWS-contained security solution. Unlike hosted security services, we designed USM for AWS specifically to allow you to manage it yourself, and have complete control of your data. It runs completely in your AWS environment and your data never leaves your control. USM for AWS is purpose-built to enable you to secure your AWS environment with these essential features: Elastic Scalability - Scale your threat detection and response capabilities horizontally as your environment changes, to deploy exactly what you need, when you need it: Preconfigured CloudFormation templates simplify provisioning, allowing you to replicate the services you need as your environment scales Priced for elastic environments You can purchase USM for AWS to match your specific requirements as your deployment changes over time, to give you maximum flexibility and avoid paying for security you don t use 3

Automated Asset Discovery Manage your security the way you manage your infrastructure by automatically maintaining an inventory of running instances: Enhance your internal governance capabilities and detect any unauthorized instances, applications, or data Satisfies Amazon scanning policies, eliminating the need for pre-approval by Amazon in EC2 and VPC and allowing you to update your inventory as needed Map all security data back to amazon instance-ids for real cloud forensics and complete visibility Vulnerability Assessment Secure, low-overhead, authenticated scanning allows you to stay current with any changes in your environment: Assess your infrastructure to understand your exposure and prioritize your risks regardless of number of instances Satisfies Amazon scanning policies, eliminating the need for pre-approval by Amazon in EC2 and VPC CloudTrail Monitoring & Alerting - Perform automated event correlation and alerting on data from the CloudTrail service, enabling you to correlate thousands of events each week and eliminate manual data analysis to detect behavioral changes, including: Suspicious instance creation New user creation Security group modification Log Management Provides complete log management for compliance with PCI-DSS, HIPAA, FISMA, FedRAMP, ISO 27002, NERC-CIP, or GLBA requirements. Send your logs to the USM instance with syslog, or use S3 or Amazon CloudWatch logs to gather your data for forensic storage and correlation USM for AWS provides secure collection and retention of both raw log data as well as normalized logs to preserve the chain of custody S3 Access Log Monitoring and Alerting - Automatically analyzes any S3 (Simple Storage Service) access logs of hosted content and material being tracked in your environment: Provides analytics and identifies and alerts on abuse patterns ELB Access Log Monitoring and Alerting - Automatically analyzes any ELB (Elastic Load Balancer) access logs being created in your environment for granular insight into data directed at your instances: Provides analytics and identifies and alerts on abuse patterns Event Correlation - Full-featured correlation engine that provides the ability to analyze the operational logs from your AWS environment: The AlienVault Labs team of threat researchers has created correlation rules to generate targeted alarms complete with remediation advice. End-users and MSSPs can also extend the system to alert on abuse patterns in applications or infrastructure. 4

Integrated Threat Intelligence To give our customers the very best threat detection and response capabilities, our products are powered by expert threat intelligence. The AlienVault Labs Threat Research Team generates novel research on high profile threats and emerging trends in the threat landscape. The AlienVault Labs team derives a significant amount of data from the security community, working with public research institutions, government organizations, and private companies and partners to share and analyze threat data. We supplement the AlienVault Labs research with data from our Open Threat Exchange (OTX). OTX is the largest and most authoritative crowd-sourced threat intelligence exchange in the universe, providing security for you that is powered by all. Every day, more than 26,000 participants from 140+ countries contribute over 1 million threat indicators to OTX. We automatically analyze raw OTX data through a powerful discovery engine that is able to granularly analyze the nature of the threat, and a similarly powerful validation engine that continually curates the database and certifies the validity of those threats. Deploying USM for Amazon Web Services (AWS) AlienVault s USM for AWS architecture consists of a modular, scalable, two-tier architecture: Sensor Nodes (data collectors) and Control Nodes (centralized management and storage) Deploy both the Sensor Node and Control Node on a single AMI in simple deployment For more complex deployments you can deploy more than one Sensor Node to collect data from your environment, managed by a Control Node 5

Summary Moving to the AWS environment can provide your organization with a wide range of benefits, including scalability, reliability, and lower TCO. However, to take advantage of the benefits of the AWS model while securing your applications and data, it s essential that you deploy an AWS-native solution to be able to effectively manage access and configuration. AlienVault USM for AWS is purpose-built for the AWS environment to provide Asset Discovery, AWS Infrastructure Assessment, Vulnerability Assessment, CloudTrail Monitoring and Alerting, S3 and ELB Access Log Monitoring and Alerting, Log Management, and Event Correlation. It is designed to address the security and configuration challenges you experience when trying to secure your elastic AWS environment. Threat intelligence from AlienVault Labs Threat Research team maximizes the effectiveness of your security monitoring program and provides a global view of emerging threats. About AlienVault AlienVault is the champion of mid-size organisations that lack sufficient staff, security expertise, technology or budget to defend against modern threats. Our Unified Security Management (USM) platform provides all of the essential security controls required for complete security visibility, and is designed to enable any IT or security practitioner to benefit from results on day one. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange the world s largest crowd-sourced threat intelligence exchange AlienVault USM delivers a unified, simple and affordable solution for threat detection and compliance management. AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital, Kleiner Perkins Caufield & Byers, GGV Capital, Intel Capital, Sigma West, Adara Venture Partners, Top Tier Capital and Correlation Ventures. For more information visit www.alienvault.com or follow us on Twitter (@AlienVault). 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback