Monitoring activity in your Amazon Web Services (AWS) environment is essential to maintaining the security of your applications and ensuring regulatory compliance. Amazon provides several important tools to assist you, including CloudTrail.
AWS CloudTrail is a log monitoring service that records all API calls for your AWS account. CloudTrail allows you to track changes to your AWS resources, conduct security analysis, and troubleshoot operational issues. However, CloudTrail as a security tool is incomplete, as it doesn’t correlate events or conduct any security analysis.
AlienVault® Unified Security Management (USM) Anywhere™, with its native AWS sensor, addresses this limitation in CloudTrail and delivers critical event correlation and log management capabilities. USM Anywhere enables you to detect malicious activity in your AWS instances using the AWS CloudTrail logs. It also helps you comply with regulatory requirements such as PCI DSS and HIPAA.
AlienVault USM Anywhere allows you to monitor AWS CloudTrail and secure your AWS environment with these critical features:
Automated CloudTrail Log Management and Event Correlation
Complete Log Management for Compliance
Integrated Threat Intelligence Updates
To maintain the security of your applications running in AWS, you need to continuously monitor their activity to identify changes and correlate events. CloudTrail is one of the useful tools that Amazon provides to assist you with monitoring and securing your AWS instances. However, CloudTrail as a security tool is incomplete, as it doesn’t perform correlation of events or conduct any security analysis.
AlienVault USM Anywhere automatically monitors, correlates and analyzes events from CloudTrail to detect security threats across the systems and applications you have running in AWS. With its purpose-built sensor for AWS, USM Anywhere will automatically detect your use of CloudTrail and retrieve your logs across all regions.
AlienVault USM Anywhere also enables you to effectively correlate events from the CloudTrail logs to detect suspicious behavioral changes or other malicious activity in your AWS instances, including security group changes. And USM Anywhere builds all the monitoring and security event management capabilities you need into a centralized dashboard.
Monitoring your AWS environment is also critical for ensuring compliance with regulatory requirements. Although CloudTrail can effectively feed data into log management platforms, simply using CloudTrail on its own does not help achieve compliance with regulatory requirements. You need to integrate CloudTrail with a comprehensive security tool that provides secure collection and retention of both raw log data as well as normalized logs.
AlienVault USM Anywhere with its AWS-native sensor delivers this comprehensive AWS log management and log analysis capability to help you achieve compliance with regulatory requirements such as PCI DSS, FedRAMP, Sarbanes-Oxley, and HIPAA. Although specific requirements for monitoring and security event management vary from one standard to the next, USM Anywhere can help you quickly achieve compliance in your AWS environment with all the essential security capabilities you need in a single console.
Proactively securing your AWS environment requires more than just collecting and monitoring security events. You need security analysis capabilities that make connections between seemingly unrelated events and you need to build correlation rules that will identify particular patterns. However, building these correlation rules can be a resource-intensive task, involving researching countless alerts and events, leveraging threat data from external sources to put the alerts in context, properly identifying the malicious activity, and then writing the corresponding correlation rules to proactively block these threats.
That’s where the Threat Intelligence produced by AlienVault Labs and the Open Threat Exchange (OTX) steps in to assist. Think of the AlienVault Labs team as an extension of your IT team – a team that is constantly performing advanced research on current threats and developing continuous updates to USM Anywhere’s threat intelligence. The Labs team incorporates this expertise into the library of correlation rules that are included with the USM Anywhere platform.
AlienVault Threat Intelligence is information about malicious actors, their tools, infrastructure and methods. AlienVault eliminates the need for you to conduct your own research and to write your own correlation rules. The continuous updates from AlienVault Labs enable the AlienVault USM Anywhere platform to analyze the mountain of event data from all of your AWS CloudTrail logs and tell you exactly what are the most important threats facing your AWS environment right now, and what you need to do about them.
USM Anywhere provides complete cloud security management for your AWS environments. It
includes all of the essential capabilities for monitoring cloud security and quickly identifying
malicious or suspicious activity in your AWS cloud infrastructure.