AWS Intrusion Detection System (IDS)

Automate AWS Intrusion Detection (IDS)
to Quickly Identify Malicious Activity

Career Builder, IPG Mediabrands, Vitacost, Pappas Restaurants, U.S. Air Force, Indiana State University
THSB, Ziosk, Save Mart Supermarkets, High Plains Bank, Epsilon Systems Solutions, Pepco Holdings Inc
Lifespan Bioscience, Arcos Dorados Holdings, Bluegrass Cellular, Bank of Ireland, Hays Medical Center, Taylor-Morrison
National Film Board of Canada, Richland Washington School District, PWC, Delta Sonic, Shake Shack, Miami Parking Authority
Brookfield Zoo, SENA Colombia, Hawaiian Telcom, City of Fargo, Rainforest Alliance, HSB
Crawford Insurance, FoleyCAT, Pittsburgh Technical College, YMCA, Payoff, Crosskey Bank
Horizon Health Services, BAE Systems, Dominos, Food Services, GameStop, OshKosh
Food Services, GameStop, OshKosh, Steelcase, Tinder, Cambridge University
Kubota, Party Delights, DHL Deutsche Post, Howard Bank, Mollie Stone's, proactiv


Explore USM Anywhere with Our Online Demo!

Take Control of Your Cloud Security Monitoring, Management and Risks

As organizations of every size are adopting cloud services, attackers have followed suit. But a core problem exists in AWS – there is no way to get complete access to the low-level network traffic using traditional IDS detection methods. However, this challenge can be overcome by accessing the AWS control plane. In doing so, AlienVault® Unified Security Management (USM) Anywhere™ can provide core Intrusion Detection (IDS) capabilities in AWS cloud environments.

Security benefits of AlienVault USM Anywhere for AWS cloud environments include:

  • Full visibility into every operation that is going on in all of your AWS accounts
  • Identify which users have accessed your AWS environment
  • Check and alert on CPU spikes on your AWS instances

AlienVault USM Anywhere unifies the essential security capabilities to enable cloud security management in a single platform:

Built for AWS from the Ground Up

  • Cloud-native intrusion detection (IDS) to monitor AWS environments
  • Designed to work with Amazon’s shared responsibility model without sacrificing IDS visibility
  • Elastic scalability to support multiple accounts and regions

Complete Log Management for Compliance

  • Achieve compliance with PCI DSS, HIPAA, FISMA, FedRAMP, ISO 27001, NERC CIP, or GLBA requirements
  • Secure collection and retention of both raw log data as well as normalized logs

Integrated Threat Intelligence Updates

  • Regular threat intelligence updates accelerate your ability to spot the latest exploits
  • Pre-built, customizable correlation directives eliminate the need for you to create your own
  • Focus on responding to threats rather than researching every alert

AlienVault Is Trusted & Verified

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices. We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes.

See How We Secure Your Data

GDPR Ready
Hippa Complaint
PCI DSS Compliance
ISO Certified
AWS Security Competency
Microsoft Azure Certified

* The ISMS that governs USM Anywhere, USM Central

Built for AWS from the Ground Up

In traditional environments, the network provides a common chokepoint to monitor your environment, a feature that isn’t typically available in the cloud. However, to our advantage, in AWS, the network infrastructure is largely abstracted away.

Beyond simply providing viable alternatives for the core IDS use cases, AWS also presents a new opportunity for you to improve the monitoring you have done in the past. When you consider an IDS solution for AWS, there is a new chokepoint (similar to the network layer in the past) that you can take advantage of called the control plane.

In software-defined networking (SDN) the data and control plane is decoupled. This allows programmatic access to the control plane that makes network administration much more flexible.

USM Anywhere purpose-built AWS sensors have built-in IDS capabilities that leverage the control plane, giving you full visibility into every operation that is going on in your AWS ‘data center’. This allows you to answer important questions such as:

  • Which employee has accessed my AWS environment? Was it really them?
  • Are all of my AWS-based systems sending me their operational logs for analysis?
  • Can I automatically provision a new system I am spinning up into my security monitoring system?
  • Has the CPU spiked on any of my AWS machines in the last hour?
  • Who set up this server?

PCI Compliance

Often the drive for AWS intrusion detection is to meet the requirements of regulatory compliance – in particular PCI DSS Requirement 11.4.

Requirement number 11.4 states: “Use intrusion detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network. Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises.”

The intrusion detection in functionality for AWS within AlienVault USM Anywhere for AWS cloud environments helps you attain PCI compliance with analysis of log data on systems within the cardholder data environment or otherwise in scope for PCI DSS. This visibility, combined with the analysis of the OS-level logs, makes detection of malware and other threats to key information systems possible.

Threat Detection and Intelligence

AlienVault USM Anywhere for AWS cloud environments provides IT security analysts with an AWS-native IDS solution that includes the best threat detection and response capabilities. This is powered by expert threat intelligence generated by the AlienVault Labs team.

The AlienVault labs research is supplemented with data from our Open Threat Exchange (OTX) which is the largest and most authoritative crowd-sourced threat intelligence exchange globally.

Threat Intelligence updates are published continuously by the AlienVault Labs team to the USM for AWS platform in the form of:

  • Correlation directives
  • Vulnerability signatures
  • Asset discovery signatures
  • Incident response templates

This provides your team with the needed information about threat actors, their methods, infrastructure, and tools making it easier for you to monitor your AWS infrastructure without having to be experts in all threats in the wild. Effectively, the AlienVault Labs team becomes an extension to your team, delivering actionable threat intelligence to where you need it most.

AlienVault Labs

Secure Your AWS Environment

USM Anywhere provides complete cloud security management for your AWS environments. It includes all of the essential capabilities for monitoring cloud security and quickly identifying malicious or suspicious activity in your AWS cloud infrastructure.

Watch a Demo ›