An Automated Threat Detection Solution Purpose-built for the AWS Shared Security Model
As more companies move critical business applications to the cloud, security of those applications and data remains paramount. But many companies are not aware of their responsibility for security in cloud environments such as AWS.
AWS operates on a shared responsibility model for security. This means that while Amazon secures its infrastructure, the customer is responsible for the security of their applications, content, and systems. You need a security provider that has designed a solution specifically for the AWS shared responsibility environment.
AlienVault USM Anywhere with its AWS-native sensor is a purpose-built solution for the AWS environment and provides you with essential threat detection, monitoring and security analysis capabilities for your AWS instances.
AlienVault USM Anywhere secures your AWS environment with these critical features:
Automated Asset Discovery, Vulnerability Assessment, and Event Correlation
- Automatically scan your AWS environment including assets, security groups, and configurations
- Manage all configuration, analysis and reporting from a single console
- Automatically alert on and correlate events
Purpose-built Solution for AWS
- Scales with you as you scale up your environment
- Preconfigured CloudFormation templates for easy sensor installation
- Automated monitoring of CloudTrail, S3 and ELB Access Logs
Integrated Threat Intelligence Updates
- Regular threat intelligence updates accelerate your ability to spot the latest threats
- Pre-built, customizable correlation rules eliminate the need for you to create your own
- Focus on responding to threats rather than researching every alert
Automated Asset Discovery, Vulnerability Assessment,
and Event Correlation
AWS operates on a shared responsibility security model, which means that while Amazon secures its infrastructure, you are responsible for the security of your applications, content, systems and networks.
This means that you are responsible for everything you deploy on top of AWS and for properly configuring AWS security features. And while Amazon supplies many tools to assist you with security, such as Security Groups and CloudTrail, the tools lack certain security capabilities that you need to have, including log management, configuration management, and vulnerability scanning.
AlienVault USM Anywhere with its AWS-native sensor is a purpose-built security monitoring solution for the AWS environment that compliments the AWS shared responsibility model to provide you with essential threat detection, monitoring and security analysis capabilities for your AWS infrastructure. USM Anywhere automatically scans your AWS environment to detect assets, assess vulnerabilities and identify any misconfigurations on your instances or with you configuration of AWS itself. You get automated monitoring, alerts and event correlation. And you can manage all configuration, analysis and reporting from a single console.
Purpose-built Solution for AWS
Given the requirements of the AWS shared responsibility model, you need a security solution designed specifically for the AWS environment. Purpose-built for the AWS shared responsibility model, USM Anywhere with its AWS-native sensor automatically detects and secures your AWS instances and provides continuous monitoring. USM Anywhere supplies preconfigured CloudFormation templates to simplify provisioning of new sensors, allowing you easily expand the coverage you need as your environment scales. And USM Anywhere provides analysis of your use of built-in security features like AWS CloudTrail and Amazon EC2 Security Groups, delivering immediate insight into potential issues in your environment.
USM Anywhere also monitors and controls access to the Amazon API, which is essential given that the Amazon API controls all actions taken in your AWS environment. And finally, USM Anywhere scales with you as you add new instances to your AWS environment, allowing you to scale your threat detection and response capabilities.
Integrated Threat Intelligence
AlienVault Threat Intelligence is information about malicious actors, their tools, infrastructure and methods, and is an essential component to any effective security program. And very often, it is too resource intensive and too costly for organizations to invest in effective Threat Intelligence. That’s where the Threat Intelligence produced by AlienVault Labs and the Open Threat Exchange (OTX) steps in. The team is constantly performing advanced research on current threats and developing updates to AlienVault USM Anywhere’s threat intelligence. The Labs team incorporates this expertise into the library of correlation rules that are included with the AlienVault USM Anywhere platform.
AlienVault eliminates the need for you to conduct your own research and to write your own correlation rules. The constant updates from AlienVault Labs enable the AlienVault USM Anywhere platform to analyze the mountain of event data from all of your AWS data sources and tell you exactly what are the most important threats facing your AWS environment right now, and what you need to do about them.