Amazon Web Services (AWS) Security Monitoring with Securonix

These days it is quite common for enterprises to run workloads in the cloud. However, as organizations make this transition security of the business-critical applications and data is a key challenge.

Monitoring the security events in your cloud infrastructure is critical in order to detect and mitigate cyber threats before they lead to a major cyber incident or a data breach.

AWS is a mature public cloud vendor with a large variety of services. Securonix integrates with AWS services in order to access event information, allowing for context determination and the clear identification of threats, threat hunting and automated incident response.

Securonix integrates with AWS services in order to access event information
Securonix for AWS

Solution Benefits

  • Streamlined, direct API integration enables fast event gathering.
  • Complete AWS log coverage, including Amazon Virtual Private Cloud (VPC), Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), login, and API events.
  • Enrichment of data with additional context for threat modeling.
  • Out-of-the-box bi-directional integrations for Amazon Simple Storage Service (S3), Amazon CloudWatch, and Amazon GuardDuty.
  • Data Insights: Securonix for AWS enables you to visualize activities and changes in your AWS infrastructure with out-of-the-box dashboards and reports that can be easily customized.

Streamlined Integration

Multi-point API integration allows you to collect relevant events from multiple data sources.

Context Enrichment

Events are enriched with additional context.

Threat Modeling

Detect suspicious behavior patterns which indicate an advanced threat.

Data Insights

Visualize activities and changes with customizable dashboards and reports.

Securonix Integration with AWS

Securonix security monitoring for AWS monitors various AWS components for signs of advanced threats and targeted attacks.

Securonix collects and analyses logs across various AWS activities including:

Securonix Integration with AWS
Common Use Case Scenarios

Common Use Case Scenarios

Securonix security monitoring for AWS enriches and correlates events from AWS with contextual data and event logs from other on-premises and cloud data sources in order to monitor for insider and cyber threat patterns.

Key use cases include:

  • Unauthorized access such as a login from a rare IP or geolocation, a spike in failed logins, a land speed anomaly, or a malicious IP.
  • Amazon EC2 configuration anomalies such as a spike in instance creation or deletion, suspicious admin activities, or a rare instance.
  • Suspicious AWS IAM activity such as suspicious user creation, admin privilege changes, password policy changes, or rare privileged activity.
  • Anomalous API connections including from a rare IP or geolocation, or a malicious IP address.
  • Suspicious Amazon VPC traffic including port scans or connections on anomalous ports.

Threat Modeling by Correlating Alerts

Securonix threat models stitch together indicators of compromise across data sources – including AWS – in order to detect targeted attacks.

For example, when it comes to a cryptojacking attack, some indicators of compromise that Securonix can connect across data sources could include:

  • A suspicious console login, such as a login from a rare location or a land speed violation found in the AWS console logs.
  • A related permission elevation found in the AWS IAM logs.
  • A spike in start instances in AWS or rare start instances found in the Amazon EC2 configuration logs.
  • AWS CloudTrail logging being disabled according to the AWS IAM logs.
Threat Modeling by Correlating Violations from Other Systems
3l

Data Insights

Securonix security monitoring for AWS enables you to visualize activities and changes in your AWS infrastructure with out-of-the-box dashboards and reports that can be easily customized.

AWS Validated Security Competency

Securonix has achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that Securonix has demonstrated technical proficiency and proven customer success in delivering SIEM as a service on the AWS platform.

Achieving AWS Security Competency differentiates Securonix as an AWS Partner Network (APN) member that offers specialized software designed to help organizations adopt, develop, and deploy complex security projects on AWS. To receive the designation, APN partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

AWS Advanced Technology Partner Security Competency Badge

Securonix Fusion Partner Program

Securonix Fusion Partners, such as AWS, are committed to providing you with robust integrated solutions.