As the cloud has matured and become a preferred platform for computing, attackers have shifted strategy as well. Cyber criminals continue to exploit web applications deployed on AWS at an alarming pace—in part because the web application vulnerabilities and AWS environment misconfiguration errors present weak links in the chain. The most recent Verizon DBIR (Data Breach Investigation Report) found a 300 percent increase in web app attacks in just the last three years. That’s where Amazon GuardDuty and Alert Logic Cloud Insight Essentials come in.
Amazon GuardDuty, unveiled today at the AWS re:Invent conference, provides customers with a continuous security monitoring service that identifies unexpected and potentially malicious activity within AWS environments. GuardDuty will help AWS customers detect things like escalation of privileges, use of exposed credentials, or communication with malicious IPs, URLs, or domains.
The threat findings from GuardDuty are machine-oriented outputs that require an operational security solution to provide context. Customers will still need a process and workflow to determine the nature of the threat, the potential impact to sensitive assets, and guidance for the most appropriate immediate action to contain the attack, followed by optimum actions to prevent it from happening to the same or similar assets again.
Cloud Insight Essentials
Alert Logic developed Cloud Insight Essentials (CIE) to apply deeper understanding and deliver actionable intelligence based on the GuardDuty findings. It is fully-integrated with Amazon GuardDuty and provides you with the context you need to remediate and prevent exposures. You get clear threat explanations with topology visualizations of impacted resources including relevant tags and VPC (virtual private cloud) location.
Cloud Insight Essentials is a native AWS Vulnerability Scanning service that shows you why, where and how to respond to Amazon GuardDuty findings, while continuously discovering and assessing your AWS configurations to find exposures and provide easy to understand actions that prevent future compromises. CIE allows you to take full—and fast—advantage of GuardDuty findings by enriching and prioritizing the information, and providing recommendations for efficient remediation actions to help you respond quickly and prevent similar attacks targeting your workloads on AWS.
Maximize the Value of Amazon GuardDuty
Amazon GuardDuty provides an important service for AWS customers. Knowing that suspicious or malicious activity is happening is only the first step, though—you also have to do something about it. Alert Logic Cloud Insight Essentials enables you to make the most of the GuardDuty findings by giving you the information and guidance necessary to respond faster and more effectively.
CIE is part of the Alert Logic portfolio of security-as-a-service solutions—another example our commitment to providing leading security solutions for AWS customers. Cloud Insight Essentials is a valuable cloud security solution that provides AWS users with the visibility to both prevent and respond to active threats, packaged at an aggressive price point and accessible in minutes from AWS Marketplace.