Note: The product mentioned in this blog, AlienVault USM for AWS, is no longer being sold. Learn more here.
Today we are launching USM for AWS, our newest offering focused on providing threat detection and incident response for AWS. We have had the ability to monitor AWS environments in our core USM product line for almost two years now, however when we started really digging into what we needed to do to provide good security visibility in AWS we started this new project. All environments are not made the same, and AWS is certainly not like traditional data-centers. When we make the transition to the cloud we are no longer managing our security alone, we share that responsibility with our cloud provider. There are many implications to this security model discussed at length in a blog post coming soon, but the most important take-away is the technology we have used is not the best solution for cloud-environments. In our new offering we have built a completely cloud-native solution that:
- Monitors the AWS CloudTrail API Audit log for indicators of malicious activity and abnormal usage of the AWS API
- Assesses your AWS infrastructure to identify insecure configurations and usage of AWS security features
- Performs fully automated, authenticated vulnerability scans of all of your machines
- Automates the Asset discovery of instances in your environment leveraging the AWS API
- Provides automatic analysis of your Load Balancer and S3 access logs
- Provides deep windows event monitoring for advanced threat detection
We are really excited about this new offering and our initial customers have had experienced a time from installation to results in under 10 minutes. Using our CloudFormation template users can automatically provision USM for AWS, configure the appropriate access control, and set up encrypted data storage in a few simple clicks. Anyone who has an AWS environment can get this up and running and start answering questions like:
- What users are accessing the API?
- Where are they signing in from?
- Who terminated the machine I was working on last night?
- Did anyone mess with my security groups?
- Did a developer open up a port to debug my production machines?
- Has anyone compromised my API credentials?
- Are my windows servers communicating with known command and control servers?
- Are hackers scanning my infrastructure?
- Do any of my machines have known vulnerabilities?
Here is a sneak peek of the USM for AWS product from AlienVault:
We look forward to working with you all with this new offering - if you would like to start a 15 day trial, the offering is on the AWS Marketplace. If you would like to learn more about the product check out our new product page and solution brief.
Here's the press release.