Sophos and AWS collaborate to provide rapid response to cloud threats

Credit to Author: Rich Beckett| Date: Tue, 03 Dec 2019 20:03:27 +0000

To stop advanced cyber threats targeting public cloud data and workloads, you need to ensure your cloud resources are configured correctly – and importantly, know how they can be accessed.

Cloud Optix has already transformed the way organizations address challenges around public cloud visibility and threat detection. So we’re over the moon to support the latest advancements in public cloud security with the launch of Amazon Detective and AWS Identity and Access Management (IAM) Access Analyzer at AWS re:Invent 2019, which gives you a smart way to further meet these challenges.

If you can’t see it, you can’t secure it

Cloud Optix answers a critical market need for visibility into these long-standing and risky blind spots.

Artificial intelligence is used to automate detection and response of cloud architecture security vulnerabilities and misconfigurations. Security teams gain complete visibility into everything they have in the cloud and the ability to respond and remediate security risks in minutes.

Available in Amazon Web Services (AWS) Marketplace, Cloud Optix provides automatic discovery of an organization’s assets across hybrid cloud environments, including AWS, native and managed Kubernetes clusters (Amazon EKS), and Infrastructure-as-Code environments.

Now, with the latest integrations showcased at AWS re:Invent 2019, Sophos is taking this up a notch, accelerating threat investigation with Amazon Detective, and launching the latest capabilities around IAM Access Analyzer.

Connecting activity to spot threats sooner

If you’re managing security over separate AWS accounts, you know how hard it is to connect the dots from different security findings. This is one way attackers get in – after all, they only need to get lucky once.

But, this is also where Amazon Detective comes into its own. Identifying activity such as failed logon attempts or suspicious API calls, it enables rapid investigation of patterns in behavior that is simply not possible for busy security teams to do manually.

But, this is also where Amazon Detective comes into its own. Identifying activity such as failed logon attempts or suspicious API calls, it connects disparate actions across your AWS accounts with ease and enables rapid investigation of patterns in behavior, which is simply not possible for busy security teams to do manually.

By providing detailed visualizations and analysis, Amazon Detective allows you to understand the root cause of a security finding, as well as the resources affected, so you have the context needed to decide if activities are malicious.

Identify unintended access in seconds

Who has access to my S3 buckets? Can an external account assume my IAM role and access or delete my sensitive data? Good questions… wait a minute, let me check.

Well, you don’t have time for that, but IAM Access Analyzer does.

It provides a smart approach to the discovery of cross-account and external account S3 access, giving you the power to analyze hundreds or even thousands of policies across AWS environments in seconds within Cloud Optix. This provides you with the detail and context needed to quickly determine if resource policies have been misconfigured to allow unintended public or cross-account access – leaving your valuable resources or data exposed.

Secure your cloud with Sophos

As integration launch partner for Amazon Detective and IAM Access Analyzer, Sophos Cloud Optix transforms your AWS security posture.

It delivers the continuous analysis and visibility needed to detect, respond and prevent hidden security and compliance gaps that leave them exposed and provides a single view of security posture across AWS, native and managed Kubernetes clusters (Amazon EKS), and Infrastructure-as-Code environments.

Get the latest Cloud Optix updates at @SophosDevOps.

http://feeds.feedburner.com/sophos/dgdY