AlienVault Environment

AWS Security Monitoring and Compliance Management:

AlienVault USM Anywhere delivers security and compliance management for the cloud in the cloud.

Simple, Scalable AWS Security and Compliance

Essential Security Capabilities for the Cloud

Most enterprises - whether large or small - are quickly reaping the benefits of the cloud. Cloud service providers, like Amazon Web Services (AWS), offer flexibility and scalability to businesses in every industry.

Unfortunately, IT security pros lose visibility and control over the data flowing in and out of the cloud, as well as when and how new workloads and instances are spun up. Yet, they’re still responsible for AWS security and compliance.

The AWS shared responsibility model establishes that infrastructure security is Amazon’s responsibility and everything else is up to the customer. Specifically, the customer is responsible for protecting data within applications, monitoring how users are accessing this data, detecting threats, and implementing AWS incident response.

Unfortunately, traditional, network-centric security capabilities (e.g. intrusion detection) fall apart when migrated to the cloud, and some like vulnerability assessment - are prohibited by Amazon unless an AWS Vulnerability / Penetration Testing Request Form is filled out and approved.

AlienVault USM Anywhere overcomes these security and compliance challenges and more. In fact, we’ve optimized our AWS sensor to address the biggest cloud security issues in the simplest way.

Designed for AWS environments, AlienVault USM Anywhere delivers essential security capabilities in a way that makes sense in the cloud. It allows you to identify threats in real-time, scan for vulnerabilities, and respond to incidents to reduce risks and demonstrate compliance, no matter where your data, apps, or users roam.

Monitor, Detect, and Investigate AWS Security Issues

• Immediately discover new AWS assets or misconfigurations
• Detect and alert on abnormal behavior within AWS (e.g. instances being spun up or down at odd times)
• Run continuous vulnerability assessments

Accelerate and Demonstrate AWS Security Compliance

• Deploy in minutes to gain immediate visibility - before your next audit
• Run detailed reports on AWS security and compliance for PCI DSS, ISO 27001, NERC CIP, and more

Integrate Your AWS and On-Premises Security Policy

• Eliminate blind spots by unifying security monitoring for all assets, wherever they reside
• Respond to incidents quickly - everywhere - with integrated threat intelligence from the AlienVault Labs Security Research Team

Monitor, Detect, and Investigate AWS Security Issues

According to Gartner Research, "Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities." It's not the nature of the cloud that introduces security risks, but rather the lack of control that it brings. Anyone in your organization (with a credit card) can deploy new applications, exposing your company and its data to risk - and you may never even know about it. And yet, you’re still responsible for protecting this data.

To do that, you need to know things like:

• Which users are accessing AWS workloads?
• Where are they signing in from?
• Are hackers scanning my infrastructure?
• Has anyone compromised my credentials?
• Did anyone mess with my security groups?
• Are my servers communicating with known command and control servers?
• Do any of my machines have known vulnerabilities?

USM Anywhere gives you the essential visibility and control you need for AWS security and compliance. Unlike traditional security approaches that try to retrofit their network-centric approach to an AWS universe, USM Anywhere is optimized for AWS with support for:

• CloudTrail monitoring & alerting
• S3 access log monitoring & alerting
• ELB access log monitoring & alerting
• AWS API asset discovery
• AWS-native cloud intrusion detection
• AWS vulnerability assessment
• AWS infrastructure assessment

Accelerate and Demonstrate AWS Security Compliance

Compliance mandates like PCI DSS and NERC CIP require that you have implemented the essential security controls to protect sensitive data in your environment. Auditors will want to see proof that you know:

• Which assets contain sensitive data
• Who can access this data (and that they are authorized)
• How assets are configured and whether there are any known vulnerabilities present
• What threats exist and how to respond to them

Answering these questions for AWS assets requires that you have the capability to discover new assets, validate Security Group configurations, monitor VPC flow logs, run vulnerability scans and reports, and respond to emerging threats. And bring all that data together in a meaningful way so that you can pass that next audit, as well as maintain a secure posture in this dynamic environment.

USM Anywhere delivers the tools you need in one place so you can achieve a confident security posture and compliance, saving you time and money while benefiting from the speed and agility of AWS. You can deploy USM Anywhere within minutes, and have detailed compliance reports to provide to your auditor as needed.

Integrate On-Premises and AWS Security Policy

Nearly all companies have hybrid environments, where some data and apps have migrated to AWS, and others remain on-premises. In this context, it’s essential to have a complete picture into the security posture of this data, as well as the servers and apps that it flows through. But if you’re managing two separate security monitoring infrastructures - one for on-premises systems and another for AWS - you’re working twice as hard and still missing the big picture.

USM Anywhere overcomes this challenge by unifying security monitoring across environments - whether you’re using AWS, Azure, or have on-premises infrastructure to monitor as well. Plus, as a cloud-based security management solution, you can scale your threat detection and response capabilities as your hybrid environment changes, and pay for only what you need, when you need it. With this level of scalability, you can accelerate AWS incident response as well as reduce cost and complexity.

Secure Your AWS Environment

USM Anywhere provides complete cloud security management for your AWS environments. It includes all of the essential capabilities for monitoring cloud security and quickly identifying malicious or suspicious activity in your AWS cloud infrastructure.

Azure Security Monitoring and Compliance Management:

Cloud-First Security. A Platform Built in and for the Microsoft Azure Cloud.

Track and Demonstrate Azure Security & Compliance

Cloud-first organizations are reaping enormous benefits from using Microsoft Azure for their critical applications and data. Agility, scalability, and easy user access are all at the heart of the cloud’s appeal.

The downside is that with these benefits, IT security teams are forced to rethink their security and compliance strategy. Cloud apps and services offer the user more freedom, but they create huge blind spots for IT security. Yet, they’re still responsible for Azure security and compliance.

The question for every IT security professional is how to extend your reach beyond on-premises security monitoring to Azure security monitoring without having to rely on different tools and monitoring approaches?

AlienVault USM Anywhere extends the reach of IT security beyond on-premises applications, data and user activity. Purpose-built for cloud security monitoring, USM Anywhere combines essential security capabilities to address Azure security concerns for risk reduction and improved compliance.

What’s more - USM Anywhere provides single pane-of-glass visibility - whether your workloads are in Azure, AWS, on-premises on virtual machines (Hyper-V, VMware, etc.) - or all of the above.

Detect and Investigate Azure Security Concerns

• Immediately discover new Azure instances or misconfigurations
• Alert on abnormal behavior within Azure based on continuously delivered threat intelligence from AlienVault Labs
• Safely execute vulnerability scans on cloud infrastructure with cloud-native sensors

Monitor and Demonstrate Azure Security Compliance

• Deploy in minutes - just in time for your next audit
• SIEM for real-time compliance reporting and analysis (integrated with Azure Monitor REST API)
• Monitor Azure security compliance for PCI DSS, NERC CIP, and more

Unify On-premises and Cloud Security Monitoring

• Eliminate blind spots by unifying security monitoring for all assets, wherever they reside
• Pinpoint threats and respond to incidents quickly with integrated threat intelligence from AlienVault Labs

Detect and Investigate Azure Security Concerns

Moving your critical applications and workloads to the Azure cloud reaps a number of benefits for you and your business, but it can also expose you to new risks. As defined by the Microsoft Azure shared responsibility model, the cloud provider offers physical and infrastructure security as well as some basic network controls, but leaves the responsibility of application and data security to their customers.

It’s up to Azure customers to detect and investigate security threats to their data, applications, and workloads. The challenge is that many traditional security monitoring approaches lack an understanding of the Azure environment, or how to take advantage of the unique aspects of the cloud.

Thankfully, AlienVault USM Anywhere combines essential security capabilities such as asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM into a single cloud-based, SaaS-delivered service built to effectively monitor the Azure cloud.

The AlienVault USM Anywhere sensor has been architected to work directly with native Azure monitoring capabilities (e.g. Azure Insights, now called Azure Monitor) so that you can answer key questions like:

• What users are accessing Azure workloads? When? From where?
• Are attackers probing my Azure infrastructure?
• Has anyone compromised my credentials or workloads?
• Are my servers communicating with known command and control servers?
• Is there other activity (e.g. unusual system behavior) that could signal an attack?
• Do any of my machines have known vulnerabilities?

USM Anywhere gives you the essential visibility and control you need for security and compliance in your Azure environment. Insights on the latest threats are automatically delivered via AlienVault Labs Threat Intelligence, so that you can spot and investigate these risks before they impact your business. USM Anywhere is optimized for Azure with support for:

• Azure API asset discovery
• Azure Monitor alerting
• Azure infrastructure assessment
• SIEM and Azure log analysis
• Integrated Threat Intelligence from AlienVault Labs Security Research Team

Monitor and Demonstrate Azure Security Compliance

Compliance mandates like PCI DSS and NERC CIP require that you have implemented essential security controls to protect sensitive data in your environment, such as cardholder data or sensitive financial information. And of course, this remains a requirement regardless of where this data resides – on-premises in your physical data center, in the Azure cloud, or both.

In order to pass your next audit, you’ll need to demonstrate that you know which Azure workloads contain “in scope” data, how that data is accessed, and whether there are known vulnerabilities associated with the apps, servers, and machines that process or store that data. You’ll also need to demonstrate that you can respond to any threats as they emerge.

Providing this level of insight for Azure workloads requires that you can discover new instances, validate machine configurations, monitor logs, run vulnerability scans, and respond to emerging threats. And bring all of that data together in a meaningful way so that you can run comprehensive compliance reports as well as maintain a secure posture in this dynamic environment.

AlienVault USM Anywhere delivers just what you need to be compliance-ready, saving you time and money while benefiting from the speed and agility of the cloud. You can deploy USM Anywhere within minutes, and have rich, customizable views of your security data to provide to your auditor when you need it.

Unify On-Premises and Cloud Security Monitoring

Most companies have hybrid environments, where some data and apps have migrated to Azure, and others remain on-premises. In this scenario, it’s essential to have a complete picture into the security posture of this data, such as its host machine configurations, user access and activity, system vulnerabilities, so that you can detect and stop any advanced threats to that data. But if you’re managing two separate security monitoring infrastructures - one for on-premises systems and another for Azure - you’re working twice as hard and still missing the big picture.

USM Anywhere overcomes this challenge, by unifying security monitoring across environments - whether you’re using Azure, AWS, or both. Plus, as a cloud-based security management solution, you can scale your threat detection and response capabilities as your hybrid environment changes, and pay for only what you need, when you need it. By unifying security monitoring, USM Anywhere delivers simplified and scalable security and compliance.

Hybrid Cloud Security:

Complete Visibility of Your Hybrid Cloud Environments from a Single Pane of Glass

The rising popularity of hybrid cloud infrastructure presents a significant challenge for security professionals. Though many organizations find that their infrastructure needs are best met with a combination of on-premises, private cloud, and public cloud environments, traditional security solutions that were not built with the cloud in mind are difficult to adapt for hybrid cloud security.

While one of the benefits of public cloud architecture is that it mitigates certain traditional security risks, some of the features that make cloud infrastructure more secure also make it impossible to, for example, monitor network traffic via a SPAN port. At the same time, the elastic nature of cloud environments introduces new security concerns that must be considered within a hybrid cloud security plan.

Securing the hybrid cloud calls for a balance between traditional security practices and new methods that account for the requirements of public cloud infrastructure. Organizations with hybrid cloud infrastructure must seek out solutions that are built to take advantage of the unique security controls cloud service providers have created. In addition, many traditional network security needs may still apply and should be integrated into a cohesive hybrid cloud security plan.

AlienVault USM Anywhere provides complete visibility of your security posture across your on-premises, private cloud, and public cloud environments, leveraging purpose-built cloud sensors with direct hooks into cloud APIs to address cloud-specific security needs. USM Anywhere integrates essential security capabilities within a single platform, including asset discovery, vulnerability scanning, intrusion detection, behavioral monitoring, SIEM, log management, and continuous threat intelligence.

Full Visibility of Your Security Posture with Security Tools Built in the Cloud, for the Cloud

• Get complete access with cloud-native sensors for AWS and Azure
• Detect intrusions in the cloud with cloud IDS
• Manage cloud data with graph-based analytics

Easily Monitor Activity within the Cloud

• Put user activity at your fingertips with cloud access logs (Azure: Monitor, AWS: CloudTrail, S3, ELB)
• Make sense of cloud activity with correlation rules

Comprehensive On-premises, Private Cloud, and Public Cloud Security in One Unified Solution

• Asset Management
• Vulnerability Scanning
• Behavioral Monitoring
• Intrusion Detection
• SIEM and Log Management

Emerging Threat Intelligence Built into Your Security Plan

• Continuous threat intelligence updates from the AlienVault Labs Security Research Team
• Backed by global threat data from AlienVault Open Threat Exchange (OTX)

Security Tools Built in the Cloud, for the Cloud

Public cloud adoption offers some security advantages, most notably that cloud service providers generally take ownership of securing their own infrastructure through the shared responsibility model. Within this model, the security burden for your public cloud environments is divided between you and the service provider. Providers are responsible for securing the cloud infrastructure they offer, whereas the security of everything deployed within the cloud is completely up to you.

Although this arrangement lifts a portion of the hybrid cloud security burden from your shoulders, it also introduces new challenges. With sole ownership of cloud infrastructure security, service providers have been able to shrink your attack surface by abstracting away the network infrastructure. However, these architectural changes make it impossible for you to use traditional security methods such as network intrusion detection (NIDS) in the cloud.

Without the right monitoring tools to show you what’s happening in the cloud, you’re flying blind. Luckily, USM Anywhere provides everything you need to secure the public cloud, alongside your on-premises and private cloud security.

USM Anywhere gives you the highest possible level of control over your cloud security posture with sensors built to integrate with cloud infrastructure. USM Anywhere sensors hook directly into cloud APIs to leverage the security controls offered by cloud service providers, giving you complete visibility into your cloud environments

Using USM Anywhere, you can identify what is deployed in your cloud environments, scan for vulnerabilities, monitor user activity, detect intrusions, and collect log data to support compliance efforts.

In addition, the high volume of data generated by cloud environments can be overwhelming without the right tools to manage it. USM Anywhere uses a powerful graph-based analytics engine to make your security analysis faster and more effective. As a result, you can view a complete state model of your environment at any given time and even compare different time periods.

Easily Manage Cloud-specific Threats

Hybrid cloud security relies on an understanding of the unique security challenges posed by cloud environments. Unlike network environments, the cloud represents an elastic model, meaning that additional cloud resources can be spun up quickly according to your organization’s needs. This is great for rapidly changing organizations, but it also means that an intrusion or stolen root access key can result in a substantial bill.

Some hybrid cloud threats are specific to public cloud infrastructure, like the stolen root key example. Others apply to both cloud and network environments, but not always in the same ways. For example, your cloud environment may be resilient to a DDOS attack that would cause downtime in a network environment. However, the resources engaged to handle that influx of traffic can affect your monthly bill.

While cloud architecture mitigates some traditional network security threats, many still apply. If an attacker can breach your cloud environment through a vulnerable OS or application, your entire environment can be compromised. To secure your hybrid cloud infrastructure, you need a solution specifically built to address these threats in the cloud.

Control starts with knowing what’s deployed in your environments, which is essential under the shared responsibility model but can be an obstacle in rapidly-changing cloud environments. USM Anywhere allows you to discover assets across your infrastructure, including cloud environments, and stay on top of changes that occur. Once you have an inventory of the assets in your environments, you can perform vulnerability scans to find and patch weak points.

USM Anywhere provides visibility into user activity in the cloud to help you detect cloud-specific threats. Given the dynamic nature of the cloud, it’s important to monitor your cloud environments for suspicious root account logins, changes in security policies and privileges, and other unusual activities.

With USM Anywhere, you can understand which users and systems are interacting with your cloud environments, what assets they have accessed, and what they may have changed. By detecting suspicious activity quickly, you can reduce the time an attacker can use to compromise your organization’s sensitive data—or drive up your monthly bill.

Comprehensive On-premises, Private Cloud, and Public Cloud Security in One Unified Solution

Hybrid cloud security raises the challenge of finding appropriate solutions for the full breadth your infrastructure. Whereas on-premises and private cloud environments call for one set of tools, public cloud security requires purpose-built tools that operate differently than traditional network security solutions.

Layering single-point solutions is a recipe for headaches and high costs. Without a way to integrate all the security functionalities you need, it’s impossible to form a complete understanding of your security posture.

USM Anywhere provides one unified solution for your on-premises, private cloud, and public cloud environments, including the five essential capabilities you need to secure your hybrid cloud infrastructure.

Asset Discovery
Discover and inventory the assets across your network and cloud environments, including AWS, Azure, VMware, and Hyper-V.

Vulnerability Scanning
Detect and remediate vulnerable assets in your cloud and on-premises environments with regularly-scheduled vulnerability scans from within a single solution.

Intrusion Detection
Identify threats with network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection (CIDS), all integrated within a single solution.

Behavioral Monitoring
Detect suspicious behavior with out-of-the-box correlation rules, continuously updated by the expert AlienVault Labs Security Research Team.

SIEM and Log Management
Correlate and analyze security event data from across your cloud and on-premises critical infrastructure to prioritize response efforts and support compliance requirements.