Alert Logic has extended its network intrusion detection system (IDS) capabilities for Amazon Web Services (AWS) by integrating it with AWS IAM Access Analyzer, in a move intended to improve the visibility DevOps have for deployments on AWS’ cloud.
The new capability analyzes resource policies to help administrators and security teams protect their resources from unintended access, the company said. The IDS is configured to send notifications through the Alert Logic Console that an externally shared resource must be verified by a customer as being authorized and having appropriate permissions.
Announced during AWS’ annual Re:Invent user conference, held in Las Vegas last week, the IAM Access Analyzer capabilities — with more features to come, the company said — is intended, among other things, to help DevOps have control over data on AWS’ cloud, especially for highly sensitive sensitive data, such as customer records.
“It can be difficult to manage resources shared outside of an AWS account owner’s environment and complexity grows with the size of the AWS deployment. Resources that are shared with unauthorized principals or permissions that are too broad and are often not detected as potential threats to investigate, ” Onkar Birk, Alert Logic’s senior vice president of product strategy and engineering, told The New Stack. “AWS IAM Access Analyzer helps organizations monitor external access to resources in their accounts, detect unauthorized sharing of resources and provides a simple interface to launch an investigation into the nature of externally shared resources.”
Many organizations struggle with aggregating different security and IDS systems in place. Alert Logic’s IDS concept also consists of creating a single interface for security monitoring. “Alert Logic’s integration with AWS IAM Access Analyzer continues our commitment to help bring security telemetry and intelligence from AWS into a single pane of glass from which our customers can manage potential threats to their AWS environments,” Birk said.
With cloud-first initiatives becoming commonplace, IT departments face challenges adhering to compliance mandates while managing externally-shared resources — another reason why improving visibility for cloud deployments is critical, Chris Noell, head of product management for Alert Logic, said. “Visibility is key to any threat detection effort, particularly in dynamic cloud and hybrid IT environments,” Noell said. “By notifying customers in near real-time of the resource being shared externally we allow IT teams to respond rapidly when necessary thereby thwarting or minimizing the impact of costly, damaging and potentially high-profile breaches.”
Automation also plays a key role in the process, Birk said. “All event-driven security architectures rely on automation, as does Alert Logic’s integration with AWS IAM Access Analyzer. Alert Logic utilizes a combination of cloud-native services in AWS to deliver the AWS IAM Access Analyzer integration including Amazon CloudWatch Events, AWS Lambda and AWS CloudFormation,” Birk said. “Automation also plays a role in processing AWS IAM Access Analyzer findings in the Alert Logic solution and displaying them alongside remediation items from our other AWS integrations, such as Amazon GuardDuty.”
According to the Forrester Research report “The Forrester Tech Tide: Zero Trust Threat Detection And Response” released earlier this year, Alert Logic’s IAM access analyzer’s suite of tools for AWS has been shown to help improve threat detection:
“While preventive controls play an important role in helping an organization become more resilient to attack, detection capabilities are critical for identifying ongoing attacks that may have evaded such preventive controls. The Alert Logic integration with AWS IAM Access Analyzer focuses on enabling threat detection by leveraging visibility exposed by the AWS IAM Access Analyzer service.”
Amazon Web Services (AWS) is a sponsor of The New Stack.
Feature image via Pixabay.