Integrated controls partners - Management and Governance Cloud Environment Guide

Integrated controls partners

The M&G Guide recommends you consider the following questions when choosing an AWS Partner solution for controls:

  • Does it integrate with lifecycle events for AWS Control Tower?

  • If controls are provided, are they updated on a regular basis?

  • Does it support multiple AWS Regions?

  • Can it be provisioned from an infrastructure as code template that is distributed from a service catalog?

  • Does it integrate with an observability solution?

  • Can changes be tracked automatically, or integrated to your service management tool?

The following controls partners have built integrations with AWS services, and are available to be provisioned from AWS Marketplace:

Check Point CloudGuard is a comprehensive cloud native security platform for visibility, workload protection, and posture management of cloud workloads and services. CloudGuard provides visualization of cloud assets, including network topology, and firewalls; comprehensive compliance management including automated continuous compliance to help assess and enforce regulatory requirements and security best practices; open-source auto-remediation to accelerate the resolution of dangerous misconfigurations and enforce compliance; automated reversion of unauthorized modifications to cloud accounts; and just-in-time privileged elevation with out-of-band authorization for IAM actions. Checkpoint findings are also integrated to AWS Security Hub.

CloudCheckr CMx is a unique, end-to-end governance solution that enables users to optimize security and monitor their compliance, while enacting self-healing automation to remediate security vulnerabilities and compliance gaps. CloudCheckr provides users with hundreds of security and performance optimization recommendations and dozens of options to fix security and resource utilization issues automatically anytime they are detected.

Cutover is a work orchestration and observability platform that allows teams to plan, orchestrate, and analyze complex workflows. It integrates with AWS Control Tower to accelerate your migration, drive effective governance, reduce risk, and help ensure standardization. The automation runbooks in Cutover work with existing toolsets to allow teams to achieve full visibility, control, and streamlined communications across their multi-account AWS environments.

Flexera offers a powerful policy engine that enables your cloud governance teams to manage and control cloud use with out-of-the-box and custom policies to automate governance of costs, operations, security, and compliance.

Kion is a comprehensive enablement software solution that delivers visibility and control of cloud workloads. Kion provides out-of-the box compliance checks to help enterprises auto-align with established standards like NIST and CIS, and delivers the flexibility to create custom checks. Auto-remediation and integrations with AWS Security Hub are also available. Kion allows enterprises to manage their cloud presence at scale with automation and orchestration, financial management, and continuous compliance.

Palo Alto Networks Prisma Cloud unifies Cloud Security Posture Management (CSPM) and workload protection (CWPP) into a single cloud native security platform. Continually monitor your environments and immediately enforce governance with hundreds of pre-built policies. Prisma Cloud ingests AWS APIs and sources threat intelligence from over 30 feeds to provide comprehensive visibility. Risk-ranked alerts prevent remediation fatigue and one-click compliance reporting helps ease auditing across even the most complex distributed environments. Prisma findings are also integrated to AWS Security Hub.

Sonrai Dig is an enterprise cloud security platform providing complete visibility across all multi-account AWS environments. Dig’s CSPM capabilities provide continuous, audit-based monitoring giving comprehensive visibility and control over the security posture of every cloud resource and identity. Detect drift and misconfigurations on identities, data stores, or a particular cloud resource to help ensure that compliance is baselined, monitored, and met.

Trend Micro Cloud One - Conformity is a cloud security posture management service that helps you fulfill your side of the shared responsibility model with continual security, compliance, and governance checks. With almost 1,000 cloud configuration checks out of the box that are mapped back to industry best practices, such as the AWS Well-Architected Framework, SOC2, NIST, CIS, PCI DSS, GDPR, and HIPAA, it provides a consistent approach to building cloud architectures that can scale over time. Infrastructure as code (IaC) template scanning also ensures deployment of the most secure and compliant templates aligned with industry best practices when building in the cloud.