Integrated security management partners - Management and Governance Cloud Environment Guide

Integrated security management partners

The M&G Guide recommends you consider the following questions when choosing an AWS Partner solution for security management functions:

  • Is the solution from an AWS Security Competency Partner?

  • Does the solution support multi-account, and work across all your required AWS Regions?

  • Are security findings aligned to your controls surfaced with appropriate remediation steps? Is this auditable?

  • Does the AWS Partner incorporate new threat vectors, maintain and manage their own findings, and add them to the operations tools on a regular basis?

  • Does the solution provide analysis and troubleshooting tools for security operations teams?

To help improve the security posture across a multi-account environment, you need to implement security functions, such as vulnerability assessment, firewalls, and intrusion prevention. AWS Marketplace offers integrated software solutions for AWS Control Tower that help enterprises secure diverse workloads and provide broader visibility into assets, events and vulnerabilities.

Alert Logic Managed Detection and Response (MDR) is always on, providing protection across your entire organization through five key elements: intelligence driven by data and humans, a scalable MDR platform, security experts named to your account, security insights at your fingertips, and protection tailored to each asset in your environments.

Aqua Security SaaS provides a SaaS-based, cloud security posture management (CSPM) solution for AWS Control Tower. Aqua CSPM continually audits your AWS accounts for security risks and misconfigurations. This is performed across hundreds of configuration settings and compliance best practices, enabling consistent, unified multi-account security. It also provides self-securing capabilities to help ensure your cloud accounts do not drift out of compliance by applying a policy-driven approach.

Cloud Custodian is a tool that unifies the dozens of tools and scripts most enterprises use for managing their public cloud accounts into one open source tool. It uses a stateless rules engine for policy definition and enforcement, with metrics, structured outputs and detailed reporting for clouds infrastructure. Cloud Custodian's integration with Security Hub allows it to both send findings to Security and receive findings for response and remediation actions.

Crowdstrike Falcon Endpoint Protection uses advanced artificial intelligence (AI), machine learning, behavioral protection, kernel level visibility and proactive threat hunting to identify potential attacks in real time. For enterprises who are adopting or migrating to cloud workloads, CrowdStrike Falcon Endpoint Protection provides comprehensive visibility and breach protection allowing you to rapidly adopt and secure technology across any workload.

ExtraHop Reveal(x) 360 provides multi-layered visibility, threat detection, and investigation in AWS via integrations with Amazon VPC Traffic Mirroring for packet-level visibility and VPC Flow Logs for broad coverage. ExtraHop is an AWS Security Competency Partner and offers a free trial of Reveal(x) 360. To learn more, see Reveal(x) 360 in the AWS Marketplace. AI-Powered ELK-as-a-Service is a cloud-native observability platform providing unified monitoring, troubleshooting, and security for distributed cloud environments. Intelligent log analytics help engineers and businesses resolve incidents faster and simplify cloud security.’s analytics and optimization tools help businesses reduce overall logging expenses and identify production and security incidents in real time.

Palo Alto Prisma Cloud provides cloud security posture management (CSPM) and cloud workload protection (CWP) as a single pane of glass for comprehensive visibility and control. Securely provision automated account registrations, continual governance, and enterprise-wide management of multiple AWS accounts in just a few clicks. Prisma Cloud also extends cloud automation to integrated Lambda serverless remediation and manages it through a common policy and governance framework.

Prowler is a security assessment tool that gives customers direct insights into the security best practices of their AWS infrastructure. Customers can run Prowler to continuously monitor their security status. The main differentiators between Prowler and other existing services or solutions are the number of checks that are included out-of-the-box; no configuration needed to get insights; and no direct cost associated to its use. Prowler's checks follow guidelines from the CIS Amazon Web Services Foundations Benchmark and performs additional checks related to GDPR, PCI, and HIPAA. Prowler supports natively sending findings to AWS Security Hub.

Qualys The Qualys integration with AWS Security Hub provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as the compliance to CIS, PCI, NIST, HIPAA, and security policies of their Instances and AMIs. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda.

Rapid7 InsightVM, a vulnerability assessment solution, uses the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS Cloud.

Sonrai Dig is an enterprise cloud security platform providing complete visibility across all multi-account AWS environments. Built on our patented graph, Dig combines platform (CSPM), identity (CIEM), and data (Cloud DLP) controls, delivering speed and security where it matters in your cloud apps. Maturity Modeling effectively addresses alert fatigue by providing workload/environment context, while our Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams improving operational efficiency and ensuring end-to-end security.

Splunk Cloud’s integration into AWS Control Tower allows administrators to automatically configure and set up AWS services. Data from AWS CloudTrail, AWS Config, and other sources can be incorporated into your Splunk deployment using Firehose and Splunk HTTP Event Collector (HEC). With Splunk Cloud, you can automatically collect data from newly vended AWS Accounts and dashboards and alert compliance with AWS Control Tower guardrails.

Sumo Logic Cloud-Native Machine Data Analytics pulls in critical operational data across services and accounts to give a unified view of AWS environments. Easily navigate from overview dashboards into account, Region, Availability Zone, or service-specific views. Intuitive navigation across logs and metrics data ensures that teams can quickly resolve issues, minimize downtime, and improve system availability. The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights.

Sysdig Secure helps cloud and security teams detect and respond to threats, and manage cloud configurations, permissions, and compliance. Integration with AWS CloudTrail enables customers to protect existing and newly enrolled AWS accounts via AWS CloudTrail logs. Sysdig detects anomalous activity across AWS workloads with out-of-the-box policies based on open source Falco.

Tenable Vulnerability Management for Modern IT, provides the most accurate information about assets and vulnerabilities in your IT environments. Available as a cloud-delivered solution, features the broadest vulnerability coverage, intuitive dashboard visualizations for rapid analysis, and seamless integrations that help you maximize efficiency and increase effectiveness.

Trend Micro Cloud One - Workload Security is purpose-built for server, cloud, and container environments, providing visibility across your entire hybrid cloud. Automatically protect against vulnerabilities, malware, and unauthorized changes with a wide range of powerful and intelligent capabilities. Workload Security automatically integrates with the DevOps toolchain and includes a rich set of REST APIs, which facilitate deployment, policy management, health checks, and compliance reporting.