Integrated security management partners
The M&G Guide recommends you consider the following questions
when choosing an AWS Partner solution for security management
functions:
-
Is the solution from an AWS Security Competency Partner?
-
Does the solution support multi-account, and work across all
your required AWS Regions?
-
Are security findings aligned to your controls
surfaced with appropriate remediation steps? Is this
auditable?
-
Does the AWS Partner incorporate new threat vectors, maintain
and manage their own findings, and add them to the operations
tools on a regular basis?
-
Does the solution provide analysis and troubleshooting tools
for security operations teams?
To help improve the security posture across a multi-account
environment, you need to implement security functions, such as
vulnerability assessment, firewalls, and intrusion prevention. AWS Marketplace offers integrated software solutions for AWS Control Tower that help enterprises secure diverse workloads and provide
broader visibility into assets, events and vulnerabilities.
Alert
Logic Managed Detection and Response (MDR) is always on,
providing protection across your entire organization through five
key elements: intelligence driven by data and humans, a scalable
MDR platform, security experts named to your account, security
insights at your fingertips, and protection tailored to each asset
in your environments.
Aqua
Security SaaS provides a SaaS-based, cloud security
posture management (CSPM) solution for AWS Control Tower. Aqua
CSPM continually audits your AWS accounts for security risks and
misconfigurations. This is performed across hundreds of
configuration settings and compliance best practices, enabling
consistent, unified multi-account security. It also provides
self-securing capabilities to help ensure your cloud accounts do
not drift out of compliance by applying a policy-driven approach.
Cloud
Custodian is a tool that unifies the dozens of tools and
scripts most enterprises use for managing their public cloud
accounts into one open source tool. It uses a stateless rules
engine for policy definition and enforcement, with metrics,
structured outputs and detailed reporting for clouds
infrastructure. Cloud Custodian's integration with Security Hub
allows it to both send findings to Security and receive findings
for response and remediation actions.
Crowdstrike
Falcon Endpoint Protection uses advanced artificial
intelligence (AI), machine learning, behavioral protection, kernel
level visibility and proactive threat hunting to identify
potential attacks in real time. For enterprises who are adopting
or migrating to cloud workloads, CrowdStrike Falcon Endpoint
Protection provides comprehensive visibility and breach protection
allowing you to rapidly adopt and secure technology across any
workload.
ExtraHop Reveal(x) 360
provides multi-layered visibility, threat detection, and investigation in AWS
via integrations with Amazon VPC Traffic Mirroring for packet-level visibility and
VPC Flow Logs for broad coverage. ExtraHop is an AWS Security Competency Partner and
offers a free trial of Reveal(x) 360. To learn more, see Reveal(x) 360 in the AWS Marketplace.
Logz.io
AI-Powered ELK-as-a-Service is a cloud-native observability
platform providing unified monitoring, troubleshooting, and
security for distributed cloud environments. Intelligent log
analytics help engineers and businesses resolve incidents faster
and simplify cloud security. Logz.io’s analytics and optimization
tools help businesses reduce overall logging expenses and identify
production and security incidents in real time.
Palo
Alto Prisma Cloud provides cloud security posture
management (CSPM) and cloud workload protection (CWP) as a single
pane of glass for comprehensive visibility and control. Securely
provision automated account registrations, continual governance,
and enterprise-wide management of multiple AWS accounts in just a
few clicks. Prisma Cloud also extends cloud automation to
integrated Lambda serverless remediation and manages it through a
common policy and governance framework.
Prowler
is a security assessment tool that gives customers direct insights
into the security best practices of their AWS infrastructure.
Customers can run Prowler to continuously monitor their security
status. The main differentiators between Prowler and other
existing services or solutions are the number of checks that are
included out-of-the-box; no configuration needed to get insights;
and no direct cost associated to its use. Prowler's checks follow
guidelines from the CIS Amazon Web Services Foundations Benchmark
and performs additional checks related to GDPR, PCI, and HIPAA.
Prowler supports natively sending findings to AWS Security Hub.
Qualys
The Qualys integration with AWS Security Hub provides customers
the ability to consume security and compliance findings about
their AWS Instances and accounts within the AWS Security Hub
console. Customers have access to critical vulnerabilities,
missing patches, open ports, as well as the compliance to CIS,
PCI, NIST, HIPAA, and security policies of their Instances and
AMIs. Customers can also assess misconfigurations of VPCs,
Security Groups, Amazon S3, and IAM against the CIS Benchmark. The
Qualys integration with AWS Security Hub allows customers to
prioritize their risks and automate remediation using services,
such as AWS Lambda.
Rapid7
InsightVM, a vulnerability assessment solution, uses the power of
the Insight platform to provide visibility across your modern
ecosystem, prioritize risk using attacker analytics, and remediate
or contain threats with SecOps agility. With InsightVM,
vulnerabilities are discovered in real time and prioritized
actionably. By integrating InsightVM with AWS Security Hub,
vulnerabilities detected in a business's Amazon EC2 instances are
automatically sent to AWS Security Hub for a holistic view of its
cloud security posture. With additional vulnerability context from
InsightVM, businesses can prioritize its team’s security tasks
more efficiently and reduce measurable risk in its AWS Cloud.
Sonrai Dig is an enterprise cloud security platform providing complete visibility
across all multi-account AWS environments. Built on our patented graph, Dig combines
platform (CSPM), identity (CIEM), and data (Cloud DLP) controls, delivering speed and security
where it matters in your cloud apps. Maturity Modeling effectively addresses alert fatigue by
providing workload/environment context, while our Governance Automation Engine automates
workflow, remediation, and prevention capabilities across cloud and security teams improving
operational efficiency and ensuring end-to-end security.
Splunk
Cloud’s integration into AWS Control Tower allows
administrators to automatically configure and set up AWS services.
Data from AWS CloudTrail, AWS Config, and other sources can be
incorporated into your Splunk deployment using Firehose and Splunk HTTP Event Collector (HEC). With Splunk Cloud,
you can automatically collect data from newly vended AWS Accounts
and dashboards and alert compliance with AWS Control Tower
guardrails.
Sumo
Logic Cloud-Native Machine Data Analytics pulls in critical
operational data across services and accounts to give a unified
view of AWS environments. Easily navigate from overview dashboards
into account, Region, Availability Zone, or service-specific
views. Intuitive navigation across logs and metrics data ensures
that teams can quickly resolve issues, minimize downtime, and
improve system availability. The Sumo Logic Continuous
Intelligence Platform automates the collection, ingestion, and
analysis of application, infrastructure, security, and IoT data to
derive actionable insights.
Sysdig
Secure helps cloud and security teams detect and respond to threats, and manage
cloud configurations, permissions, and compliance. Integration with AWS CloudTrail enables customers
to protect existing and newly enrolled AWS accounts via AWS CloudTrail logs. Sysdig detects
anomalous activity across AWS workloads with out-of-the-box policies based on open source
Falco.
Tenable
Vulnerability Management for Modern IT, Tenable.io provides the most accurate
information about assets and vulnerabilities in your IT environments. Available as a
cloud-delivered solution, Tenable.io features the broadest vulnerability coverage, intuitive
dashboard visualizations for rapid analysis, and seamless integrations that help you maximize
efficiency and increase effectiveness.
Trend
Micro Cloud One - Workload Security is purpose-built for
server, cloud, and container environments, providing visibility
across your entire hybrid cloud. Automatically protect against
vulnerabilities, malware, and unauthorized changes with a wide
range of powerful and intelligent capabilities. Workload Security
automatically integrates with the DevOps toolchain and includes a
rich set of REST APIs, which facilitate deployment, policy
management, health checks, and compliance reporting.