Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

11/30/2017
12:05 AM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

AWS Adds Security Management to Growing Portfolio

AWS has announced major new security management features for its massive public cloud infrastructure.

Securing cloud-based information in the data center can potentially add more complexity to threat detection. By and large, enterprises have several options to secure their data in the cloud. So is a new semi-proprietary managed service the way to go?

AWS has just weighed into the threat detection market and a play for a slice of the bigger cybersecurity market, launching a new service called GuardDuty, in partnership with CrowdStrike and Proofpoint.

It's enabled through the AWS Management Console, which the tech giant says allows customers to "immediately begin analyzing API calls and network activity across their accounts to establish a baseline of 'normal' account activity." It is billed based on the number of events analyzed across AWS instances, rather than a subscription.

The service starts with a free 30-day trial, and may hook new customers who find that GuardDuty picks up existing threats that an enterprise is discovering for the first time. Once launched, GuardDuty begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats, such as a rare instance type being deployed in an unused region, or an attempt to obscure user activity by disabling AWS CloudTrail logging.

But why would anyone buy into this managed service? Any enterprise that wants to continue in business already has their own threat detection in place. GuardDuty is unproven; it has proprietary AWS-developed software in the service, although it does have two proven solutions contained within from CrowdStrike and Proofpoint.

It's understood that AWS considers it an additional layer of protection, meant to complement and not replace other solutions. Apparently, it's easy to launch and integrate, and looks to have extreme scalability. Another advantage is that it's able to detect account-based threats which can be difficult for other systems to find.

Effectively, security teams using the service can outsource the collection and analysis of the data, and save time on installing or managing network appliances, sensors, host-based agents, or building custom rulesets.

According to analyst Cybersecurity Ventures, the global cybersecurity market is predicted to exceed $1 trillion in spending over the next five years. Steve Morgan, editor-in-chief at CyberSecurity Ventures, thinks that big AWS customers are ripe for upselling.

"The point is, the biggest tech vendors smell one of the biggest spends -- and they're aggressively seizing on it," he told Security Now. "AWS could have transparently built the GuardDuty service into its cloud infrastructure [like Google] without productizing it, [but] the new brand name and offering sends a message that AWS is pulling up a seat in the CISO's office."

AWS competitors have made their own advances into security. Google Cloud's Titan chip debuted in August, and it now has phishing email and ransomware defense baked in. Microsoft Azure Migrate, launched in November, aims to make it easier for VMWare customers to add data from their own servers to the cloud -- in direct competition with AWS. Microsoft has also acquired three well respected Israeli security firms over the last three years.

CrowdStrike, for one, is keen to clarify that functionality from its Falcon platform is not an overlap with AWS's solution. "It's distinct from the CrowdStrike availability in the AWS cloud in that AWS customers can acquire the GuardDuty service as a layer of security for their AWS instances," Ilina Cashiola, a director at CrowdStrike told Security Now. "There is no overlap or conflict between GuardDuty and CrowdStrike Falcon -- they are complementary."

Netflix is a marquee account for AWS. Shaun Blackburn, security manager at Netflix, said: "By delegating the management and monitoring of flow logs to AWS, we can extend our detection capabilities and pursue Netflix-specific security work. By leveraging their unique position as the largest cloud provider, they are able to train sophisticated models that we can immediately consume."

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5604
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
CVE-2020-5974
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
CVE-2020-15072
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
CVE-2020-15073
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CVE-2020-2034
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...