Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

// // //
11/30/2017
12:05 AM
Simon Marshall
Simon Marshall
Simon Marshall

AWS Adds Security Management to Growing Portfolio

AWS has announced major new security management features for its massive public cloud infrastructure.

Securing cloud-based information in the data center can potentially add more complexity to threat detection. By and large, enterprises have several options to secure their data in the cloud. So is a new semi-proprietary managed service the way to go?

AWS has just weighed into the threat detection market and a play for a slice of the bigger cybersecurity market, launching a new service called GuardDuty, in partnership with CrowdStrike and Proofpoint.

It's enabled through the AWS Management Console, which the tech giant says allows customers to "immediately begin analyzing API calls and network activity across their accounts to establish a baseline of 'normal' account activity." It is billed based on the number of events analyzed across AWS instances, rather than a subscription.

The service starts with a free 30-day trial, and may hook new customers who find that GuardDuty picks up existing threats that an enterprise is discovering for the first time. Once launched, GuardDuty begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats, such as a rare instance type being deployed in an unused region, or an attempt to obscure user activity by disabling AWS CloudTrail logging.

But why would anyone buy into this managed service? Any enterprise that wants to continue in business already has their own threat detection in place. GuardDuty is unproven; it has proprietary AWS-developed software in the service, although it does have two proven solutions contained within from CrowdStrike and Proofpoint.

It's understood that AWS considers it an additional layer of protection, meant to complement and not replace other solutions. Apparently, it's easy to launch and integrate, and looks to have extreme scalability. Another advantage is that it's able to detect account-based threats which can be difficult for other systems to find.

Effectively, security teams using the service can outsource the collection and analysis of the data, and save time on installing or managing network appliances, sensors, host-based agents, or building custom rulesets.

According to analyst Cybersecurity Ventures, the global cybersecurity market is predicted to exceed $1 trillion in spending over the next five years. Steve Morgan, editor-in-chief at CyberSecurity Ventures, thinks that big AWS customers are ripe for upselling.

"The point is, the biggest tech vendors smell one of the biggest spends -- and they're aggressively seizing on it," he told Security Now. "AWS could have transparently built the GuardDuty service into its cloud infrastructure [like Google] without productizing it, [but] the new brand name and offering sends a message that AWS is pulling up a seat in the CISO's office."

AWS competitors have made their own advances into security. Google Cloud's Titan chip debuted in August, and it now has phishing email and ransomware defense baked in. Microsoft Azure Migrate, launched in November, aims to make it easier for VMWare customers to add data from their own servers to the cloud -- in direct competition with AWS. Microsoft has also acquired three well respected Israeli security firms over the last three years.

CrowdStrike, for one, is keen to clarify that functionality from its Falcon platform is not an overlap with AWS's solution. "It's distinct from the CrowdStrike availability in the AWS cloud in that AWS customers can acquire the GuardDuty service as a layer of security for their AWS instances," Ilina Cashiola, a director at CrowdStrike told Security Now. "There is no overlap or conflict between GuardDuty and CrowdStrike Falcon -- they are complementary."

Netflix is a marquee account for AWS. Shaun Blackburn, security manager at Netflix, said: "By delegating the management and monitoring of flow logs to AWS, we can extend our detection capabilities and pursue Netflix-specific security work. By leveraging their unique position as the largest cloud provider, they are able to train sophisticated models that we can immediately consume."

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.