Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

// // //
11/30/2017
12:05 AM
Simon Marshall
Simon Marshall
Simon Marshall

AWS Adds Security Management to Growing Portfolio

AWS has announced major new security management features for its massive public cloud infrastructure.

Securing cloud-based information in the data center can potentially add more complexity to threat detection. By and large, enterprises have several options to secure their data in the cloud. So is a new semi-proprietary managed service the way to go?

AWS has just weighed into the threat detection market and a play for a slice of the bigger cybersecurity market, launching a new service called GuardDuty, in partnership with CrowdStrike and Proofpoint.

It's enabled through the AWS Management Console, which the tech giant says allows customers to "immediately begin analyzing API calls and network activity across their accounts to establish a baseline of 'normal' account activity." It is billed based on the number of events analyzed across AWS instances, rather than a subscription.

The service starts with a free 30-day trial, and may hook new customers who find that GuardDuty picks up existing threats that an enterprise is discovering for the first time. Once launched, GuardDuty begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats, such as a rare instance type being deployed in an unused region, or an attempt to obscure user activity by disabling AWS CloudTrail logging.

But why would anyone buy into this managed service? Any enterprise that wants to continue in business already has their own threat detection in place. GuardDuty is unproven; it has proprietary AWS-developed software in the service, although it does have two proven solutions contained within from CrowdStrike and Proofpoint.

It's understood that AWS considers it an additional layer of protection, meant to complement and not replace other solutions. Apparently, it's easy to launch and integrate, and looks to have extreme scalability. Another advantage is that it's able to detect account-based threats which can be difficult for other systems to find.

Effectively, security teams using the service can outsource the collection and analysis of the data, and save time on installing or managing network appliances, sensors, host-based agents, or building custom rulesets.

According to analyst Cybersecurity Ventures, the global cybersecurity market is predicted to exceed $1 trillion in spending over the next five years. Steve Morgan, editor-in-chief at CyberSecurity Ventures, thinks that big AWS customers are ripe for upselling.

"The point is, the biggest tech vendors smell one of the biggest spends -- and they're aggressively seizing on it," he told Security Now. "AWS could have transparently built the GuardDuty service into its cloud infrastructure [like Google] without productizing it, [but] the new brand name and offering sends a message that AWS is pulling up a seat in the CISO's office."

AWS competitors have made their own advances into security. Google Cloud's Titan chip debuted in August, and it now has phishing email and ransomware defense baked in. Microsoft Azure Migrate, launched in November, aims to make it easier for VMWare customers to add data from their own servers to the cloud -- in direct competition with AWS. Microsoft has also acquired three well respected Israeli security firms over the last three years.

CrowdStrike, for one, is keen to clarify that functionality from its Falcon platform is not an overlap with AWS's solution. "It's distinct from the CrowdStrike availability in the AWS cloud in that AWS customers can acquire the GuardDuty service as a layer of security for their AWS instances," Ilina Cashiola, a director at CrowdStrike told Security Now. "There is no overlap or conflict between GuardDuty and CrowdStrike Falcon -- they are complementary."

Netflix is a marquee account for AWS. Shaun Blackburn, security manager at Netflix, said: "By delegating the management and monitoring of flow logs to AWS, we can extend our detection capabilities and pursue Netflix-specific security work. By leveraging their unique position as the largest cloud provider, they are able to train sophisticated models that we can immediately consume."

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42002
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-39268
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
CVE-2022-34428
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2022-34429
PUBLISHED: 2022-09-30
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVE-2022-40923
PUBLISHED: 2022-09-30
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.