Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

11/30/2017
12:05 AM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

AWS Adds Security Management to Growing Portfolio

AWS has announced major new security management features for its massive public cloud infrastructure.

Securing cloud-based information in the data center can potentially add more complexity to threat detection. By and large, enterprises have several options to secure their data in the cloud. So is a new semi-proprietary managed service the way to go?

AWS has just weighed into the threat detection market and a play for a slice of the bigger cybersecurity market, launching a new service called GuardDuty, in partnership with CrowdStrike and Proofpoint.

It's enabled through the AWS Management Console, which the tech giant says allows customers to "immediately begin analyzing API calls and network activity across their accounts to establish a baseline of 'normal' account activity." It is billed based on the number of events analyzed across AWS instances, rather than a subscription.

The service starts with a free 30-day trial, and may hook new customers who find that GuardDuty picks up existing threats that an enterprise is discovering for the first time. Once launched, GuardDuty begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats, such as a rare instance type being deployed in an unused region, or an attempt to obscure user activity by disabling AWS CloudTrail logging.

But why would anyone buy into this managed service? Any enterprise that wants to continue in business already has their own threat detection in place. GuardDuty is unproven; it has proprietary AWS-developed software in the service, although it does have two proven solutions contained within from CrowdStrike and Proofpoint.

It's understood that AWS considers it an additional layer of protection, meant to complement and not replace other solutions. Apparently, it's easy to launch and integrate, and looks to have extreme scalability. Another advantage is that it's able to detect account-based threats which can be difficult for other systems to find.

Effectively, security teams using the service can outsource the collection and analysis of the data, and save time on installing or managing network appliances, sensors, host-based agents, or building custom rulesets.

According to analyst Cybersecurity Ventures, the global cybersecurity market is predicted to exceed $1 trillion in spending over the next five years. Steve Morgan, editor-in-chief at CyberSecurity Ventures, thinks that big AWS customers are ripe for upselling.

"The point is, the biggest tech vendors smell one of the biggest spends -- and they're aggressively seizing on it," he told Security Now. "AWS could have transparently built the GuardDuty service into its cloud infrastructure [like Google] without productizing it, [but] the new brand name and offering sends a message that AWS is pulling up a seat in the CISO's office."

AWS competitors have made their own advances into security. Google Cloud's Titan chip debuted in August, and it now has phishing email and ransomware defense baked in. Microsoft Azure Migrate, launched in November, aims to make it easier for VMWare customers to add data from their own servers to the cloud -- in direct competition with AWS. Microsoft has also acquired three well respected Israeli security firms over the last three years.

CrowdStrike, for one, is keen to clarify that functionality from its Falcon platform is not an overlap with AWS's solution. "It's distinct from the CrowdStrike availability in the AWS cloud in that AWS customers can acquire the GuardDuty service as a layer of security for their AWS instances," Ilina Cashiola, a director at CrowdStrike told Security Now. "There is no overlap or conflict between GuardDuty and CrowdStrike Falcon -- they are complementary."

Netflix is a marquee account for AWS. Shaun Blackburn, security manager at Netflix, said: "By delegating the management and monitoring of flow logs to AWS, we can extend our detection capabilities and pursue Netflix-specific security work. By leveraging their unique position as the largest cloud provider, they are able to train sophisticated models that we can immediately consume."

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-45340
PUBLISHED: 2022-01-25
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
CVE-2021-45341
PUBLISHED: 2022-01-25
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
CVE-2022-0268
PUBLISHED: 2022-01-25
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
CVE-2022-0338
PUBLISHED: 2022-01-25
Improper Privilege Management in Conda loguru prior to 0.5.3.
CVE-2022-23935
PUBLISHED: 2022-01-25
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.