Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

11/30/2017
12:05 AM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

AWS Adds Security Management to Growing Portfolio

AWS has announced major new security management features for its massive public cloud infrastructure.

Securing cloud-based information in the data center can potentially add more complexity to threat detection. By and large, enterprises have several options to secure their data in the cloud. So is a new semi-proprietary managed service the way to go?

AWS has just weighed into the threat detection market and a play for a slice of the bigger cybersecurity market, launching a new service called GuardDuty, in partnership with CrowdStrike and Proofpoint.

It's enabled through the AWS Management Console, which the tech giant says allows customers to "immediately begin analyzing API calls and network activity across their accounts to establish a baseline of 'normal' account activity." It is billed based on the number of events analyzed across AWS instances, rather than a subscription.

The service starts with a free 30-day trial, and may hook new customers who find that GuardDuty picks up existing threats that an enterprise is discovering for the first time. Once launched, GuardDuty begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats, such as a rare instance type being deployed in an unused region, or an attempt to obscure user activity by disabling AWS CloudTrail logging.

But why would anyone buy into this managed service? Any enterprise that wants to continue in business already has their own threat detection in place. GuardDuty is unproven; it has proprietary AWS-developed software in the service, although it does have two proven solutions contained within from CrowdStrike and Proofpoint.

It's understood that AWS considers it an additional layer of protection, meant to complement and not replace other solutions. Apparently, it's easy to launch and integrate, and looks to have extreme scalability. Another advantage is that it's able to detect account-based threats which can be difficult for other systems to find.

Effectively, security teams using the service can outsource the collection and analysis of the data, and save time on installing or managing network appliances, sensors, host-based agents, or building custom rulesets.

According to analyst Cybersecurity Ventures, the global cybersecurity market is predicted to exceed $1 trillion in spending over the next five years. Steve Morgan, editor-in-chief at CyberSecurity Ventures, thinks that big AWS customers are ripe for upselling.

"The point is, the biggest tech vendors smell one of the biggest spends -- and they're aggressively seizing on it," he told Security Now. "AWS could have transparently built the GuardDuty service into its cloud infrastructure [like Google] without productizing it, [but] the new brand name and offering sends a message that AWS is pulling up a seat in the CISO's office."

AWS competitors have made their own advances into security. Google Cloud's Titan chip debuted in August, and it now has phishing email and ransomware defense baked in. Microsoft Azure Migrate, launched in November, aims to make it easier for VMWare customers to add data from their own servers to the cloud -- in direct competition with AWS. Microsoft has also acquired three well respected Israeli security firms over the last three years.

CrowdStrike, for one, is keen to clarify that functionality from its Falcon platform is not an overlap with AWS's solution. "It's distinct from the CrowdStrike availability in the AWS cloud in that AWS customers can acquire the GuardDuty service as a layer of security for their AWS instances," Ilina Cashiola, a director at CrowdStrike told Security Now. "There is no overlap or conflict between GuardDuty and CrowdStrike Falcon -- they are complementary."

Netflix is a marquee account for AWS. Shaun Blackburn, security manager at Netflix, said: "By delegating the management and monitoring of flow logs to AWS, we can extend our detection capabilities and pursue Netflix-specific security work. By leveraging their unique position as the largest cloud provider, they are able to train sophisticated models that we can immediately consume."

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41086
PUBLISHED: 2021-09-21
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pastin...
CVE-2021-41087
PUBLISHED: 2021-09-21
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the sam...
CVE-2020-19554
PUBLISHED: 2021-09-21
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
CVE-2020-35540
PUBLISHED: 2021-09-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
CVE-2020-35541
PUBLISHED: 2021-09-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.