AWS / Cloud Security

Multifunctional Security Log Management and Reporting

Some regulatory compliance standards require that you store logs in their raw state for a particular amount of time as well as provide for the export of this data for external analysis. Similarly, some audits (in-house or regulatory), can only be performed via queries to logs in their raw state. While some security log analysis and management software solutions can certainly ingest these raw logs, very few retain the log data in its original state, or give you the ability to export the data.

Zartek Global USM features a logger as one of its main architectural components that stores log files and other data for extended periods of time. Using the built-in policy editor, you have complete control as to which logs are stored and for how long. You can also utilize policies to choose a specific set of events to go straight to the logger, bypassing the SIEM. This is helpful for non-essential events and logs that you need to retain for regulatory or even internal compliance requirements.

In addition to the raw log storage requirement, most compliance standards require that you enable controls to prevent the tampering of these logs. The Zartek Global USM platform incorporates the ability to digitally sign the logs at the block or line level, ensuring that the logs you have stored have not been modified since their creation.

Another key feature of Zartek Global USM that aides in log analysis and management is the reporting console. In addition to reporting on your monitored assets’ events, alarms, states of compliance, etc., you have a way to report on the activity happening on the Zartek Global USM platform itself. While it sounds a bit recursive, this allows you to monitor your monitoring solution and certify compliance with your security policies and practices.

 

Automated Asset Discovery,Vulnerability Assessment,and Event Correlation

AWS operates on a shared responsibility model for security, which means that while Amazon secures its infrastructure, you are responsible for the security of your applications, content, systems and networks.

This means that you are responsible for everything you deploy on top of AWS and for properly configuring AWS security features. And while Amazon supplies many tools to assist you with security, such as Security Groups and CloudTrail, the tools lack certain security capabilities that you need to have, including log management, configuration management, and vulnerability scanning.

Zartek Global USM for AWS is a solution purpose-built for the AWS environment that leverages the AWS shared responsibility model to provide you with essential threat detection, monitoring and security analysis capabilities for your AWS instances. USM for AWS automatically scans your AWS environment to detect assets, assess vulnerabilities and identify any misconfigurations. You get automated monitoring, alerts and event correlation. And you can manage all configuration, analysis and reporting from a single console.

 

Purpose-Built Platform for AWS

Given the requirements of the AWS shared responsibility model, you need a security solution designed specifically for the AWS environment. Purpose-built for the AWS shared responsibility model, USM for AWS automatically detects and secures your AWS instances and provides continuous monitoring. USM for AWS supplies preconfigured CloudFormation templates to simplify provisioning, allowing you to replicate the services you need as your environment scales. And USM for AWS provides analysis of your use of built-in security features like AWS CloudTrail and Amazon EC2 Security Groups, delivering immediate insight into potential issues in your environment.

USM for AWS also monitors and controls access to the Amazon API, which is essential given that the Amazon API controls all actions taken in your AWS environment. And finally, USM for AWS scales with you as you scale up your number of instances, allowing you to scale your threat detection and response capabilities horizontally as your environment changes.

 

Integrated Threat Intelligence

Zartek Global Threat Intelligence is information about malicious actors, their tools, infrastructure and methods, and is an essential component to any effective security program. And very often, it is too resource intensive and too costly for organizations to invest in effective Threat Intelligence. That’s where the Threat Intelligence produced by Zartek Global Labs and the Open Threat Exchange™ (OTX) steps in. The team is constantly performing advanced research on current threats and developing updates to Zartek Global USM for AWS’s threat intelligence. The Labs team incorporates this expertise into the library of over 2,500 customizable correlation rules that are included with the Zartek Global USM for AWS platform.

Zartek Global eliminates the need for you to conduct your own research and to write your own correlation rules. The constant updates from Zartek Global Labs enable the Zartek Global USM for AWS platform to analyze the mountain of event data from all of your AWS data sources and tell you exactly what are the most important threats facing your AWS environment right now, and what you need to do about them.

An Automated Threat Detection Solution Purpose-Built for the AWS Shared Security Model

As more companies move critical business applications to the cloud, security of those applications and data remains paramount. But many companies are not aware of their responsibility for security in cloud environments such as AWS.

AWS operates on a shared responsibility model for security. This means that while Amazon secures its infrastructure, the customer is responsible for the security of their applications, content, and systems.

You need a security provider that has designed a solution specifically for the AWS shared responsibility environment.

Zartek Global Unified Security Management™ (USM) for AWS is a purpose-built solution for the AWS environment and provides you with essential threat detection, monitoring and security analysis capabilities for your AWS instances.

Zartek Global USM™ for AWS secures your AWS environment with these critical features:

 

Automated Asset Discovery, Vulnerability Assessment, and Event Correlation

  • Automatically scan your AWS environment including assets, security groups, and configurations
  • Manage all configuration, analysis and reporting from a single console
  • Automatically alert on and correlate events

 

Purpose-Built Platform for AWS

  • Scales with you as you scale up your environment
  • Preconfigured CloudFormation templates
  • Automated monitoring of CloudTrail, S3 and ELB Access Logs

 

Integrated Threat Intelligence Updates

  • Regular threat intelligence updates accelerate your ability to spot the latest threats
  • Pre-built, customizable correlation rules eliminate the need for you to create your own
  • Focus on responding to threats rather than researching every alert

 

Automated Asset Discovery,Vulnerability Assessment,and Event Correlation

AWS operates on a shared responsibility model for security, which means that while Amazon secures its infrastructure, you are responsible for the security of your applications, content, systems and networks.

This means that you are responsible for everything you deploy on top of AWS and for properly configuring AWS security features. And while Amazon supplies many tools to assist you with security, such as Security Groups and CloudTrail, the tools lack certain security capabilities that you need to have, including log management, configuration management, and vulnerability scanning.

Zartek Global USM for AWS is a solution purpose-built for the AWS environment that leverages the AWS shared responsibility model to provide you with essential threat detection, monitoring and security analysis capabilities for your AWS instances. USM for AWS automatically scans your AWS environment to detect assets, assess vulnerabilities and identify any misconfigurations. You get automated monitoring, alerts and event correlation. And you can manage all configuration, analysis and reporting from a single console.

 

Purpose-Built Platform for AWS

Given the requirements of the AWS shared responsibility model, you need a security solution designed specifically for the AWS environment. Purpose-built for the AWS shared responsibility model, USM for AWS automatically detects and secures your AWS instances and provides continuous monitoring. USM for AWS supplies preconfigured CloudFormation templates to simplify provisioning, allowing you to replicate the services you need as your environment scales. And USM for AWS provides analysis of your use of built-in security features like AWS CloudTrail and Amazon EC2 Security Groups, delivering immediate insight into potential issues in your environment.

USM for AWS also monitors and controls access to the Amazon API, which is essential given that the Amazon API controls all actions taken in your AWS environment. And finally, USM for AWS scales with you as you scale up your number of instances, allowing you to scale your threat detection and response capabilities horizontally as your environment changes.

Improve DevOps with Zartek Global USM for AWS

DevOps security has the potential of being a business enabler due to its agility in responding quickly to changing requirements. However, outdated practices can end up being a bottleneck, or worse, push back on initiatives.

In cloud environments, continuous security monitoring is essential to ensuring that frequent changes do not expose systems or information to unnecessary risk. For example, developers inadvertently opening access on a backend port or embedding credentials in source code.

Zartek Global Unified Security Management (USM) for AWS is a unified security platform that provides threat detection and prioritization, incident response, and compliance management for AWS environments. With USM, organizations get the benefit of built-in capabilities that speed up deployment and decisions needed throughout the DevOps and security process.

Zartek Global USM for AWS allows you to:

 

Reduce Errors

  • Always vigilant
  • Attack intent & strategy
  • External known bad actors

 

Accelerate Delivery

  • Eliminate bottlenecks
  • Quick setup and results
  • Enhance cooperation & communication

 

Measure Results

  • Compliance
  • Reporting
  • Intuitive dashboard

 

Reduce Errors

As an operational framework, DevOps works to ensure consistency and standardization of software via automation. This automation allows for reduction of human error and forces consistency.

USM for AWS is purpose-built for AWS environments and the ‘shared responsibility’ security model. It automates threat detection and response by continuously scanning the environment for exposed vulnerabilities, unauthorized instances, exposed credentials, or misconfigured assets introduced by continuous delivery sprint cycles.

USM for AWS also makes it easier for you to utilize AWS-provided security controls like CloudTrail and Security Groups with centralized monitoring and alerting, as well as event correlation.

USM for AWS receives new threat intelligence updates, which includes IDS signatures and correlation directives for the latest threats, every 60 minutes. These threat updates come directly from Zartek Global Labs threat research team.

Zartek Global Labs acts as an extension to your IT team. It is constantly performing advanced research on current threats and developing updates to Zartek Global USM’s threat intelligence in the form of correlation rules, IDS signatures, response guidance, and more.

 

Accelerate Delivery

DevOps is built on the Agile manifesto to enable rapid application development and continuous enhancement to meet new requirements to accelerate business objectives. DevOps security monitoring capabilities have to keep pace and even stay ahead of the dynamically changing environment and threats.

Traditional SIEMs and security products can take days, if not months to install, setup, and configure. Zartek Global USM is designed with speed and efficiency in mind – allowing you to sign up and deploy quickly. You can start seeing actionable alarms in less than one hour with DevOps security automation.

Threats are displayed using the Kill Chain Taxonomy which breaks out threats into five categories. This prioritized view allows you to quickly understand the intent of attackers and how they’re interacting with your network and assets.

  • Asset Discovery
    • API-powered Asset Discovery
  • Vulnerability Assessment• AWS infrastructure assessment
    • Authenticated vulnerability assessment
  • Intrusion Detection
    • OSQuery Host IDS for Linux
    • Sysmon Host IDS for Windows
    • Log aggregation with CloudWatch
  • Behavioral Monitoring
    • Log management (elastically scalable and searchable) including S3 and ELB access log monitoring and alerting
    • Behavioral insights through VPC Flow log monitoring
  • SIEM
    • CloudTrail monitoring and alerting
    • Event correlation>

 

Measure Results

DevOps security tools are not just about automation, but also about continuous and iterative improvements. The collection of metrics allows you to know where to focus your attention.

Data captured from the network and applications forms the basis for measuring everything needed to support your DevOps Security and compliance requirements.

Zartek Global USM for AWS not only provides reporting as a one-time event, but in line with DevOps and security practices, has a system of processes that are continually enforced.

Zartek Global USM for AWS delivers this comprehensive AWS log management and log analysis capability to help you achieve compliance with regulatory requirements such as PCI-DSS, FedRAMP, Sarbanes Oxley, and HIPAA. Although specific requirements for monitoring and security event management vary from one standard to the next, Zartek Global USM for AWS can help you quickly achieve compliance in your AWS environment with all the essential security capabilities you need in a single console.

Achieve HIPAA Compliance with Zartek Global Unified Security Management™ (USM) for AWS

Traditional SIEM products aren’t sufficient for meeting AWS HIPAA compliance requirements and keeping up with today’s changing cyber security landscape. They’re costly, complex, and in many cases incompatible with AWS.

Zartek Global’s Unified Security Management (USM) for AWS platform is a cloud-native, scalable, and centrally managed collection of essential security capabilities that is purpose-built to identify suspicious or malicious behavior in your AWS environment.

Zartek Global USM provides you with the functionality you need to measure HIPAA compliance in AWS, in a single platform:

  • Discover all your AWS environment assets, including OS details, while satisfying AWS scanning policies
  • Identify vulnerabilities like unpatched software or insecure configurations
  • Collect and analyze CloudTrail, CloudWatch, VPC Flow Logs, ELB logs, S3 Access Logs and Zartek Global Host IDS collected logs natively in AWS
  • Correlate security events automatically with Zartek Global Labs predefined rules
  • Understand the objectives of threats targeting your network
  • Speed incident response with built-in remediation guidance for every alert
  • Monitor and report on security controls required for HIPAA compliance

 

Threat Intelligence for HIPAA Compliance in AWS

IT teams of all sizes suffer from too much log data and not enough threat intelligence. For instance, in AWS, the services and assets deployed into your environment generate a steady stream of alerts about important (and not so important) activity. Without deep security expertise you are then required to conduct research into each alert and alarm to understand the significance of each event and what to do about it.

USM for AWS includes integrated threat intelligence from Zartek Global Labs that eliminates the need for you to spend precious time conducting your own research. The Zartek Global Labs team regularly delivers threat intelligence as a coordinated set of advanced correlation rules and product updates, including up-to-the-minute guidance on emerging threats and context-specific response advice, which accelerates and simplifies threat detection and remediation.

 

Threat Detection for Healthcare Organizations

According to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data (2016), 89% of healthcare organizations suffered a data breach. It’s impossible to stop a dedicated, patient attacker from penetrating even the most secure defenses. Therefore, it’s essential to detect and respond to attacks as quickly as possible.

At Zartek Global, we help healthcare organizations of all sizes achieve world-class threat detection and meet AWS HIPPA compliance requirements without the headaches and huge expense of other solutions. Our unified approach puts hours back in your day with automated threat detection and integrated threat intelligence that eliminate manual, time-consuming log analysis and threat research.

Zartek Global has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente and Novo Nordisk accomplish these key tasks:

  • Identify vulnerabilities on assets that store electronic protected health information (ePHI)
  • Maintain an audit log of who has accessed ePHI
  • Identify systems communicating with malicious IPs, a sign of possible compromise
  • Identify and respond to security incidents; including remediation advice for every alert

 

Comprehensive Reporting and Log Management for
HIPAA Compliance in AWS

HIPAA Standard § 164.312(b) — Audit Controls states that you must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” Zartek Global USM for AWS provides intuitive reporting capabilities that simplify adherence to this standard with an easy to use interface and integrated scheduling functionality.

HIPAA Compliance Standard § 164.312(c)(2) deals with data integrity and requires that any covered organization “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.” USM for AWS helps entities satisfy this requirement by providing mechanisms for collecting and analyzing host logs, syslogs, AWS CloudTrail logs and S3 logs. Additionally, it will create events and meta data for event response prioritization, and future auditing and reporting.

Accelerate Your AWS PCI DSS Compliance & Security

According to a Cloud Security Spotlight Report, security and regulatory compliance are two of the top four barriers to cloud adoption. Zartek Global Unified Security Management™ (USM) for AWS delivers the tools you need in one place, so you can save time and money in achieving a confident security posture and PCI DSS compliance while benefiting from the speed and agility of Amazon AWS.

Zartek Global USM provides you with the functionality you need to meet AWS PCI DSS compliance, in a single platform:

  • Automated Asset Discovery
  • CloudTrail Monitoring & Alerting
  • Amazon Infrastructure Assessment
  • Vulnerability Assessment
  • Log Management
  • S3 Access Log Monitoring and Alerting
  • ELB Access Log Monitoring and Alerting
  • Event Correlation
  • Threat Detection
  • Audit Reporting

 

Prove Compliance for Even the Most Challenging Requirements

Logging and Reporting: PCI DSS Requirement 10

Zartek Global USM for AWS helps you collect and protect your log records, as well as prove you’ve done so.

10.1 – 10.4 deals with collecting audit logs, tracking access to cardholder data, actions taken by admins, failed logins, and manipulation of the audit trail. Zartek Global USM for AWS provides the ability for each event logged in the system to be attributed to a particular user. This provides forensic storage of events for later audits. For highly sensitive components, the Zartek Global host-based agent can be used to provide full visibility into all actions taken on particular machines. Additionally, USM for AWS timestamps and digitally signs stored logs.

10.5 requires that audit trails be secured so they cannot be altered. Zartek Global provides full role-based access control for access to audit trails and event logs. An additional separate audit log provides a record of modifications to the event log. All entries are time stamped and hashed to identify attempts of tampering.

10.7 mandates that you retain audit history for at least one year, with a minimum of three months immediately available for analysis. Zartek Global provides the ability to utilize AWS S3 in a PCI DSS compliant manager. This provides the flexibility for long-term log retention, even in high-volume environments.

 

Vulnerability Assessment: PCI DSS Requirement 11

Out of the box, Zartek Global USM provides vulnerability assessment that allows you to identify and assess weaknesses in your AWS environment. USM’s asset management and vulnerability scanning identifies any discovered vulnerabilities and correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy.

 

Incident Response Planning: PCI DSS Requirement 12

Make sure the right people get notified to take action in the case of an incident. USM provides the alerting you need, down to the level of texting security professionals in real time as incidents occur. With USM for AWS, you get 24X7 coverage.

An Automated and Purpose-built Vulnerability Scanner for Your AWS Cloud Environment

Securing data in AWS environments remains a challenging task, especially since Amazon operates on a ‘shared responsibility’ security model. This means that while Amazon physically secures its cloud infrastructure, the customer is responsible for securing their applications and data. Achieving security in the AWS cloud requires diligent monitoring of your AWS environment to identify changes that can leave your assets vulnerable to exploit. Failure to put in place essential security controls can leave you susceptible to an attack.

Additionally, it can be time-consuming and frustrating to follow the procedural requirements that Amazon has put in place to conduct traditional vulnerability testing of your AWS environment. Most IT teams do not even attempt to do so, meaning that essential vulnerability scanning of their AWS environment often does not occur.

Zartek Global USM for AWS addresses this pain point with a platform purpose-built for the AWS ‘shared responsibility’ model that automatically performs vulnerability scanning with your AWS instance. This AWS-native solution allows you to ensure continuous vulnerability assessment without having to manage the process manually.

 

Zartek Global USM for AWS allows you to secure your AWS environment with these critical features:

Fast Configuration and Automatic Scanning

  • Automatically scan your AWS environment including assets, security groups, and configurations
  • Control the scanning techniques utilized by using default profiles or creating your own
  • Manage all configuration, analysis and reporting from a single console

 

Intuitive Dashboard

  • Leverage at-a-glance analysis of top assets and systems affected by discovered vulnerabilities
  • Produce useful and easily digestible views that list threats by severity, allowing you to better prioritize your efforts

 

Integrated Threat Intelligence Updates

  • Deploy new vulnerability signatures based on the latest threats
  • Spot the latest exploits targeting your AWS environment with regular threat intelligence updates
  • Focus on responding to threats rather than researching every alert

 

Easy Configuration and Automatic Scanning

Scanning your AWS environment for vulnerabilities and configuration issues can seem like a daunting task given that you can’t use traditional scanning tools in an AWS environment. While Amazon sets up methods to allow traditional vulnerability testing in your AWS instances, it is difficult and time consuming to satisfy the procedural requirements every time you want to run a scan. Most IT teams do not even attempt to conduct AWS vulnerability scans, meaning that essential vulnerability testing of their AWS environment often does not occur.

You need a security solution that automates AWS vulnerability scanning and threat detection. Zartek Global USM for AWS provides a unified security platform for your AWS environment that simplifies threat detection by automatically performing vulnerability scanning. Zartek Global’s AWS-native solution resides in your AWS environment and delivers the continuous vulnerability assessment you need without requiring you to manage the process manually.

USM for AWS also allows you to easily specify the methods used during the scans. You can use the predefined scanning profiles, modify them to meet your explicit needs, or create your own. This secure, low-overhead, authenticated scanning allows you to stay current with any changes in your environment.

 

Intuitive Dashboard

Once you’ve completed the AWS vulnerability scan, you need to develop a prioritized response plan that identifies the vulnerabilities, configuration issues and access control issues and their potential impact to your environment. Doing this efficiently requires expert knowledge of not only the exploit methods but the affected assets and systems as well.

Zartek Global USM for AWS gives you an interface that provides a graphical display of vulnerabilities discovered by severity as well as affected assets and systems. It also provides a dashboard detailing the status of AWS vulnerability scans, providing you with an at-a-glance status update.

Additionally, USM for AWS delivers alerts that contain detailed descriptions of the vulnerability, insight into root cause, and response guidance including workarounds. In most cases, links to references are provided for additional context. Exporting this data is easy with links to download in PDF or CSV formats.

 

Integrated Threat Intelligence

One of the most significant challenges to effectively securing your AWS environment is having the capabilities and knowledge required to identify vulnerabilities, prioritizing which are the biggest threats to your cloud environment, and then remediating any issues found. While some tools can provide an initial set of vulnerability signatures, keeping them up to date and making them actionable is often up to the user.

That’s where the threat intelligence produced by Zartek Global Labs steps in to assist. Think of it as an extension of your IT team – the Zartek Global Labs team is constantly performing advanced research on current threats and developing updates to USM for AWS’s threat intelligence. Zartek Global provides advanced, automated, and integrated threat intelligence in its USM for AWS platform that improves the accuracy of your protective scanning. In addition to the vulnerability signatures, you receive updates to event correlation rules, IDS signatures, links to knowledgebase articles, and more.

Updating the Zartek Global USM for AWS platform is extremely easy and just requires a few mouse clicks. This ensures that Zartek Global USM for AWS is continuously conducting AWS vulnerability scans for the latest threats without requiring in-house research or development of vulnerability data. This allows you to allocate your time and resources to other responsibilities and do more with a smaller team.

An AWS-native Solution to Monitor, Correlate andAnalyze Events from the Data in Your AWS CloudTrail Logs

Monitoring activity in your Amazon Web Services (AWS) environment is essential to maintaining the security of your applications and ensuring regulatory compliance. Amazon provides several important tools to assist you, including CloudTrail.

AWS CloudTrail is a log monitoring service that records all API calls for your AWS account. CloudTrail allows you to track changes to your AWS resources, conduct security analysis, and troubleshoot operational issues. However, CloudTrail as a security tool is incomplete, as it doesn’t correlate events or conduct any security analysis.

Zartek Global Unified Security Management™ (USM) for AWS addresses these issues in CloudTrail and delivers critical event correlation and log management capabilities. It enables you to detect malicious activity in your AWS instances using the AWS CloudTrail logs. It also helps you comply with regulatory requirements such as PCI-DSS and HIPAA.

Zartek Global USM™ for AWS allows you to monitor AWS CloudTrail and secure your AWS environment with these critical features:

 

Automated AWS CloudTrail Log Management and Event Correlation

  • Automates alerting and event correlation from CloudTrail data
  • Arranges security events in prioritized kill chain taxonomy
  • Detects behavioral changes including suspicious instance creation and security group changes

 

Complete Log Management for Compliance

  • Log analysis and log management for compliance with PCI-DSS, HIPAA, FISMA, FedRAMP, ISO 27002, NERC-CIP, or GLBA requirements
  • Secure collection and retention of both raw log data as well as normalized logs

 

Integrated Threat Intelligence Updates

  • Regular threat intelligence updates accelerate your ability to spot the latest exploits
  • Pre-built, customizable correlation directives eliminate the need for you to create your own
  • Focus on responding to threats rather than researching every alert

 

Automated AWS CloudTrail
Log Management and Event Correlation

To maintain the security of your applications running in AWS, you need to continuously monitor their activity to identify changes and correlate events. CloudTrail is one of the useful tools that Amazon provides to assist you with monitoring and securing your AWS instances. However, CloudTrail as a security tool is incomplete, as it doesn’t perform correlation of events or conduct any security analysis.

Zartek Global USM for AWS automatically monitors, correlates and analyzes events from all AWS sources to detect security events across systems and applications running in AWS. A purpose-built platform for AWS, Zartek Global USM for AWS will automatically detect your use of AWS CloudTrail and retrieve your logs across all regions.

Zartek Global USM for AWS also enables you to effectively correlate events using the AWS CloudTrail logs to detect suspicious behavioral changes or other malicious activity in your AWS instances, including security group changes. And Zartek Global USM for AWS builds all the monitoring and security event management capabilities you need into a centralized dashboard.

 

Complete Log Management
for Compliance

Monitoring your AWS environment is also critical for ensuring compliance with regulatory requirements. Although AWS CloudTrail can effectively feed data into log management platforms, simply using CloudTrail on its own does not help achieve compliance with regulatory requirements. You need to integrate CloudTrail with a comprehensive log management tool that provides secure collection and retention of both raw log data as well as normalized logs.

Zartek Global USM for AWS delivers this comprehensive AWS log management and log analysis capability to help you achieve compliance with regulatory requirements such as PCI-DSS, FedRAMP, Sarbanes Oxley, and HIPAA. Although specific requirements for monitoring and security event management vary from one standard to the next, Zartek Global USM for AWS can help you quickly achieve compliance in your AWS environment with all the essential security capabilities you need in a single console.

 

Integrated Threat
Intelligence Updates

Proactively securing your AWS environment requires more than just collecting and monitoring security events. You need security analysis capabilities that make connections between seemingly unrelated events and to build correlation rules that will identify particular patterns. However, building these correlation rules can be a resource-intensive task, involving researching countless alerts and events, leveraging threat data from external sources to put the alerts in context, properly identifying the malicious activity, and then writing the corresponding correlation rules to proactively block these threats.

That’s where the Threat Intelligence produced by Zartek Global Labs and the Open Threat Exchange™ (OTX) steps in to assist. Think of the Zartek Global Labs team as an extension of your IT team – the team is constantly performing advanced research on current threats and developing updates to Zartek Global USM for AWS’s threat intelligence. The Labs team incorporates this expertise into the library of over 2,500 customizable correlation rules that are included with the Zartek Global USM for AWS platform.

Zartek Global Threat Intelligence is information about malicious actors, their tools, infrastructure and methods. Zartek Global eliminates the need for you to conduct your own research and to write your own correlation rules. The constant updates from Zartek Global Labs enable the Zartek Global USM for AWS platform to analyze the mountain of event data from all of your AWS data sources and tell you exactly what are the most important threats facing your AWS environment right now, and what you need to do about them.

Take control of your cloud security monitoring,management and risks

As organizations of every size are adopting cloud services, attackers have followed suit. But a core problem exists in AWS – there is no way to get complete access to the low-level network traffic by traditional methods.

However, this challenge can be overcome by accessing the control plane. In doing so, Zartek Global USM™ for AWS can provide core AWS Intrusion Detection (IDS) capabilities.

Security benefits of Zartek Global USM for AWS include:

  • Full visibility into every operation that is going on in your data center
  • Identify which users have accessed the environment
  • Check and alert on CPU spikes on any machine

Zartek Global USM for AWS unifies essential Cloud Security Management in a single platform:

 

Built for AWS from the ground up

  • IDS for the cloud
  • Shared responsibility model
  • Elastic scalability

 

PCI Compliance

  • A cloud-native approach to security monitoring to satisfy PCI DSS requirements
  • Monitors the control plane to ensure correct configuration of exposed services

 

Threat Detection and Intelligence

  • Zartek Global Labs team
  • The power of OTX
  • Correlation directives

 

Built for AWS from the Ground Up

In traditional environments, the network provides a common chokepoint to monitor your environment, a feature that isn’t typically available in the cloud. However, to our advantage, in AWS, the network infrastructure is largely abstracted away.

Beyond simply providing viable alternatives for the core IDS use cases, AWS also presents a new opportunity for you to improve the monitoring you have done in the past. When you consider AWS IDS implementation, there is a new chokepoint (similar to the network layer in the past) that you can take advantage of the control plane.

In software-defined networking (SDN) the data and control plane is decoupled. This allows programmatic access to the control plane and as a result, makes network administration much more flexible.

USM’s AWS IDS leverages the control plane, giving you full visibility into every operation that is going on in your ‘data center’. This allows you to answer important questions such as:

  • Which employee has accessed my environment? Was it really them?
  • Are all of my machines sending me their operational logs for analysis?
  • I am about to spin up a new machine. Can I automatically provision it into my security monitoring system?
  • Has the CPU spiked on any of my machines in the last hour?
  • Who set up this server?

 

PCI Compliance

Often the drive for AWS intrusion detection is to meet the requirements of regulatory compliance – in particular PCI DSS Requirement 11.4

Requirement number 11.4 states: “Use intrusion detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network. Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises.”

The AWS IDS functionality within Zartek Global USM for AWS helps you attain PCI compliance with analysis of log data of publicly exposed services to monitor attacks. This visibility, combined with the analysis of the OS-level logs, makes detection of malware possible.

 

Threat Detection and Intelligence

Zartek Global USM for AWS provides its customers with AWS IDS that includes the best threat detection and response capabilities. This is powered by expert threat intelligence generated by the Zartek Global Labs team.

The Zartek Global Labs research is supplemented with data from our Open Threat Exchange™ (OTX) which is the largest and most authoritative crowd-sourced threat intelligence exchange globally.

Threat Intelligence updates are published regularly by the Zartek Global Labs team to the USM for AWS platform in the form of:

  • Correlation directives
  • Vulnerability signatures
  • Asset discovery signatures
  • Incident response templates

Take Control of Your Clouds Security Monitoring,
Management and Risks

If you have adopted cloud services, you have a significant amount of valuable data in the cloud. An AWS SIEM gives you visibility into what is occurring in order to ensure its security.

Zartek Global USM™ for AWS is an AWS-native platform with full SIEM capabilities including:

  • CloudTrail Monitoring and Alerting
  • Event Correlation
  • Log Management (elastically scalable and searchable) including S3 and ELB access log monitoring and alerting

Zartek Global USM for AWS unifies essential cloud security management in a single platform:

 

Purpose-built for AWS

  • Shared responsibility model
  • Elastic scalability
  • Amazon infrastructure assessment

 

Cloud SIEM

  • CloudTrail monitoring & alerting
  • S3 Access Log Monitoring & alerting
  • Event Correlation

 

Integrated Threat Intelligence

  • Zartek Global Labs team
  • The power of OTX
  • Correlation directives

 

Purpose-built for AWS

Although security principles remain the same across different platforms, cloud security solutions need to be able to operate efficiently. This is why Zartek Global built its AWS SIEM from the ground up specifically for the Amazon ‘shared-responsibility’ security model to address cloud security issues.

Zartek Global USM for AWS allows you to scale your SIEM detection and response capabilities horizontally as your environment changes. Preconfigured CloudFormation templates simplify provisioning, allowing you to replicate the services you need as your environment scales.

Unlike managed services that export your event data to their environment to manage, Zartek Global USM for AWS allows you to have full control over your event data.

 

AWS SIEM in the Cloud

In order to stay on top of cloud security issues, it’s important to understand what activities are taking place in your AWS environment and identify malicious activity. Traditional security solutions will often lack the ability to monitor cloud-specific logs and events.

Zartek Global USM for AWS performs automated event correlation and alerting on data from the CloudTrail service, enabling you to correlate events and eliminate manual data analysis to detect actions such as:

  • Suspicious instance creation
  • New user creation
  • Security group modification

Zartek Global USM for AWS also automatically analyzes any Simple Storage Service (S3) and Elastic Load Balancer (ELB) access logs tracked in your environment. This provides analytics and identifies and alerts on abuse patterns, giving insight into your cloud security issues.

 

Threat Detection and Intelligence

Zartek Global Labs threat research team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They also leverage the power of Zartek Global Open Threat Exchange™ (OTX), the world’s largest community-powered repository of threat data, to provide global insight into attack trends and bad actors.

We embed this expertise in the threat intelligence we deliver to the AWS SIEM platform. The integrated threat intelligence enables you to detect the latest threats and misconfigurations, as well as instruct you on how to mitigate the threats quickly and effectively.

The Zartek Global Labs team regularly publishes threat intelligence updates to the USM for AWS platform in the form:

  • Correlation directives
  • Vulnerability audits
  • Asset discovery signatures
  • IP reputation data
  • Report templates

Managing Security in the Cloud Has Never Been Easier

Everything You Need to Secure Your AWS Environment

As organizations of every size are adopting cloud solutions, attackers have followed suit. AWS accounts are targeted because of the lack of visibility organizations often have into their cloud infrastructure.

Zartek Global USM™ for AWS is a unified security platform providing threat detection, vulnerability assessment, incident response, and compliance management for AWS environments.

Security benefits of Zartek Global USM for AWS include:

  • Detect and prevent theft of compute power from compromised accounts for purposes like Bitcoin mining.
  • Prevent compromised accounts to store data exfiltrated from other victims such as credit card information, electronic health records and the like.
  • Identify where AWS resources are being used for ‘shadow IT’ purposes.

Zartek Global USM for AWS unifies essential cloud security management tools in a single platform:

 

Purpose-built for AWS

  • Shared responsibility model
  • Elastic scalability
  • AWS infrastructure assessment
  • Authenticated vulnerability assessment

 

Cloud Security Monitoring

  • CloudTrail monitoring & alerting
  • S3 access log monitoring & alerting
  • ELB access log monitoring

 

Threat detection and intelligence

  • Zartek Global Labs team
  • The power of OTX
  • Correlation directives

 

Purpose-Built for AWS

Although security principles remain the same across different platforms, cloud security management solutions need to be able to operate efficiently. This is why Zartek Global built USM for AWS from the ground up specifically for the Amazon ‘shared-responsibility’ security model to address cloud security issues.

USM for AWS allows you to scale your threat detection and response capabilities horizontally as your environment changes. Preconfigured CloudFormation templates simplify provisioning, allowing you to replicate the services you need as your environment scales.

Automatic Asset Discovery and Vulnerability Assessment enables you to maintain an inventory of running instances and understand your points of exposure.

 

CloudTrail Monitoring

In order to stay on top of cloud security issues, it’s important to understand what activities are taking place in your AWS environment and identify malicious activity. Traditional security solutions will often lack the ability to monitor cloud-specific logs and events.

Zartek Global USM for AWS performs automated event correlation and alerting on data from the CloudTrail service, enabling you to correlate events and eliminate manual data analysis to detect actions such as:

  • Suspicious instance creation
  • New user creation
  • Security group modification

USM for AWS also automatically analyzes any Simple Storage Service (S3) and Elastic Load Balancer (ELB) access logs tracked in your environment to provide analytics. Additionally, it identifies and alerts on abuse patterns, giving insight into your cloud security issues.

 

Threat Detection and Intelligence

Zartek Global USM for AWS provides its customers with the industry-leading threat detection and response capabilities, powered by expert threat intelligence generated by the Zartek Global Labs team.

Data from Zartek Global Open Threat Exchange™ (OTX) supplements the Zartek Global Labs research. OTX is the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data.

To overcome cloud security issues, the Zartek Global Labs team regularly publishes Threat Intelligence updates to the USM for AWS platform in the form of:

  • Correlation directives
  • Vulnerability audits
  • Asset discovery signatures
  • IP reputation data
  • Report templates