Overview: Cloud Security
The AWS Marketplace offers a large variety of commercial and open source offerings to augment cloud security within the AWS ecosystem. Sumo Logic’s AWS Marketscape looks at the pros and cons of the most common cloud security tools and solutions from the Marketplace.
Cloud-hosted assets are tempting targets for attack whether they are meant to serve the public or are exclusively restricted to private corporate usage. These infiltrations can range from stealthy attacks and data exfiltration to more noticeable disruptions like a massive distributed denial of service attack (DDoS) that makes headlines.
Given that cloud-based applications are composed of elements from numerous providers, the vital job of protecting these resources is a shared responsibility that includes the cloud platform vendor, all software infrastructure providers, and the customer’s own information security team. This also means that an effective security plan will implement a “risk-based” strategy made up of multiple products and related procedures. Amazon Web Services offers cloud security solutions, and companies should also evaluate third party options to ensure security for the entire stack.
AWS Cloud Security Solutions
Amazon has done a superb job of creating an intelligent, multi-layer security architecture. It supplies protections at every level of the technology stack, such as well-defended physical facilities, a heavily secured network, and product-specific safeguards for each software service within Amazon’s cloud computing network.
Along with its own internal security procedures, AWS furnishes several specialized products designed to provide customers with more visibility and control.
- AWS Identity and Access Management (IAM). This service lets administrators create AWS users and groups. Once that’s done, they can proceed to implement policies and set permissions that either grant or deny access to Amazon-hosted resources.
- AWS Inspector. This is an automated security evaluation service that probes a customer’s AWS implementation to detect potential vulnerabilities. It leverages a built-in, constantly updated knowledge base of hundreds of proven best practices, making it a compelling part of any security strategy. Once it completes its work, it presents a list of all discovered exposures along with recommendations to rectify them.
- AWS Web Application Firewall (WAF). This helps block some of the most common web application layer attacks that can jeopardize security, hamper application availability, or consume excessive amounts of AWS resources. Administrators are free to draw from an existing database of widely adopted safeguards as well as define their own customized rules. AWS WAF also offers complete API access, making it easy to automate rule maintenance.
- AWS Key Management Service (KMS). This managed service provides administrators with the tooling necessary to create and define the requisite encryption keys for authentication and encryption. AWS KMS utilizes Hardware Security Modules (HSM) as an additional mechanism to protect the private key.
AWS Cloud Security Solution Pricing
Amazon has established pricing models for each security solution:
- AWS Identity and Access Management (IAM). Leveraging this technology incurs no additional charges other than the underlying AWS resources utilized by the customer.
- AWS Inspector. Amazon imposes a minor charge for each time the agent is launched on an EC2 instance that the customer would like to be assessed.
- AWS Web Application Firewall (WAF). Outlays for this solution will be driven by the quantity of web access control lists (web ACLs) created, the number of rules defined per web ACL, and the volume of received web requests.
- AWS Key Management Service (KMS). Amazon charges a nominal amount each month for every existing customer master key (CMK), whether or not it’s actually used. There’s also a small supplementary charge for storing outmoded keys necessary to decrypt older data.
AWS Cloud Security Limitations
AWS provides vital cloud computing resources for more than one million organizations. It should come as no surprise each of these enterprises defines its own unique set of security requirements. Consequently, other than securing its physical locations and providing the tools mentioned above, there’s no way for Amazon—or any single vendor for that matter—to offer a “one size fits all” protection package.
Instead, AWS customers are free to choose “best of breed” solutions from an array of dedicated security-focused providers.
Third Party AWS Security Solutions
Safeguarding technology and the information it processes has been a principal concern from the dawn of the computing age. Today, hundreds of vendors cover every possible security angle, for on-premise assets as well as cloud computing platforms such as AWS. Solutions targeted at AWS address one or more of the following specializations:
- Network firewall. Judiciously employing these types of technologies can greatly reduce the surface area where a breach may occur.
- Endpoint security. Preventing viruses and other malware demands careful inspection of the files going to and from cloud computing assets, along with its memory stack.
- Configuration assessment. These solutions help pinpoint existing security weaknesses, and ensure that all the assets provisioned are complying with certain standards or regulations such as Security Technical Implementation Guide (STIG).
- Identity and access management. These offerings can help administrators define and maintain fine-tuned, user-based access control policies and provide ease of use with single sign on.
- Log analytics. Logs contain tremendously valuable information to identify previous security incidents and prevent future occurrences to stop attacks early in the cyber kill chain.
Third Party Security Features
|Close integration with AWS technologies||Dashboards and reporting||Real time alerts and intrusion detection|
|Full stack intrusion detection and protection||Virus and malware discovery||Integration with existing identity management solutions|
|Support for multiple network topographies||Multiple deployment options (cloud, on-premise, SaaS)||Complete API interface|
|Risk assessment tools||Configuration management and assessment||Log analysis|
Third Party AWS Security Software and Apps
|Palo Alto networks||Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility.|
|Zscaler||With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance.|
|Trend Micro||Trend Micro’s solutions protect end users on any device, optimize security for the modern data center, and secure networks against breaches from targeted attacks. This delivers top-ranked client-server, network, and cloud-based protection that stops new threats faster, detects breaches better, and protects data in physical, virtual, and cloud environments.|
|Evident.io||Evident.io was founded by security experts, engineers, and DevOps experts with the mission of creating a cloud security infrastructure that is as easy to install and use as it is rock solid. By delivering the fastest security intelligence available to cloud engineers in a friendly, consumable manner, it bridges the gap between agile and airtight.|
|Cloudcheckr||CloudCheckr is a web-based software application that enables visualizing what’s going on in Amazon Web Services deployments. It complements existing AWS service to enable deploying a comprehensive security architecture and a more seamless experience across cloud and on-premises environments.|
|Identity and Access Management|
|Okta||Okta is an integrated identity and mobility management service. Built from the ground up in the cloud, it securely and simply connects people to their applications from any device, anywhere, at anytime. Okta integrates with existing directories and identity systems, as well as thousands of on premises, cloud and mobile applications, and runs on a secure, reliable and extensively audited cloud based platform.|
|Splunk||Splunk offers makes it possible look closely at machine data and find insights that can help improve productivity, profitability, and security.|
|Sumo Logic||A machine data analytics platform designed to troubleshoot and secure modern applications using advanced analytics that contextually correlate logs and time-series metrics. At a glance, metrics graphs can help visualize quickly where potential security issues may lie, and then facilitate drilling down into the specific logs to find the specific problem and arrive at a solution.|