Delta Risk has announced new capabilities that provide comprehensive visibility into communications to and from application running on Amazon Virtual Private Clouds, allowing DevOps and security teams to better and more quickly detect threats. The new VPC Flow Log Visualization technology is available through the Delta Risk ActiveEye security platform, making it easier to get real-time insights into IP traffic going to and from VPXs, networks, and the internet. This allows users to identify rsiky misconfigurations, investigate erros, and detect potential threats more efficiently.
Development teams are constantly deploying new apps using Amazon VPCs. This enables them to deliver services securely and cost-effectively via private clouds hosted on the AWS Cloud. As they deploy these apps, its often difficul to see what apps are running in the environment and how traffic is flowing within the network and out to the internet.
ActiveEye VPC Flow Log Visualization allows visibility into what applications are running in an Amazon VPC, how traffic is moving between hosts, and which hosts are directly communicating with the public internet. Whereas native AWS tools enable users to capture traffic going to and from network interfaces, each with a unique log stream which can make it hard to use the data effictively for security monitoring. ActiveEye’s Flow Log Visualization gives real-time insights into traffic without the need to set up and configure multiple AWS capabilities
“Most organizations don’t have the benefit of having a security team well-versed in securing workloads in new cloud infrastructure like AWS, let alone the ability to staff it 24×7,” says John Hawley, Vice President of Product Strategy. “Delta Risk provides a SOC-as-a-Service capability via our ActiveEye platform to co-manage security. This enables us to monitor the entire application environment – including AWS-based workloads – around the clock.”
More from the press release:
- AWS Configuration Assessment – This validates the current configuration in each AWS Account against best practices as well as Center for Internet Security (CIS) Benchmarks. Continuous validation ensures development teams have the guardrails they need to deploy applications securely. With automated policy checks, DevOps teams can get Slack alerts if newly deployed resources violate security policies.
- AWS CloudTrail Log Analysis and Storage – Continuous review of CloudTrail administration activity identifies actions that violate security best practices. Daily or weekly reports can be delivered via email to summarize security group updates, new users created, or resources added. All activity data is available for real-time analysis for 90 days and stored for one to seven years for forensic and compliance purposes.
- AWS GuardDuty Analysis and Aggregation – A consolidated view of all GuardDuty alerts in a single console eases the workload for security teams. The ability to view related configuration updates, CloudTrail administration activity, and VPC Flow Logs in that same console dramatically reduces the time required to investigate anomalies.