Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions

Organizations are migrating an increasing amount of their infrastructure into the cloud. The cloud provides organizations with a number of benefits like greater scalability, improved reliability and faster time to value. However, these potential benefits can be offset if security is an afterthought. Cloud providers offer customers a baseline level of security, but a healthy security posture across the entire enterprise application stack requires monitoring and detecting threats beyond baseline infrastructure. 

Providers such as AWS, Azure and Google Cloud have added security capabilities either for free or through easily accessible premium services. Features typically support workload security, network security policies, IAM integration, data encryption and more. While some customers can achieve better security outcomes using what’s natively provided, others require additional third-party functionality. This functionality can provide security consistency across environments, and address more specific use cases, such as industry-specific compliance mandates.

We’ll use Amazon Web Services (AWS) as an example. Here are some AWS monitoring tools that can generate security relevant alerts:

1. GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in AWS.

2. Macie

Amazon Macie automates the discovery of sensitive data at scale and lowers the cost of protecting your data. Macie automatically provides an inventory of Amazon S3 buckets and applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data.

3. Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities and produces a detailed list of security findings prioritized by level of severity.

4. Security Hub

Amazon Security Hub gives you a single place that aggregates, organizes and prioritizes your security alerts, from multiple AWS services like the ones listed above. AWS Security Hub continuously monitors your environment using automated security checks based on the AWS best practices and industry standards that your organization follows. 

How can these tools be an integral part of your security monitoring? That’s where Splunk can help. Splunk is a flexible platform that allows you to gain visibility into your highest priority security concerns. Splunk Enterprise Security (ES) delivers an end-to-end view of an organizations’ security posture, consolidating your analysis of on-premises data and security events from AWS accounts into a single view. Splunk Phantom orchestrates and automates your response to threats, helping your team work smarter, respond faster, and strengthen your defenses. Together, AWS and the Splunk security ecosystem help teams create consistent and automated mitigation processes.

In the webinar "Analytics based investigation and automated response with AWS + Splunk Security Solutions," we’ll walk you through how AWS and these Splunk products work together to help you strengthen your security posture and defend against threats to your environment.

Olivia Courtney
Posted by

Olivia Courtney

As a proud member of the Gator Nation (Go Gators), Olivia graduated from the University of Florida with a degree in Telecommunication News and Broadcasting. From there, she moved to the Big Apple with a TV production job at The Today Show! Three years later, she thought "why not?" move to California, and discovered Splunk. Olivia started on the Global Event Marketing team learning the ins & outs of the tech world, where she fell in love with Security. Now, she's using her creative production skills to help her awesome team get Splunk's Security Product messaging out to the world.


Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions

Show All Tags
Show Less Tags

Join the Discussion