AWS Security Hub Extends Privileged Access Threat Analytics Capabilities with CyberArk
November 29, 2018 | Technology Partners | Edward Nunez
Today’s most disruptive cyber attacks center on controlling an organization’s high-value assets with privileged access. Numerous headlines on cloud-related breaches tied to misconfigured Amazon S3 buckets, stolen access keys and more have made it clear that privileged accounts, credentials and secrets deliver an unobstructed pathway to critical infrastructure and applications in the cloud.
CyberArk, an AWS Partner Network (APN) Advanced Technology Partner, provides industry-leading privileged access security support for the AWS community and ecosystems. With a commitment to innovation and a focus on mitigating the risks of emerging cyber threats, CyberArk empowers cloud-first organizations to fortify their security and gain a competitive edge by putting privilege at the center of their digital transformation initiatives.
Further extending this commitment, CyberArk today introduced integration with the newly unveiled AWS Security Hub and CyberArk Privileged Threat Analytics, part of the CyberArk Core Privileged Access Security Solution. This integration enables organizations to collect, detect, view, alert and respond to high-risk privileged access activity across their entire AWS environment.
Detect and Prevent Privileged Access Attacks
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status by aggregating, organizing and prioritizing alerts, or findings, from multiple AWS services such as Amazon GuardDuty, Amazon Inspector and Amazon Macie, as well as from APN security solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.
The CyberArk integration brings the benefits of Privileged Threat Analytics to the Security Hub, providing organizations with deeper, data-driven insights and enhanced detection capabilities, enabling them break the attack lifecycle quickly.
With CyberArk, AWS Security Hub customers gain:
- Unprecedented Privileged Access Analysis. By integrating seamlessly with leading SIEM solutions, CyberArk collects, analyzes and delivers enterprise-wide, real-time insights on privileged access activity to help organizations mitigate security risks linked to unauthorized access, impersonation, fraud and theft.
- Best-of-Breed Threat Detection. The CyberArk Privileged Threat Analytics engine leverages statistical modeling, machine learning, behavioral analytics and deterministic algorithms to rapidly detect malicious activity. For example, an insider who has gained access to privileged credentials or secrets can initiate seemingly legitimate privileged user sessions. CyberArk’s automated, real-time detection and alerting capabilities can quickly identify these stealthy insider attacks.
- Critical Context. CyberArk analyzes, classifies and ranks each threat finding, while providing recommended actions for remediation. This allows organizations to zero in on specific findings such as lateral movement activity. CyberArk then feeds this valuable information to the AWS Security Hub, which ingests the data using a standard findings format, then correlates information across AWS services and AWS partner tools to help organizations visualize and prioritize the most important findings (see Figure 1 below).
Figure 1. The AWS Security Hub console displaying alerts and detections forwarded by CyberArk Privileged Threat Analytics
Joint AWS and CyberArk customers can take advantage of this integration now through a subscription model. To learn more, please visit the CyberArk Marketplace.
CyberArk provides broad and deep privileged access security for organizations using AWS. In addition to this new integration with AWS Security Hub, CyberArk’s use of Amazon Machine Images (AMI) and AWS CloudFormation simplify the discovery and prioritization of privileged account risk in the cloud. Additional integrations with AWS, including automating the onboarding of credentials through integrations with Amazon CloudWatch and AWS Lambda, enable security teams to dramatically reduce the risk of unsecured credentials. To learn more about CyberArk support for the AWS community, visit https://www.cyberark.com/aws/.