By Gui Alvarenga, Product Marketing Manager, published Dec 4, 2019
It’s an exciting start of the week so far at AWS reinvent, especially with the announcement of Amazon’s new incident investigation and threat hunting tool, Amazon Detective. But what’s more exciting for me is Checkpoint’s better-together story, with integration of CloudGuard Log.ic and Amazon Detective.
Cyber-attacks have affected nearly everyone across the globe, be it educational institutes, hospitals, banks, or consumer products. More alarmingly is how sophisticated these attacked have become over time.
Most importantly, the cloud has been at the center of some of these attacks, be it exfiltration of sensitive information, Personally Identifiable Information (PII), or hijacking of compute for crypto mining. These upsurges in cybersecurity attacks have made the monitoring of adversary attacks as well anomalous behavior even more challenging. Incident response, as well as threat hunting in the cloud is a needle in the hay stack exercise – there is just some much data to investigate, that by the time indicators of compromise (IoC) or Indicators of Attack (IoA) are found, the adversely is long gone. According to a recent IBM Security Report, conducted by Ponemon Institute, the average time it takes to detect a cybersecurity incident in 2019 is 206 days, and an additional 73 days to contain a breach, if one occurs.It’s no wonder that it is now considered crucial to have real-time cloud security monitoring, as well as a complete cloud security solution.
This is why CheckPoint believes integrating Check Point CloudGuard Log.ic with Amazon Detective is so important. With this integration customers benefit from real-time cloud monitoring, cloud security analytics, real-time alerts, and security visualization of the entire Amazon AWS cloud environment.
Amazon Detective, a security service from Amazon Web Services (AWS) is designed to easily analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. CloudGuard Log.ic will complement Amazon Detective by delivering cloud security intelligence, analytics, and simplified visualization of potential security incidents to customers.
CheckPoint CloudGuard Log.ic defends against the most advanced Cyberattacks:
Noticeably, the recent advanced cyberattacks attacks are more dangerous as they spread at a rapid pace and evade conventional detection-based defenses. These multi-vector, large scale, attacks are designed to affect information technology infrastructure’s multiple components.
Similar to other cybersecurity solutions, Check Point CloudGuard Log.ic is geared towards preventing and protecting users from those multi-vector attacks. It utilizes cloud security analytics and the world’s biggest threat intelligence feed for detecting anomalies, quarantine threats, and alerts.
Additionally, CloudGuard Log.ic delivers advanced security intelligence with the inclusion of cloud intrusion detection, network traffic visualization, and cloud security monitoring and analytics. It allows completely visible contextualized logs into ephemeral assets as well as security posture awareness.
Its object-mapping algorithms join together the cloud inventory and configuration information with real-time data monitoring from various sources, including Amazon AWS security and service solutions.
As a result, it offers rich contextualized info, simplified and improved visualization, querying, deep event correlation, intrusion alerts and, policy violation’s notifications.
This way, it enhances Security Operation Centers (SOC) with comprehensive and relevant cloud security intelligence for more efficient and faster incident response time.
The Benefits of Check Point CloudGuard Log.ic’s integration With Amazon Detective:
Adding CloudGuard Log.ic to Amazon Detective offers customers a variety of benefits, such as:
- Customers will be able to receive threat hunting alerts from CloudGuard Log.ic, while gaining simplified visualization, cloud security analytics and cloud security intelligence from CloudGuard Log.ic.
- The automated machine learning capabilities of Check Point CloudGuard Log.ic enables Amazon Detective to gain important alerts on cloud traffic violations and compliance issues. This helps provide context for enriching the value delivered to users.
- It will help in reducing incident response times significantly by representing a meaningful context of your security posture and a cloud attack surface graphically.
- Scaling investigation findings of security via simplified visualization will become possible for the customers, which will further improve the incident response time significantly.
- Customers will also be able to accelerate the detection of some of the cloud’s most serious security problems. Moreover this method of collaboration leverages machine learning for helping incident responders bring meaningful and rapid logic to a possible threat in their cloud environment.
- It will alert a security professional from the abnormal behavior by an adversary, looking to exfiltrate sensitive data let’s say from an Amazon Simple Storage Service (Amazon S3) bucket. Additionally, it will also remediate the issue via the required security controls immediately.
- CloudGuard Log.ic allows completely visible contextualized logs into ephemeral assets as well as security posture awareness.
By integrating CloudGuard Log.ic with Amazon Detective, Check Point’s AWS cloud security solution has improved incident response times drastically due to the rich contextualized information, deep event correlation, enhanced and simplified visualization, to name a few.