Lacework for Amazon Web Services (AWS)

Threat Detection, Compliance, and Automated Security Monitoring for AWS

AWS users understand the shared responsibility concept of cloud security, but also recognize that effective security demands more than just operating off of signatures and custom rules. Every activity within a cloud environment increases the potential for threats, and AWS users must have a solution that not only identifies changes, but understands the security context of them.

To address the agile nature of the cloud, Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in AWS and in multi cloud environments. As more organizations move their critical workloads to the cloud, there is an increasing need for a single, unified solution like Lacework that can identify, analyze, and report on misconfigurations, vulnerabilities, and behavioral anomalies in user and account behavior.

Actionable Auditing of S3 Bucket Security Configurations

  • Find potentially exposed S3 buckets configured for external access
  • Identify buckets out of compliance with the CIS Benchmark for AWS, including:
    • Use of encryption at rest and in transit
    • Only users with multi-factor authentication can delete buckets
    • Versioning to protect against deletion or overwrite
  • Get specific recommendations on how to fix violations

Audit your AWS Configuration

  • Find Identity and Access Management (IAM) vulnerabilities, including the use of “root” account, password requirements, and use of multi-factor authentication
  • Check for logging best practices, ensure AWS CloudTrail is enabled across regions, and log files validated and encrypted
  • Monitor critical account activity such as unauthorized API calls and use of the management console and the “root” account
  • Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges and checking for the use of flow logging
  • Assess your S3 settings for S3 buckets at risk

Ongoing Monitoring of Activity

  • Activity on AWS resources, such as new activity in a region, activation of new AWS services, or changes to access control lists
  • Changes to users, roles, or access policies
  • Access or customer master key tampering
  • Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results