AWS Security Monitoring
Ultra-Fast Event Monitoring and Gathering
Monitoring the security events in your AWS cloud infrastructure is critical to detect and mitigate cyber threats before they lead to a major cyber incident or a data breach. We detect threats across AWS services including but not limited to:
- AWS Simple Storage Service (S3)
- AWS Elastic Compute Cloud (EC2)
- AWS Relational Database Service (RDS)
- AWS Virtual Private Cloud (VPC)
- AWS WAF
- AWS Shield Advanced
- AWS GuardDuty
- AWS CloudTrails
Customizable Data Analytics Platform
- Complete visibility of your digital infrastructure and cloud monitoring
- Compliance requirements
- Indicators of attack
- Suspicious AWS console login, such as a login from a rare location
- Permission elevation or new account created
- AWS CloudTrail logging being disabled
Customizable Data Analytics Platform
- Complete visibility of your digital infrastructure and cloud monitoring
- Compliance requirements
- Indicators of attack
- Suspicious AWS console login, such as a login from a rare location
- Permission elevation or new account created
- AWS CloudTrail logging being disabled
Use Case Scenarios
AgileBlue AWS security monitoring correlates events from AWS with data and event logs from other on-premises and cloud data sources with the intent to monitor for insider and cyber threat patterns.
Some of our use case scenarios include:
- Suspicious Amazon VPC traffic
- Anomalous API connections from an unrecognized or rare IP/geolocation or a malicious IP
- A spike in instance creation/deletion or suspicious admin activities from Amazon EC2 configuration anomalies
- Suspicious user creation, admin privilege changes, password policy changes or rare privileged activities
- Unauthorized access, spiked failed logins, a malicious IP, or a land speed anomaly