Logz.io recently obtained the Amazon Web Services (AWS) Security Competency for our Cloud SIEM. We are thrilled to support the re-launch of the AWS Security Competency, as clearly the only way to combat today’s cybersecurity challenges is to modernize your analytics platform to respond to today’s evolving threat landscape.
To that end, Logz.io continues to build capabilities that enable security teams to ingest and analyze data from a wide array of AWS services. These advancements include improved content around AWS CloudTrail, AWS GuardDuty, and AWS WAF, along with expanded support for AWS Security Hub. These integrations, combined with dedicated alerting, and supporting content, further enable today’s organizations to securely migrate to the cloud while collecting and correlating traditional data sources with cloud data.
Modern teams are evolving in the ways they manage networking. Many have shifted from networks with heavy amounts of segmentation using firewalls between those segments into the use of overlay technologies. These are commonly executed in the form of cloud technologies such as AWS VPC, SASE solutions, and other advanced VPN technologies within cloud environments that abstract the network itself. This change has measurably increased the variance of potential data sources which need to be collected and correlated to understand an organization’s security posture.
Going Deep on Threat Detection, Response and Investigation
As an element of our work with AWS, Logz.io has been given the Threat Detection and Response designation in the re-launched Security Competency program. This designation fits our strategy due to our ability to pinpoint security issues and quickly respond to those issues. By integrating with security automation tools, detection can be automatically blocked or actioned, leveraging both AWS services and popular 3rd party services. Compliance in cloud environments is increasingly difficult, and measuring and managing risk is harder than ever. Advanced Threat Detection and Response has a significant role to play in moving the needle, and SIEM remains a critical element of that ecosystem.
Logz.io Cloud SIEM not only ingests data from most AWS services, but we also enrich the data with metadata related to the involved AWS account. This includes standard and custom tagging to make data analysis, search, and correlation easier. For example: As a user you can query for security events on all instances and services within a given region, such as AWS us-east-2.
The variance and challenge of security attacks continues to increase, as always, with more sophisticated ransomware gangs that target network and configuration vulnerabilities causing countless headaches these days. Logic dictates that this will continue to become a bigger problem, and cloud security solutions like Logz.io Cloud SIEM directly enable SOC teams to understand the complete attack surface to respond to threat actors as quickly as possible. Accurately correlating AWS services with other technologies in the environment is the key to enabling security visibility across cloud services.
By gaining even greater recognition from AWS, we expect that larger numbers of organizations will embrace Logz.io Cloud SIEM’s proven approach in meeting the specific needs of today’s cloud security teams. This complements our commitment to compliance and security, furthering our standing as SOC-2 Type 2, PCI Level 1, HIPAA Ready, ISO27001 certified, and GDPR Ready.
If your organization is facing any of these challenges and looking for a smarter, cloud native alternative, you should consider our Cloud SIEM platform by requesting a demo; we’d love the opportunity to better understand your use cases and map our capabilities to your specific requirements.
Leave a Reply