Protecting your cloud-native applications requires keeping up with fast-paced environments on both private and public clouds. Maintaining such balance across multiple VMs, containers and serverless workloads depends heavily on Security teams, as they monitor and enforce the relevant measures for an ongoing and dynamic security. Being able to minimize operation tools while unifying relevant services might and probably will significantly increase productivity, allowing response teams to detect vulnerabilities and potential threats faster.
In this post, we will review AWS Security Hub, and how security solutions like Alcide can be easily leveraged with it.
What is AWS Security Hub?
AWS Security Hub is a single point of contact for all of your AWS management and controls of compliance and security needs. It provides a comprehensive view of high-priority security alerts and posture across AWS accounts. All relevant data is pulled from multiple instances, later to be summarized on dedicated dashboards, mainly to be used by security teams.
Security Hub aggregates, organizes and prioritizes security alerts and findings, providing continuous and automated monitoring of your environment.
How does it work?
The following diagram shows an overview of the AWS Security Hub:
As mentioned earlier, Security Hub seamlessly collects and processes all findings from various AWS services such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager.
With Security Hub, it is significantly easier to perform the necessary monitoring on a regular basis and building fast and flexible security skills.
Alcide & AWS Security Hub
Among the various supported AWS Partner Network (APN) security solutions, Alcide recently made a big entrance, with its kAudit solution - an automated analytics and forensics module that is specifically designed for detecting and identifying suspicious activity, based solely on Kubernetes’ audit logs.
kAudit fits in perfectly for the complex multi-cluster Kubernetes environments that companies build today. With an AI-based detection and prevention mechanism, Alcide kAudit provides a high-resolution network detection security layer that gives instant insights and alerts on any suspicious activity. Armed with machine learning and artificial intelligence for monitoring audit logs, kAudit continuously scans audit logs and flags any unusual or suspicious network behavior.
The Alcide Platform also provides Kubernetes security best practices and compliance checks. It allows AWS customers to determine if their Kubernetes deployments are configured correctly and whether there is any security drift between developer, testing, and production. Alcide Platform also supports threat intelligence, detecting malicious network activity such as crypto-mining, and more down to the pod level. Lastly, Alcide’s anomaly engine also detects advanced network attacks such as low-and-slow evolving network attacks and DNS tunneling.
Joining forces with AWS Security Hub enables users to leverage AWS Security Hub to fetch and investigate Kubernetes audit and security findings directly from Alcide kAudit, thus reducing efforts and saving precious time while handling with real-time security issues.
“In order to provide a comprehensive security posture assessment for each of our diverse customers, we recognize that AWS Security Hub must bring together a comprehensive set of industry-leading security AWS Partners,” said Dan Plastina, Vice President, Security Services, Amazon Web Services, Inc. for the official press-release. “Today, we’re pleased to add the Alcide Kubernetes Security Platform to the list of security integrations for AWS Security Hub.”
Audit logs are a prime way to comprehend the behavior of any cloud-native application orchestrated by Kubernetes. In addition to detecting security risks, we believe that a security solution should also be easy to understand and consumed by more than just the hard-core security experts.
By providing the most effective user experience that is offered by AWS and Alcide, companies can make their Kubernetes logs more accessible, effectively opening a new vista of security possibilities for both security professionals and the less experienced Kubernetes novices.