2
SOLUTIONS BRIEF HOW THE FIREEYE THREAT ANALYTICS PLATFORM MONITORS AWS The FireEye Threat Analytics Platform (TAP™) helps detect malicious activity on Amazon Web Services (AWS) workloads by providing increased simplicity, accessibility, and actionability to the data and information provided by the AWS Cloud. TAP helps achieves these objectives by harnessing the data from an AWS Cloud environment and the detection capabilities prebuilt on the AWS infrastructure. SIMPLICITY Move naturally from alerting to searching to rule creation to incident response Easy onboarding of new log sources ACCESSIBILITY Flexible deployment models to suit virtually any AWS Cloud-based or hybrid-cloud infrastructure Provides a “single pane of glass” for monitoring cloud activity as well as traditional datacenter logs ACTIONABILITY Prebuilt rule packs, including one specificially for AWS Cloud, and custom rule capabilities Alerting and incident response (IR) workflow THREAT ANALYTICS PLATFORM™ SECURITY ON THE CLOUD HIGHLIGHTS Identify threats and accelerate response by layering real time FireEye intelligence over enterprise event streams Cloud-based solution requiring no infrastructure investment on AWS Rapid deployment in hours instead of months Deliver rich insight into threat actor profiles to provide context to threats targeting your organization Quickly search through billions of events with sub-second response Extensive signature sets curated by FireEye in response to emerging threats Integrate custom and/or legacy threat intelligence sources Ability to integrate custom intel and/or legacy threat intelligence Every customer deployed to a dedicated Amazon Virtual Private Cloud (Amazon VPC) to avoid data mingling

THREAT ANALYTICS PLATFORM™ · AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises,

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: THREAT ANALYTICS PLATFORM™ · AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises,

SOLUTIONS BRIEF

HOW THE FIREEYE THREAT ANALYTICS PLATFORM MONITORS AWS

The FireEye Threat Analytics Platform (TAP™) helps detect malicious activity on Amazon Web Services (AWS) workloads by providing increased simplicity, accessibility, and actionability to the data and information provided by the AWS Cloud. TAP helps achieves these objectives by harnessing the data from an AWS Cloud environment and the detection capabilities prebuilt on the AWS infrastructure.

SIMPLICITY

• Move naturally from alerting to searching to rule creation to incident response

• Easy onboarding of new log sources

ACCESSIBILITY

• Flexible deployment models to suit virtually any AWS Cloud-based or hybrid-cloud infrastructure

• Provides a “single pane of glass” for monitoring cloud activity as well as traditional datacenter logs

ACTIONABILITY

• Prebuilt rule packs, including one specificially for AWS Cloud, and custom rule capabilities

• Alerting and incident response (IR) workflow

THREAT ANALYTICS PLATFORM™SECURITY ON THE CLOUD

HIGHLIGHTS

• Identify threats and accelerate response by layering real time FireEye intelligence over enterprise event streams

• Cloud-based solution requiring no infrastructure investment on AWS

• Rapid deployment in hours instead of months

• Deliver rich insight into threat actor profiles to provide context to threats targeting your organization

• Quickly search through billions of events with sub-second response

• Extensive signature sets curated by FireEye in response to emerging threats

• Integrate custom and/or legacy threat intelligence sources

• Ability to integrate custom intel and/or legacy threat intelligence

• Every customer deployed to a dedicated Amazon Virtual Private Cloud (Amazon VPC) to avoid data mingling

Page 2: THREAT ANALYTICS PLATFORM™ · AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises,

SOLUTIONS BRIEF / THREAT ANALY TIC S PL ATFORM™

INCREASING WORKLOAD VISIBILITY

TAP helps ensure logging best practices, providing a secure manner for log ingestion, where nearly sixty pre-built rules can monitor and alert based on malicious activities or misconfiguration that could provide an opportunity for a malicious actor to gain access to an account.

TAP helps detect malicious activity on cloud workloads by providing increased simplicity, accessibility, and actionability.

SAMPLE USE CASE: Company A works heavily with third party vendors and needs to to quickly determine the actions taken by each vendor.

To meet compliance requirements, Company A needs to maintain records of all actions taken by third party vendors inside of their AWS workloads. The third party vendors use cross-account roles to perform various business related tasks. By leveraging TAP, the customer is able to quickly determine what actions are being taken by which vendors. The customer can then create rules to alert on any attempts made to exceed allowed permissions via an assumed role or access AWS from an unauthorized location.

© 2016 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. SB.TAP.EN-US.072016

For more information on FireEye, visit:www.FireEye.com

ABOUT AWS For 10 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 70 fully featured services for compute, storage, databases, analytics, mobile, Internet of Things (IoT) and enterprise applications from 33 Availability Zones (AZs) across 12 geographic regions in the U.S., Australia, Brazil, China, Germany, Ireland, Japan, Korea, and Singapore. AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit http://aws.amazon.com.

FireEye, Inc. 1440 McCarthy Blvd. Milpitas, CA 95035 408.321.6300 / 877.FIREEYE (347.3393) / [email protected]

www.FireEye.com

ANALYST

SIMPLESTORAGE (S3)

CUSTOMER CLOUD CLOUD

ELASTICCOMPUTE (EC2)

TAP CB

ELASTIC LOADBALANCING(ELB)

CLOUD TRAIL

CLOUDWATCH

DEDICATED VPC

Intelligence

Rules

AnalyticsALERT!

REPORTS

ALERT!

INCIDENT #023

SEARCHEvent Index

USER INTERFACE

CLOUDFRONT