What is AWS Monitoring?
Monitoring cloud-based infrastructure for potential security threats presents unique challenges. When infrastructure is located in a cloud, such as AWS, it does not have all the same attributes associated with on-premises hardware. AWS does provide two means (CloudTrail and CloudWatch) of collecting additional data about the activity associated with a cloud-based environment. CloudTrail and CloudWatch can provide the raw data to identify suspicious activity. While these services provide data, it can be overwhelming and difficult to dig through the raw data to find actionable intelligence.
Why Does AWS Monitoring Matter?
AWS infrastructure can include a wide range of assets and data. Elastic Computing Cloud (EC2) instances can host massive quantities of data and applications that may be targeted by cyber attackers. To ensure the security of your cloud-based infrastructure, it’s important to implement security best practices, including continuous security monitoring.
CloudTrail is an API call monitor from AWS that provides the details of changes made to EC2 instances and security groups, including a timestamp with the IP address of the user and the specific changes made. This functionality is useful for keeping track of what changes have occurred and by whom and serves as an important security feature. Leveraging CloudTrail data in combination with other security information and event data allows organizations to monitor the AWS environment for suspicious changes or activity within the virtual infrastructure.
CloudWatch is a monitoring solution from AWS that can collect Virtual Private Cloud (VPC) flow logs to capture information about the IP traffic going to and from network interfaces in your VPC. These details can provide visibility into what information has exchanged, which is useful in identifying suspicious activity.
How Does Cygilant Help?
SOCVue Security Monitoring provides support for AWS CloudTrail and CloudWatch. SOCVue can digest data provided by CloudTrail and CloudWatch into our log management and SIEM technology, to correlate and alert on the data. Enabling you to save time and reduce the complexity associated with these raw data sources and, instead, focus on actionable information. The AWS details provide a new level of monitoring of the actual API calls being made as well as VPC flow logs, beyond the simple log data the nodes themselves might report. Cygilant’s 24x7x365 GSOC team will monitor for any anomalous activity and analyze alerts and provide remediation guidance. Tailored reports for compliance audits or executive review are available using this data.
We save our customers 100s of hours and 1000s of dollars every week, and give them peace of mind with 24x7 detection and response to security incidents and vulnerabilities. Get in touch to learn how we can help your organization be more resilient to cyberattacks and compliance mandates.