AWS re:Invent 2018: American cybersecurity firm Palo Alto Networks said that it is integrating RedLock and VM-Series with AWS Security Hub. AWS Security Hub has been launched to provide users with a comprehensive view of their high-priority security alerts and compliance status by aggregating, organizing and prioritizing alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other APN security offerings.
The findings are then visually summarized on integrated dashboards with actionable graphs and tables. Our joint customers can use these collaborative efforts to help verify that their applications and data are secure.
Palo Alto Networks said it helps organizations confidently move their applications and data to AWS with inline, API-based and host-based protection technologies that work together to minimize risk of data loss and business disruption. Building on native AWS security capabilities, these protection technologies integrate into the cloud application development lifecycle, making cloud security friction-less for development, security and compliance teams.
The company asserted that RedLock by Palo Alto Networks further protects AWS deployments with cloud security analytics, advanced threat detection and compliance monitoring. RedLock continuously collects and correlates log data and configuration information from AWS Config, AWS CloudTrail, Amazon Virtual Private Cloud (Amazon VPC) flow logs, AWS Inspector and Amazon GuardDuty to uncover and send security and compliance alerts to the AWS Security Hub console.
The company said that the RedLock integration with AWS Security Hub provides additional context and centralized visibility into cloud security risks, allowing customers to gain actionable insights, identify cloud threats, reduce risk and remediate incidents, without impeding DevOps
On the VM-Series next-generation firewall company said it will complement AWS security groups by first reducing the attack surface through application control policies, and then preventing threats and data exfiltration within allowed traffic. The VM-Series integration with AWS Security Hub uses an AWS Lambda function to collect threat intelligence and send it to the firewall as an automatic security policy update that blocks malicious activity. As the IP address information changes, the security policy is updated without administrative intervention.
“The Palo Alto Networks product integrations help customers verify that their users, applications, and data are secure through a single pane of glass. The RedLock integration allows customers to monitor advanced threats due to common cloud misconfigurations, stolen credentials, and malicious user and network activities, while the VM-Series integration automates policies to block malicious activity,” said Varun Badhwar, senior vice president of products and engineering for public cloud security at Palo Alto Networks.
“With more businesses moving to the cloud, it's critical that the alert data they receive provides them with actionable insights to successfully combat cyberattacks,” he added.