Amazon Onboarding with Learning Manager Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

Organizations face various challenges on their journey to the cloud. Some are initiating their migration of on-premises workloads, while others possess advanced cloud expertise, deploying serverless and containerized environments.

As organizations increasingly adopt Amazon Web Services (AWS), they encounter heightened risks associated with compliance, configuration vulnerabilities, and network threats. It’s crucial for businesses to be concerned not only about infrastructure setup but also about the network itself.

For example, a company could be fully compliant with regulatory standards, yet if a zero-day vulnerability is exploited or credentials for sensitive workloads are leaked on a public platform, a skilled hacker could gain easy access to critical assets.

Cisco Secure Cloud Analytics supports organizations at various maturity levels concerning compliance, risk, and network threats by delivering:

• An inventory of resources and services utilized by their AWS workloads.
• Insights into risk exposure for these workloads.
• Automated detection and notification of network threats.
• Customizable segmentation rules and alerts.

This post will delve into the integration of AWS with Secure Cloud Analytics, Cisco’s SaaS-based Network Detection (NDR) solution that monitors multi-cloud and hybrid environments for threats and policy violations, offering extensive visibility across any setting.

Additionally, you’ll see how simple it is to configure your AWS environment with Secure Cloud Analytics to start analyzing public cloud traffic for suspicious activities and other risks. Cisco Stealthwatch Cloud, an AWS Partner, is a security tool that utilizes virtual private cloud (VPC) flow logs to provide accurate and low-noise alerts.

Solution Overview

Cisco Secure Cloud Analytics adopts a multi-layered strategy to deliver a comprehensive view of your workload security posture on AWS. It leverages network telemetry as a sensor to safeguard cloud workloads.

Secure Cloud Analytics features native integrations with AWS security and networking telemetry services such as VPC Flow Logs, AWS CloudTrail, Amazon GuardDuty, AWS Identity and Access Management (IAM), AWS Config, Amazon Inspector, and AWS Lambda.

By utilizing these telemetry sources, Secure Cloud Analytics monitors the behavior of all known entities on the network over time, enabling it to identify alerts for any irregularities. This machine learning approach is termed Dynamic Entity Modeling.

Moreover, Secure Cloud Analytics taps into Cisco Talos, the world’s largest non-governmental threat intelligence organization, to provide alerts regarding interactions with known TOR (The Onion Router) gateways, malicious IPs or domains, and other recognized Indicators of Compromise (IoCs).

Secure Cloud Analytics immediately learns and evaluates your public cloud security posture, generating over 80 percent of alerts within 14 days of deployment, with the remaining alerts following shortly after. The alerts are categorized into specific roles automatically.

Using the Cyber Kill Chain and MITRE ATT&CK framework, Secure Cloud Analytics presents curated alerts that comply with industry standards. For instance, if an AWS workload that has never accessed the internet suddenly begins doing so, it will detect and alert the user.

Compatible with both on-premises and multi-cloud environments, Secure Cloud Analytics offers a unified network compliance assurance dashboard for cross-infrastructure visibility. Additionally, seamless integrations with SIEM/SOAR systems like Splunk enable SecOps teams to act swiftly and remediate security alerts and findings.

Getting Started

With just a few clicks, Secure Cloud Analytics can start reading telemetry from your AWS environment. Here’s how to set up this service within your AWS account:

1. Enable VPC Flow Logs from your AWS console in the VPCs you wish to protect.
2. Select an IAM role with permissions to publish the VPC Flow Logs to the AWS CloudWatch logs group.
3. Create an AWS cross-account IAM role featuring a policy that grants Secure Cloud Analytics least privilege access to your AWS account. The permissions policy, account ID, and external ID can be found in your Secure Cloud Analytics portal.

In your portal:

1. Add the AWS cross-account IAM role ARN in the Settings > Integrations > AWS > Credentials tab.
2. Input the VPC Flow Logs group name in Settings > Integrations > AWS > VPC Flow Logs.

What’s New

According to ESG’s 2020 whitepaper, Network Traffic Analysis (NTA): A Cybersecurity ‘Quick Win’, more than 80 percent of web traffic is now encrypted. Secure Cloud Analytics can utilize NetFlow to identify threats that may be concealed within encrypted traffic. This means that the solution can detect threats without needing to actively decrypt or inspect packets.

By using telemetry generated by networking devices such as the Cisco CSRv available on AWS Marketplace, Secure Cloud Analytics provides additional context and details based on cryptographic information and packet sequences.

Some of the core benefits of this integration include:

• Confirmed threat detection: Secure Cloud Analytics’ cloud-based machine learning engine employs various learning techniques and statistical modeling to identify malicious domains and threats globally.
• High-fidelity threat detection in encrypted traffic: Secure Cloud Analytics analyzes network behavior and detects threats, even if they are hidden in encrypted traffic. ETA examines attributes like IDP and SPLT to recognize encrypted malware.
• Cryptographic compliance: Secure Cloud Analytics offers an “Encrypted Traffic” report displaying several encryption parameters, such as protocol algorithms and message authentication codes (MAC).
• Effective threat response: The “Confirmed Threat Watchlist Hit” alert not only provides insight into the threat and affected systems but also outlines steps for remediation.

For further reading on how to become an entrepreneur, you can check out this blog post. Additionally, for insights on Amazon’s stance regarding employee return-to-office policies, visit this authority on the topic. Lastly, if you’re interested in understanding Amazon’s approach to employee training and its implications for the future of work, this is an excellent resource.