CloudSOC CASB Security for Amazon Web Services - Symantec

Page created by Ronnie Gilbert
 
CONTINUE READING
Solution Brief   DID YOU KNOW?

                                                                                                 In 2017:

CloudSOC CASB
Security for                                                                                     AWS was one of the top
                                                                                                 5 apps used for business
                                                                                                 enablement.

Amazon Web Services                                                                              Source: Symantec 2H2017
                                                                                                 Shadow Data Report

                                                                                                 Personal information on
                                                                                                 200 million US voters was
                                                                                                 accidentally exposed in AWS.

Protect your Amazon Web Services from misconfigurations,                                         Hackers stole personal

misuse, attacks, threats, and data loss with an industry-leading                                 information on 57 million
                                                                                                 customers in one incident.

cloud access security broker.
                                                                                                 Privileged insiders stored
   Are you monitoring your AWS for misconfigurations or unsanctioned instances?                  millions of stolen files in
                                                                                                 corporate S3 storage.
   Do you log and analyze admin and user behavior, identifying risky actions?

   Do you ensure your confidential data is secure and private?

   Are you safeguarding instances against malware and advanced attacks?
Symantec                                                                                                    Integrated
                                                                                                            Cyber Defense
IaaS Security                                CASB API                                                       CloudSOC is an integral part
                                                                                                            of the Symantec Integrated
                                                                                                            Cyber Defense Platform, which
Get continuous visibility                                                      Workload Protection          delivers multichannel protection
                                                                                                            across cloud, web, email, and
and control over access                                                        CWP Security for public
                                                                                                            endpoints—backed by the
                                                                               and hybrid cloud workloads
to systems, settings, and                                                                                   Symantec Global Intelligence
                                                                                                            Network, aggregated and
content based on granular                                                                                   distilled from Symantec
contextual event attributes                                                                                 products and technologies.
                                                        Customer
using multi-channel CASB                                Applications
functions leveraging both                                                                                   Data Loss Prevention
API integration and inline                                                                                  Industry-leading DLP helps
                                                                                                            protect sensitive data from loss
traffic inspection.                                                                                         with comprehensive detection
                                              CASB Traffic                                                  and unified policies

                                                                                                            Malware Protection
                                                                                                            Advanced malware defense using
                                                                                                            reputation, machine learning,
                                                                                       Cloud Apps           behavior analysis and virtual

CloudSOC
                                                                                                            machine-aware sandboxing

Cloud Access Security Broker, CASB                                                                          User Authentication
                                                                                                            Dynamically adjust
                                                                                                            authentication based on
                                                                                                            real-time threat risks
Monitor, log, and analyze            Detect and remediate risky        Detect compromised accounts
user and admin activity              exposures in S3 buckets           with User Behavior Analytics         Encryption
                                                                                                            Information Centric Encryption
                                                                                                            (ICE) enables end-to-end digital
Enforce access controls to           Defend S3 storage from            Detect and restrict misuse           rights management
prevent misconfigurations            advanced malware and ATPs         and “Shadow” AWS instances           Compliance
                                                                                                            Verify cloud security
                                                                                                            posture against major
                                                                                                            compliance suites
Protect your users, data,                                 Monitor, log, and investigate                              Safeguard against risky
        and accounts in AWS with                                  activity in AWS                                            changes and privileged misuse
        industry-leading security

                                                                                                  RDS
                                                   *****
                                                   *****                                    EC2
                                                                                      EBS
              IaaS             PaaS               SaaS                          S3
                                                                                                                                    AUTHORIZED
  Admins                                                                                       CASB           LOGS

   Users
                                                           Data

                              CASB                More
Endpoints                                         Security                                                    SIEM
                                                  Services

        Symantec CloudSOC CASB helps you protect                  Monitor the creation of new instances and log user and     Remediate and prevent shadow AWS instances and
        sanctioned and unsanctioned use of AWS with admin         administrator activity across AWS Cloudtrail services      unauthorized changes. Enforce access controls.
        monitoring and logging, access control, configuration     including EC2, EBS, S3, RDS, etc with a customizable       Confirm users creating instances or making
        monitoring and control, and user behavior analytics       AWS dashboard. Access a complete audit trail of activ-     administrative changes are authorized with change
        (UBA), plus exposure analysis, DLP scanning, and          ity for your AWS and other cloud services in CloudSOC      management. Automate protective controls over
        threat protection for S3 Buckets. Get visibility and      where you can easily investigate and analyze security      changes to AWS with policies to:
        control over access to systems, settings, and content     incidents to correlate events across cloud apps and
        based on granular contextual event attributes using       accounts, and discover what really happened. Get the         ○○ Monitor creation and termination of instances,
        multi-channel CASB functions leveraging both API          big picture backed by granular detail in intuitive dash-
                                                                                                                               ○○ Control uploads of sensitive data,
        integration and inline traffic inspection. CloudSOC       boards with powerful search and data visualizations or
        enables you to detect and respond to security issues      export detailed incident logs to your SIEM for analy-        ○○ Restrict access based on location, endpoint
        for your IaaS, PaaS, and SaaS cloud apps and infra-       sis. Leverage customizable reports to provide critical          attribute, or user ThreatScore™
        structure, including AWS, all in one platform.            insights to compliance, audit, and other stakeholders
                                                                                                                               ○○ Limit permitted user actions
                                                                  when a security incident occurs.
                                                                                                                                  based on AD attributes

                                                                                                                               ○○ Prevent DevOps from working on
                                                                                                                                  unsanctioned accounts, etc.

            Solution Brief | CloudSOC CASB Security for Amazon Web Services                                                                                                     03
Detect malicious insiders                                     Monitor and control                                     Keep your S3 Buckets and
 and compromised accounts                                      security configurations                                 your confidential data secure

             BLOCK                            LIMIT
             ACTIVITY                         ACCESS

        malicious insider                reckless/negligent
                                         or suspicious admin

89                                                                                              CASB
                                                                                                 OP                                           PHI

                                               TRIGGER
                                               MFA
                                                                                                                                   PII                    PCI
               compromised account

 Discover attacks and malicious usage indicating               Use CloudSOC to remediate and prevent data exposure     Monitor S3 Bucket configurations and track sensitive
 a compromised user account or malicious insider               or loss by auditing and correcting public S3 Buckets    data in S3 Buckets using data science powered DLP
 with data science driven UBA that automatically               settings. Monitor and control S3 access and requests.   to automatically classify sensitive and compliance
 learns normal activity patterns and identifies                Detect and enforce configuration controls over          related data such as Personally Identifiable
 abnormal and potentially dangerous activity such              unsanctioned instances or unsanctioned changes          Information (PII), Payment Card Information (PCI),
 as brute force attacks, repeated attempts to change           to existing instances. Continuously monitor group,      and Private Healthcare Information (PHI). Prevent
 security settings, upload sensitive data, or terminate        role, and security settings, and enforce controls       future data exposures or loss with content-aware
 instances. A machine-learning system automatically            over configuration settings and changes that could      and context-aware cloud DLP policies to track and
 assigns a dynamic ThreatScore to users and                    compromise security. Automate configuration controls    control what sensitive data can be stored, accessed,
 admins to allow you to quickly detect sources and             over your AWS infrastructure with policies to:          and shared. Use ContentIQ™ DLP in CloudSOC
 activities of concern and to automate policy-based                                                                    to apply consistent DLP policies across all your
 responses such as blocking further activity, limiting           ○○ Block or remediate changes to security groups,     cloud apps and services including AWS or leverage
 access, or requiring further user authentication.                                                                     integrated Symantec DLP to extend centralized
                                                                 ○○ Confirm that MFA is enabled for root accounts,
                                                                                                                       enterprise-wide DLP policies and workflows to AWS.
                                                                 ○○ Monitor creation and changes to instances and
                                                                    S3 buckets,

                                                                 ○○ Correct misconfigurations

                                                                                                                                                                04
Keep data private with                                Defend AWS storage against                           Always know the state of
automated encryption and                              advanced malware threats                             your security with intuitive
digital rights management                                                                                  dashboards and reports

  Data-at-rest                      Data-in-motion

               PCI
                                       PHI

                                                                                                                                            Streamlined
                 PII
                                                                                                                                            Response Tools

Ensure that confidential and sensitive data stays     Continuously scan S3 Bucket content to detect        Easily keep track of the current state of your AWS
private by automating encryption controls using       malware threats in your AWS storage. CloudSOC        installation security through an intuitive user
CloudSOC policies. Set layered protections in place   integrates with industry-leading Symantec threat     interface that provides default and fully customiz-
to enforce DLP-driven encryption over data-at-        protection to help you detect and quarantine         able dashboards. Gain deep insights into AWS and
rest in AWS and transactions with sanctioned          advanced malware in your AWS storage using           other cloud activity through detailed pivot tables,
and unsanctioned AWS instances that contain           machine learning, behavioral and static analysis,    charts, and graphs. Role based access controls
data-in-motion. CloudSOC flexibility enables you      file reputation insight, and virtual-machine aware   provide admins just the right level of visibility
to use your preferred encryption approach—from        cloud sandboxing.                                    and control. Management, compliance officers,
Symantec Information Centric Encryption to native                                                          and other stakeholders can be kept informed
AWS encryption to third-party encryption solutions                                                         with regularly scheduled, customizable reports.
such as SafeNet by Gemalto.

Solution Brief | CloudSOC CASB Security for Amazon Web Services                                                                                              05
About                                                               About
CloudSOC                                                            Symantec
The Data Science Powered™ Symantec                                  Symantec Corporation (NASDAQ: SYMC),
CloudSOC platform empowers companies                                the world’s leading cyber security company,
to confidently leverage cloud applications                          helps businesses, governments and people
and services while staying safe, secure                             secure their most important data wherever it
and compliant. A range of capabilities on                           lives. Organizations across the world look to
the CloudSOC platform deliver the full                              Symantec for strategic, integrated solutions to
life cycle of cloud application security,                           defend against sophisticated attacks across
including auditing of Shadow IT, real-                              endpoints, cloud and infrastructure. Likewise,
time detection of intrusions and threats,                           a global community of more than 50 million
protection against data loss and com-                               people and families rely on Symantec’s Norton
pliance violations, and investigation of                            suite of products for protection at home
historical account activity for post-incident                       and across all of their devices. Symantec
analysis. CloudSOC provides cloud access                            operates one of the world’s largest civilian
security broker protection for a wide                               cyber intelligence networks, allowing it to
range of Saas, PaaS, and IaaS solutions.                            see and protect against the most advanced
                                                                    threats. For additional information, please
go.symantec.com/casb                                                visit www.symantec.com or connect with
                                                                    us on Facebook, Twitter, and LinkedIn.

350 Ellis St., Mountain View, CA 94043 USA | +1 (650) 527 8000 | 1 (800) 721 3934 | www.symantec.com

Copyright ©2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
CloudSOCforAWS_en_v5c
You can also read