CloudSOC CASB Security for Amazon Web Services - Symantec
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Solution Brief DID YOU KNOW?
In 2017:
CloudSOC CASB
Security for AWS was one of the top
5 apps used for business
enablement.
Amazon Web Services Source: Symantec 2H2017
Shadow Data Report
Personal information on
200 million US voters was
accidentally exposed in AWS.
Protect your Amazon Web Services from misconfigurations, Hackers stole personal
misuse, attacks, threats, and data loss with an industry-leading information on 57 million
customers in one incident.
cloud access security broker.
Privileged insiders stored
Are you monitoring your AWS for misconfigurations or unsanctioned instances? millions of stolen files in
corporate S3 storage.
Do you log and analyze admin and user behavior, identifying risky actions?
Do you ensure your confidential data is secure and private?
Are you safeguarding instances against malware and advanced attacks?Symantec Integrated
Cyber Defense
IaaS Security CASB API CloudSOC is an integral part
of the Symantec Integrated
Cyber Defense Platform, which
Get continuous visibility Workload Protection delivers multichannel protection
across cloud, web, email, and
and control over access CWP Security for public
endpoints—backed by the
and hybrid cloud workloads
to systems, settings, and Symantec Global Intelligence
Network, aggregated and
content based on granular distilled from Symantec
contextual event attributes products and technologies.
Customer
using multi-channel CASB Applications
functions leveraging both Data Loss Prevention
API integration and inline Industry-leading DLP helps
protect sensitive data from loss
traffic inspection. with comprehensive detection
CASB Traffic and unified policies
Malware Protection
Advanced malware defense using
reputation, machine learning,
Cloud Apps behavior analysis and virtual
CloudSOC
machine-aware sandboxing
Cloud Access Security Broker, CASB User Authentication
Dynamically adjust
authentication based on
real-time threat risks
Monitor, log, and analyze Detect and remediate risky Detect compromised accounts
user and admin activity exposures in S3 buckets with User Behavior Analytics Encryption
Information Centric Encryption
(ICE) enables end-to-end digital
Enforce access controls to Defend S3 storage from Detect and restrict misuse rights management
prevent misconfigurations advanced malware and ATPs and “Shadow” AWS instances Compliance
Verify cloud security
posture against major
compliance suitesProtect your users, data, Monitor, log, and investigate Safeguard against risky
and accounts in AWS with activity in AWS changes and privileged misuse
industry-leading security
RDS
*****
***** EC2
EBS
IaaS PaaS SaaS S3
AUTHORIZED
Admins CASB LOGS
Users
Data
CASB More
Endpoints Security SIEM
Services
Symantec CloudSOC CASB helps you protect Monitor the creation of new instances and log user and Remediate and prevent shadow AWS instances and
sanctioned and unsanctioned use of AWS with admin administrator activity across AWS Cloudtrail services unauthorized changes. Enforce access controls.
monitoring and logging, access control, configuration including EC2, EBS, S3, RDS, etc with a customizable Confirm users creating instances or making
monitoring and control, and user behavior analytics AWS dashboard. Access a complete audit trail of activ- administrative changes are authorized with change
(UBA), plus exposure analysis, DLP scanning, and ity for your AWS and other cloud services in CloudSOC management. Automate protective controls over
threat protection for S3 Buckets. Get visibility and where you can easily investigate and analyze security changes to AWS with policies to:
control over access to systems, settings, and content incidents to correlate events across cloud apps and
based on granular contextual event attributes using accounts, and discover what really happened. Get the ○○ Monitor creation and termination of instances,
multi-channel CASB functions leveraging both API big picture backed by granular detail in intuitive dash-
○○ Control uploads of sensitive data,
integration and inline traffic inspection. CloudSOC boards with powerful search and data visualizations or
enables you to detect and respond to security issues export detailed incident logs to your SIEM for analy- ○○ Restrict access based on location, endpoint
for your IaaS, PaaS, and SaaS cloud apps and infra- sis. Leverage customizable reports to provide critical attribute, or user ThreatScore™
structure, including AWS, all in one platform. insights to compliance, audit, and other stakeholders
○○ Limit permitted user actions
when a security incident occurs.
based on AD attributes
○○ Prevent DevOps from working on
unsanctioned accounts, etc.
Solution Brief | CloudSOC CASB Security for Amazon Web Services 03Detect malicious insiders Monitor and control Keep your S3 Buckets and
and compromised accounts security configurations your confidential data secure
BLOCK LIMIT
ACTIVITY ACCESS
malicious insider reckless/negligent
or suspicious admin
89 CASB
OP PHI
TRIGGER
MFA
PII PCI
compromised account
Discover attacks and malicious usage indicating Use CloudSOC to remediate and prevent data exposure Monitor S3 Bucket configurations and track sensitive
a compromised user account or malicious insider or loss by auditing and correcting public S3 Buckets data in S3 Buckets using data science powered DLP
with data science driven UBA that automatically settings. Monitor and control S3 access and requests. to automatically classify sensitive and compliance
learns normal activity patterns and identifies Detect and enforce configuration controls over related data such as Personally Identifiable
abnormal and potentially dangerous activity such unsanctioned instances or unsanctioned changes Information (PII), Payment Card Information (PCI),
as brute force attacks, repeated attempts to change to existing instances. Continuously monitor group, and Private Healthcare Information (PHI). Prevent
security settings, upload sensitive data, or terminate role, and security settings, and enforce controls future data exposures or loss with content-aware
instances. A machine-learning system automatically over configuration settings and changes that could and context-aware cloud DLP policies to track and
assigns a dynamic ThreatScore to users and compromise security. Automate configuration controls control what sensitive data can be stored, accessed,
admins to allow you to quickly detect sources and over your AWS infrastructure with policies to: and shared. Use ContentIQ™ DLP in CloudSOC
activities of concern and to automate policy-based to apply consistent DLP policies across all your
responses such as blocking further activity, limiting ○○ Block or remediate changes to security groups, cloud apps and services including AWS or leverage
access, or requiring further user authentication. integrated Symantec DLP to extend centralized
○○ Confirm that MFA is enabled for root accounts,
enterprise-wide DLP policies and workflows to AWS.
○○ Monitor creation and changes to instances and
S3 buckets,
○○ Correct misconfigurations
04Keep data private with Defend AWS storage against Always know the state of
automated encryption and advanced malware threats your security with intuitive
digital rights management dashboards and reports
Data-at-rest Data-in-motion
PCI
PHI
Streamlined
PII
Response Tools
Ensure that confidential and sensitive data stays Continuously scan S3 Bucket content to detect Easily keep track of the current state of your AWS
private by automating encryption controls using malware threats in your AWS storage. CloudSOC installation security through an intuitive user
CloudSOC policies. Set layered protections in place integrates with industry-leading Symantec threat interface that provides default and fully customiz-
to enforce DLP-driven encryption over data-at- protection to help you detect and quarantine able dashboards. Gain deep insights into AWS and
rest in AWS and transactions with sanctioned advanced malware in your AWS storage using other cloud activity through detailed pivot tables,
and unsanctioned AWS instances that contain machine learning, behavioral and static analysis, charts, and graphs. Role based access controls
data-in-motion. CloudSOC flexibility enables you file reputation insight, and virtual-machine aware provide admins just the right level of visibility
to use your preferred encryption approach—from cloud sandboxing. and control. Management, compliance officers,
Symantec Information Centric Encryption to native and other stakeholders can be kept informed
AWS encryption to third-party encryption solutions with regularly scheduled, customizable reports.
such as SafeNet by Gemalto.
Solution Brief | CloudSOC CASB Security for Amazon Web Services 05About About
CloudSOC Symantec
The Data Science Powered™ Symantec Symantec Corporation (NASDAQ: SYMC),
CloudSOC platform empowers companies the world’s leading cyber security company,
to confidently leverage cloud applications helps businesses, governments and people
and services while staying safe, secure secure their most important data wherever it
and compliant. A range of capabilities on lives. Organizations across the world look to
the CloudSOC platform deliver the full Symantec for strategic, integrated solutions to
life cycle of cloud application security, defend against sophisticated attacks across
including auditing of Shadow IT, real- endpoints, cloud and infrastructure. Likewise,
time detection of intrusions and threats, a global community of more than 50 million
protection against data loss and com- people and families rely on Symantec’s Norton
pliance violations, and investigation of suite of products for protection at home
historical account activity for post-incident and across all of their devices. Symantec
analysis. CloudSOC provides cloud access operates one of the world’s largest civilian
security broker protection for a wide cyber intelligence networks, allowing it to
range of Saas, PaaS, and IaaS solutions. see and protect against the most advanced
threats. For additional information, please
go.symantec.com/casb visit www.symantec.com or connect with
us on Facebook, Twitter, and LinkedIn.
350 Ellis St., Mountain View, CA 94043 USA | +1 (650) 527 8000 | 1 (800) 721 3934 | www.symantec.com
Copyright ©2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
CloudSOCforAWS_en_v5cYou can also read
