The allure of the cloud is indisputable. Flexibility, reliability, efficiency, scalability and cost savings are tantalizing traits for a business at any time, never mind when most have been catapulted into a colossal work-from-home experiment.
According to O’Reilly’s annual cloud adoption survey, nine out of 10 businesses now use cloud computing, with nearly half planning to migrate more than 50 percent of their applications into the cloud in the upcoming year. Amazon Web Services (AWS) is leading the pack, with a recent Vectra AI study reporting that 78% of organizations are running AWS across multiple regions, including 40% in at least three.
But the benefits of the cloud make it easy to leap headfirst without adequately acknowledging and prioritizing its dangers, especially within multi-cloud and hybrid cloud environments. Indeed, as cloud adoption increases, so will the magnitude of both malicious attacks and user errors. For example, a study by Ermetic found that 90% of AWS S3 buckets are prone to identity management and configuration errors that could permit admin-level ransomware attacks.
Thankfully public cloud services like AWS, Google Cloud Platform (GCP), and Microsoft Azure offer numerous controls for managing these threats and making compromise more difficult. However, these tools experience their optimal value when organizations accept a communal burden for security, something Amazon references as the Shared Responsibility Model. This is where a security orchestration, automation and response (SOAR) platform can step in, helping to bridge the gap between alert overload and analyst capacity, and pave the way for successful case investigations and remediation.
[A SOAR-AWS integration can help to] bridge the gap between alert overload and analyst capacity, and pave the way for successful case investigations and remediation.
At Siemplify, AWS cloud-native controls, including GuardDuty, CloudWatch, and Security Hub, conveniently integrate with the Siemplify Security Operations Platform, allowing threat responders to slash investigation times, extract valuable context-rich insights into incidents and immediately investigate and take action, such as disabling rogue instances and correcting misconfigurations.
The Siemplify platform combines security orchestration, automation and response with end-to-end security operations management to make analysts more productive, engineers more effective and managers more informed. The SOAR experience is brought to life inside the rich Siemplify Marketplace, where security professionals can access a vast array of integrations, including AWS, and ready-to-deploy use cases.
The Siemplify platform seamlessly connects to cloud threat detection technologies, as well as any on-premises tools, effectively delivering unified incident response at the speed of cloud. Additionally, Siemplify leverages AWS capabilities for monitoring and securing the environment in best of class solutions.
Siemplify customers, as well as users of the free Siemplify Community Edition, can integrate AWS within Siemplify by downloading the marketplace connector and entering AWS credentials. For more information, visit siemplify.co/marketplace.
The Siempify platform is also available on the AWS marketplace for existing AWS customers. You can find it here.
Dan Kaplan is director of content at Siemplify.