Credit to Author: Rich Beckett| Date: Mon, 29 Nov 2021 20:00:23 +0000
Today Amazon Web Services (AWS) launched the new Amazon Inspector, a vulnerability management service for AWS workloads. As a global leader in next-generation cybersecurity, Sophos is excited to integrate these advancements into Sophos Cloud Optix, to automate and simplify the detection and response to Amazon Inspector security findings.
Proactively identifying and mitigating security vulnerabilities and network access misconfigurations are crucial to securing your data and applications running on the AWS cloud. Examples include checking for access to your Amazon EC2 instances from the internet, remote root login being enabled, or vulnerable software versions installed. Sophos continuously scan your AWS environment, utilizing findings from a range of AWS security services including Amazon Inspector and AWS Security Hub, alongside configuration and compliance assessments with Cloud Optix to provide a single view of security best practice. Layering in firewall and workload protection solutions to proactively detect and respond to security incidents with speed and precision.
What is Amazon Inspector?
Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposures, providing customers with key benefits including:
- Consolidated Amazon Elastic Compute Cloud (Amazon EC2) and container vulnerability management with a fully managed and highly scalable service that is enabled with only a few clicks.
- Intelligent prioritization of findings using the accurate, contextual and meaningful Amazon Inspector risk score to help you target the most important vulnerabilities first.
- Reduce mean time to resolve (MTTR) vulnerabilities with automation through integration with Amazon EventBridge and AWS Security Hub.
Act on Vulnerabilities with Speed and Precision
Sophos Cloud Optix, the Sophos Cloud Security Posture Management solution, integrates Amazon Inspector findings into our single view of AWS cloud security posture, through the Sophos Central management console, extending it with workload protection and XDR.
Sophos Cloud Optix provides a clear, prioritized view of compliance and security best practice incidents, including CIS Benchmarks. Amazon Inspector vulnerability assessments are seamlessly integrated into this single view. It layers in numerous other AWS security services, such as Amazon GuardDuty, AWS CloudTrail and AWS Security Hub, IAM role anomaly detection, and workload protection agent visibility to proactively identify and prevent exposure.
“Ease of integration with our partner and customer’s systems is the true test of great security,” said Scott Barlow, Sophos vice president of global MSP and cloud alliances. “That’s why we’ve engineered Sophos Cloud Optix to integrate with Amazon Simple Notification Service, security information and event management (SIEM) solutions, widely used collaboration services, and more. Two-way integration with ticketing tools allows your teams to easily embed cloud security and compliance response into standard workflows by creating tickets from inside the Cloud Optix console for new incidents, including Amazon Inspector.”
Add Critical Context with Sophos
“We know how critical contextual data is when investigating and confidently responding to cloud security vulnerabilities incidents,” added Barlow.
Sophos is delighted to extend Amazon Inspector findings in Cloud Optix through Sophos Intercept X with XDR workload protection. This combination of Sophos protection provides telemetry from Sophos workload protection agents to add context to vulnerabilities identified by Amazon Inspector. Examples include the detection of Amazon EC2 Instances with TCP or UDP ports exposed to the internet. In this scenario, Cloud Optix, with Amazon Inspector alerts you to access vulnerabilities, and Sophos XDR allows you to quickly pivot investigations to identify the number of authentication attempts on those instances, and any successful attempts made. You can then act confidently, to remove access and prevent a breach, with Cloud Optix providing guided remediation instructions to reduce your mean time to resolve (MTTR) vulnerabilities.
Sophos 24/7 Threat Protection, Monitoring, and Response on AWS
“As an AWS Level 1 Managed Security Service Partner, we know that a proactive defense requires 24/7 monitoring and response, but for a lot of IT teams, large and small, it’s not realistic to keep a team monitoring security around the clock,” added Barlow.
This is where The Sophos threat protection, monitoring and response package comes in. Available in AWS Marketplace, the package combines cloud security posture management and compliance, firewall, cloud workload and endpoint protection; a number of AWS services; and the Sophos Managed Threat Response service to continuously monitor AWS environments, analyze and triage security events. This support helps you increase the efficiency of your security program and internal teams, pre-emptively advising you on recommended next steps and acting on your behalf, if you wish.
Learn more or speak with an expert to dive deeper on a specific topic at sophos.com/aws-mssp