Threat Stack & Amazon Inspector: A Layered Approach for Strong Security in the Cloud

Threat Stack’s involvement at this year’s AWS re:Invent was a roaring success. The team returned to the scene where we launched out of beta just one year ago, as one of only five companies invited on stage by Amazon CTO Werner Vogels during his Start-up Launch keynote address.

This year at re:Invent, we unveiled Threat Stack Pro edition – a premium level of Threat Stack security, featuring an integration with Docker, adding to the conferences’ buzz around the rapid adoption of containers. In addition to our Docker integration, Threat Stack Pro also includes integration with AWS Cloud Trail, a full-featured API and new reporting options.

Amazon also unveiled a security offering at re:Invent – its automated security assessment service Inspector. Inspector – when used in parallel with Threat Stack’s continuous security monitoring capabilities – will help organizations running in AWS improve their security posture and ability to meet compliance requirements.

For cloud security that is in-depth and scales, users must not only build their AMIs with the latest packages and follow best practices to harden the OS, but also continuously monitor the runtime behavior of the workload to ensure operations run as they were designed and intended. This “inside-out” approach to cloud security ensures the deep visibility needed to identify insider threats and intrusions, prevent data loss and meet compliance regulations within AWS.

A layered approach to security is always better, and organizations running on AWS now have the opportunity to take advantage of the complementary capabilities of Inspector and Threat Stack. AWS users can leverage Inspector to check whether their AMIs are built the proper way, while implementing Threat Stack to take advantage of its capabilities to identify threats in real-time and build historical audit trails to meet compliance needs, without any gaps in coverage. It’s our mission to help all security-sensitive organizations running in AWS to scale with confidence.

This table details how and when to use AWS Inspector and Threat Stack to ensure maximum security coverage.

  Features   AWS Inspector   Threat Stack
  Protect Files   Conduct periodic files scans to identify mis-configurations  
Continuously monitor and track key files in real-time.

Get alerted when files are accessed or changed by unauthorized users.

Protect critical customer data, Intellectual property, passwords, credentials.

  Identify Network
Threats
  Scan for insecure network protocols.  
Find and alert on abnormal network behavior in real-time.

Continuously monitor and build audit trails on workload network activity.

  Insights Into Processes   Scans application processes for bad default settings.  
Continuously monitors, identifies and alerts on new or abnormal process 
behavior.
  Understanding User
Activity
  Scans for authentication best practices on AMI accounts.  
Continuously monitor, alert and build audit trails on all user activity.

Identify abnormal user behavior in real time to protect against zero-day and insider threats.

  How It Runs   Runs as a kernel module.  
Runs in user space.

Alerts on kernel module loads (indicator of rootkit activity).

  Real-time Alerts   N/A  
Allows users to review alerts by severity and rule.

Easily dismiss/suppress unwanted alerts.

  Cloud Trail Alerting   N/A  
Correlate host events with CloudTrail events to get real time threat alerts.

  Managed Security
  Services
  N/A  
Subscribe to Threat Stack Oversight to take advantage of our worry-free

managed security service and free

up internal resources.

  Vulnerability Scanning  
Scan installed operating system 
packages for a pre-determined list of CVEs.

 

  Examine the package information on the workload and tell the user whether there are any vulnerable packages inside them

 

To learn more about Threat Stack and AWS Inspector, and to request a demo, please visit:
http://get.threatstack.com/amazon-inspector