Tag Archive for: aws

Overcoming Cloud Security Challenges In AWS (Amazon Web Services)

As more organizations adopt AWS (Amazon Web Services) for their cloud computing needs, ensuring the security of their infrastructure becomes increasingly complex. The persistence of cybercriminals continues to pose a significant threat to organizations, with compromises becoming an inevitable aspect of modern reality. What contributes to this complexity is the current state of security responders. Many security teams are small, understaffed, and lack the skills needed to efficiently secure organizations. In this blog we take a deep dive into the best practices for securing an AWS cloud environment from the emerging landscape of threats.

Every organization has vulnerabilities in their environment; identifying where these vulnerabilities are, pinpointing how fast they can be patched, or classifying which have been previously patched can be a challenge. Organizations need to deploy a vulnerability management program within their AWS cloud environment using risk-based analysis. This ranks vulnerabilities from highest priority to lowest to help security responders understand which action to take first.

The MITRE ATT&CK framework and the Lockheed Cybersecurity kill chain are valuable resources for security responders to understand how to efficiently map their security controls to an AWS environment. In addition, security consultants at AWS or third-party organizations can help conduct gap assessments to help identify gaps in your security framework minimize the risk of compromise.

A common cause of compromise within an AWS environment is a misconfiguration of security controls or resources. AWS has a great series of security benchmarks that we recommend utilizing and applying surrounding this area. Additionally, the Center for Internet Security (CIS) benchmarks provides an in-depth overview of some key topics about Kubernetes, threat discovery in the cloud, log resources, and how to measure and monitor your security posture.

AWS has invaluable assets to successfully detect threats within their cloud. Monitoring and evaluating VPC flow logs about network traffic sources and destinations allows organizations to spot any anomalous activities from a threat actor. We know over the last few years that user identity is the focal point for cybercriminals, so understanding everything you can about users and administrators is critical. AWS Cloud Trail is a powerful tool to help document data on this by recording actions, logins, application access, user creations/deletions, and new system spin ups or downs. AWS Guard Duty collects security logs about different signature-based malware attacks, API calls, identity access management, and suspicious DNS movements. Implementing an AWS Web Application Firewall (WAF) will allow you to rely less on your IDS functionality. Every organization must have some form of endpoint protection and next generation firewall inside your environment.

The next best practice for securing your AWS cloud environment is to use a Security Information Event Monitoring (SIEM) solution. Having a 24×7 monitoring capability helps filter through massive amounts of security data to identify indicators of compromise, critical events, and reduce false positives to help security responders understand quickly what action needs to be taken. A SIEM is just part of the detection piece, and therefore you need some type of Security Orchestration, Automation and Response (SOAR) capability or open XDR to automatically respond to an event by blocking an IP address, isolating a device or resource, or suspending an account if you do not have a 24×7 response team.

Partnering with an MSSP such Proficio will help with gap coverage (staff, hours of operation, skill), elevate and enhance your security posture, and improve your Mean time to detect (MTTD), respond, and remediate threats.

In Proficio’s environment we use a ProSOC Managed Detection and Response (MDR) service which is cloud native. This service combines threat intelligence, AI-based threat hunting, and the best-in-class technologies to detect indicators of compromise quickly with comprehensive SOARs solutions.

For a detailed overview of overcoming cloud security challenges in the AWS cloud, watch our webinar with CEO, Brad Taylor.

AWS Identity Behavior Monitoring (IBM) Best Practices

Proficio Achieves Modern Compute and Identity Behavior Monitoring Specialization Distinctions in the AWS Level 1 MSSP Competency

CARLSBAD, CA – July 26, 2022 – Proficio, a leading Managed Detection and Response (MDR) service provider, announced today that it has achieved both the Modern Compute and Identity Behavior Monitoring specialization distinctions in the Amazon Web Services (AWS) Level 1 MSSP Competency. These new distinctions recognize that Proficio has successfully met both AWS’s Level 1 Managed Security Services baseline requirements and additional technical and operational requirements for providing customers with a deep level of modern computing and identity behavior monitoring security services uniquely designed for AWS environments.

AWS launched the AWS Level 1 MSSP Competency to enable customers to easily acquire ongoing security monitoring and management, validated by AWS. AWS security experts annually validate the tools used and operational processes of each MSSP address specific cloud security challenges such as continuous event monitoring, triaging, AWS service configuration best practices, and 24/7 incident response. The AWS Level 1 MSSP Competency provides a faster and easier experience for customers to select the right MSSP to help them achieve their goals for business risk and cloud strategy confidence.

Achieving the Modern Compute and Identity Behavior Monitoring specialization distinctions in the AWS Level 1 MSSP Competency differentiates Proficio as an MSSP and AWS Partner with 24/7 managed cloud security skillsets to earn the distinction of Level 1 MSSP with specialized modern compute and identity behavior monitoring services.

“Proficio is proud to achieve both the Modern Compute and Identity Behavior Monitoring specializations, in addition to our AWS Level 1 MSSP Competency status,” said Tim DeMarco, Sr. Director of Partnerships at Proficio. “These specializations continue to demonstrate the dedication of Proficio’s teams to keeping our clients’ cloud infrastructures and critical data safe. We are pleased to be one of the first to provide these capabilities for enterprise customers.”

AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise.

Proficio delivers an array of security services on AWS, including 24/7 security monitoring, incident alerting, and response capabilities from our global network of Security Operations Centers (SOCs). The company’s team of security experts help customers to reduce risk, meet their security and compliance goals and maximize the value of their AWS infrastructure. As a dedicated AWS Partner, Proficio has also joined the AWS Independent Software Vendor (ISV) Accelerate program, a recognition of the confidence and focus to collaborate in the AWS Partner co-sell program. In addition, Proficio was also a launch Partner for the MSSP solution area in AWS Marketplace.

“Proficio has been a pleasure to work with, and that is saying a lot for a tech company,” said Carlos Gomez, Director of IT, Naropa University. “I only get impactful notifications and the support team is always comprehensive in their response. Five stars!”

ABOUT PROFICIO

Founded in 2010, Proficio is an award-winning managed detection and response (MDR) service provider. We help prevent cybersecurity breaches by performing and enabling responses to attacks, compromises, and policy violations. We have been recognized in Gartner’s Market Guide for MDR services annually since 2017. Our team of experts provides 24/7 security monitoring and alerting from global security operations centers (SOCs) in San Diego, Barcelona, and Singapore.  www.proficio.com.

Contacts:
Kim Maibaum
kmaibaum@proficio.com

PROFICIO NAMED GLOBAL SECURITY OPERATIONS CENTER (SOC) TEAM OF THE YEAR

Carlsbad, Calif. – February 3, 2022 (updated February 11, 2022) – Proficio, a managed security services provider (MSSP) delivering managed detection and response (MDR) services, today announced they received 3 2022 Cybersecurity Excellence Gold awards for SOC Team of the Year, Managed Detection and Response (MDR) Provider of the Year, and AWS Cloud Security Provider of the Year. The Cybersecurity Excellence Awards honor companies that demonstrate excellence and innovation and receive acclaim from the broader cybersecurity community.

“We are honored to be named Global SOC Team of the Year,” said Carl Adasa, VP of Global SOC Operations, Proficio. “This award reflects the hard work and commitment of our security experts who provide our clients 24/7 protection from our global network of SOCs.”

Proficio’s global team of security analysts and engineers monitor security events, investigate suspicious behavior, and hunt for targeted attacks. We use an extensive library of threat discovery use cases, the MITRE ATT&CK ® framework, machine learning-based threat hunting models, and our advanced threat intelligence platform to provide superior threat detection for our clients. Proficio also offers automated response and containment services, as well as Risk-Based Vulnerability Management (RBVM) services to prioritize vulnerabilities based on the likelihood of exploitation and the criticality of the assets at risk.

ABOUT PROFICIO

Founded in 2010, Proficio is an award-winning managed detection and response (MDR) service provider. We help prevent cybersecurity breaches by performing and enabling responses to attacks, compromises, and policy violations. We have been recognized in Gartner’s Market Guide for MDR services annually since 2017. Our team of experts provides 24/7 security monitoring and alerting from global security operations centers (SOCs) in San Diego, Barcelona, and Singapore. Proficio’s cloud-native Threat Management Platform uses a combination of industry leading commercial software and proprietary technology to provide clients with advanced analytics, threat intelligence, Security Orchestration, Automation, and Response (SOAR), patented risk scoring, AI-based threat hunting, Open XDR, and Risk-Based Vulnerability Management. www.proficio.com.

Contacts:
Brock Watson
bwatson@proficio.com

Proficio Achieves AWS Level 1 Managed Security Service Provider Competency Status and Becomes an MSSP Seller in AWS Marketplace

CARLSBAD   August 24, 2021 – Proficio, a managed security services provider (MSSP) delivering managed detection and response (MDR) services, announced today that it has achieved Amazon Web Services (AWS) Level 1 Managed Security Service Provider (MSSP) Competency status. This designation recognizes that Proficio has successfully met AWS’s requirements for a baseline of managed security services to protect and monitor essential AWS resources 24/7, known as Level 1 Managed Security Services. This new baseline standard of quality for managed security services was introduced by AWS to benefit cloud environments of any size and it spans six security domains: vulnerability management, cloud security best practices and compliance, threat detection and response, network security, host and endpoint security, and application security. The six domains contain multiple MSSP services, each with technical skillset and operational process requirements specific to AWS.

AWS launched the AWS Level 1 MSSP Competency together with a dedicated MSSP solution area in AWS Marketplace to enable customers to easily acquire ongoing security monitoring and management, validated by AWS. AWS security experts annually validate the tools used and operational processes of each MSSP to address specific cloud security challenges such as continuous event monitoring, triaging, AWS service configuration best practices, and 24/7 incident response. The AWS Level 1 MSSP Competency along with the AWS Marketplace MSSP solution area provide a faster and easier experience for customers to select the right MSSP to help them achieve their goals for business risk and cloud strategy confidence.

Achieving the AWS Level 1 MSSP Competency differentiates Proficio as an MSSP and AWS Partner with essential 24/7 managed cloud security skillsets to earn the distinction of Level 1 MSSP. In addition, Proficio is also a launch Partner for the MSSP solution area in AWS Marketplace.

“Proficio is proud to be one of the first AWS Partners to achieve AWS Level 1 MSSP Competency status,” said Brad Taylor, CEO, Proficio. “Proficio’s team is dedicated to ensuring our clients keep their critical data and assets secure, which includes having the knowledge and expertise to manage industry leading cloud infrastructures.”

 

“Achieving the AWS Level 1 MSSP Competency is no small task,” said Ryan Orsi, Global Security/MSSP Practice Team Lead, AWS. “The company’s dedication to ensuring their clients are set up for success helped Proficio become one of the first to achieve this competency.”

AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise.

Proficio delivers an array of security services on AWS, including 24/7 security monitoring, incident alerting, and response capabilities from our global network of Security Operations Centers (SOCs). The company’s team of security experts help customers to reduce risk, meet their security and compliance goals and maximize the value of their AWS infrastructure. As a dedicated AWS Partner, Proficio has also joined the AWS Independent Software Vendor (ISV) Accelerate program, a recognition of the confidence and focus to collaborate in the AWS Partner co-sell program.

About Proficio

Founded in 2010, Proficio is an award-winning managed detection and response service provider. We help prevent cybersecurity breaches by performing and enabling responses to attacks, compromises, and policy violations. Our team of experts provides 24/7 security monitoring and alerting from global security operations centers (SOCs) in San Diego, Barcelona, and Singapore. www.proficio.com

Contacts:
Kim Maibaum
KMaibaum@Proficio.com

Case Study: SMARTER SECURITY ENSURES CONTINUATION OF UTILITY OPERATIONS

This utility company typically performed data service applications using on-premises data centers, but as their business evolved, they looked to begin migrating various utility service applications to AWS. They initially tested a shift of water applications to the cloud, but not long after migration, they began experiencing a high volume of attacks on their new cloud infrastructure, which required high volume of manual response actions. 

Read the Case Details

Case Study: MANUFACTURER MODERNIZES SECURITY OPERATIONS

This global manufacturer manages a large volume of products to meet demands for construction clients. They invested in Splunk for their security needs, but their internal IT and cybersecurity teams didn’t have the experience to utilize it to its full potential nor support 24/7 operations; additional, they were building up their cloud infrastructure in AWS. Without having the internal resources to support their infrastructure, they needed to find a partner that could help with their in-house SIEM solution and AWS data to ensure that their data was always safe. 

Read the Case Details

Case Study: HOME AUTOMATION COMPANY FOCUSES ON CLOUD SECURITY

When this well known home automation company came to Proficio, they were already housing their webcam data in Amazon Web Services (AWS). Cloud security was a priority, so they needed to have around the clock protection to ensure their data was secure but didn’t have the resources to monitor their networks 24/7 while also managing a cloud infrastructure, which is often time consuming and overwhelming for a security team. 

Read the Case Details

Case Study: LIFE INSURANCE COMPANY STRIVES FOR SUPERIOR SECURITY

This major life insurance provider was pleased with the abilities of Splunk, but their team had limited resources. Since their system processed millions of log events every day, investigating notables and remediating critical events without a dedicated 24/7 Security Operations Center (SOC) became an overwhelming task. In addition, they were hosting significant data in the cloud. So, they decided to partner with subject matter experts that could provide an additional layer of security for both platforms. 

Read the Case Details