Today, Sysdig is proud to announce our integration with the AWS Security Hub. AWS Security Hub consolidates alerts and findings from multiple AWS services including, Amazon GuardDuty, Amazon Inspector, as well as from AWS Partner Network (APN) security solutions, which Sysdig is already a part of. This single pane of glass gives you a comprehensive view of high-priority security alerts and compliance status across AWS accounts.
The benefits of Sysdig’ integration with AWS Security Hub include:
- Continuous security based on runtime analysis: By leveraging system calls, Sysdig is able to provide deep-container visibility, which can be used to detect, alert, and block suspicious activity post deployment.
- Security compliance and audit for containers in AWS: Sysdig Secure results can be viewed directly in the AWS Security Hub, enabling DevSecOps practitioners to easily browse deployment configuration, container events without having to log into another system.
- All encompassing forensics and post-mortem analysis for better decision making.
Sysdig records all activity, including commands, processes, network, and file system operations, enabling post-mortem analysis and forensics from the time of the attack, as well as pre-attack activity trails.
Sending runtime security events into AWS Security Hub
Sysdig’s integration with AWS takes security incidents, enriches them with the relevant metadata from AWS, EKS, ECS and forwards them into Security Hub console. The integration can receive events asynchronously via a webhook notification, automatically created and configured in Sysdig Secure, but can also be configured to poll Secure API and send aggregated events periodically.
Let’s dive into the integration steps:
1. Push events into security hub
Within Sysdig Secure, you can easily forward events into AWS Security Hub. All you need to do is provide your AWS account/access ID and access key and enable forwarding of events at runtime.
2. View security findings from Sysdig Secure in your AWS account
Once you’ve setup forwarding, you can easily visualize the group of security events within the console. The findings section will aggregate the various different security events that have happened across your infrastructure over a given time period. With the ability to click in for more info, users are able to access runtime security alerts from applications running on EC2, ECS and EKS.
3. View violation details in Sysdig Secure
For additional details, security teams can go back into Sysdig Secure to explore the commands audit for container forensics and post-mortem analysis. This enables teams to find out how the possible attacker broke into the container, and to learn what was executed or what data was stolen.
With this integration, Sysdig provides the rich environment data, visibility and security findings Sysdig is known for, along with alerts into the Security Hub console, making it easier for enterprises to see a full view of their environment from one place. Our joint customers enjoy the benefits of more reliable, more secure software built on top of our integrated offerings.
Sysdig and AWS have a deep, long-lasting partnership, with both companies sharing a common goal of helping customers effectively and securely transition to cloud-native applications, faster. Sysdig helps secure and monitor popular AWS services, including Amazon Elastic Container Service (ECS), Amazon Elastic Container Service for Kubernetes (EKS) and AWS App Mesh. To learn more visit https://sysdig.com/partners/aws/