Delta Risk Announces Virtual Private Cloud Flow Log Visualization for Amazon Web Services

Delta Risk, a leading provider of cloud security, SOC-as-a-Service, and consulting services, announced new capabilities today that provide comprehensive visibility into communications to and from applications running on Amazon Virtual Private Clouds (VPCs), enabling DevOps and security teams to detect threats faster. The VPC Flow Log Visualization technology, available via the Delta Risk ActiveEye security platform, makes it easier to get real-time insights into IP traffic going to and from VPCs, networks, and the Internet. As a result, users can identify risky misconfigurations, investigate errors, and detect potential threats more quickly.

ActiveEye VPC Flow Log Visualization simplifies visibility into:

• What applications are running in an Amazon VPC;
• How traffic is moving between hosts; and
• Which hosts are directly communicating with the public Internet.

Development teams are rapidly deploying new applications using tools such as Amazon VPCs, which enable them to deliver services securely and cost-effectively via private clouds hosted on the Amazon Web Services (AWS) Cloud. However, as they deploy these applications, it’s often difficult for security teams to see what applications are running in the environment and how traffic is flowing both within the network and externally to the Internet.

Native AWS tools like VPC Flow Logs enable users to capture traffic going to and from network interfaces. Each network interface has a unique log stream, though, which can make it hard to use the data effectively for security monitoring. ActiveEye’s Flow Log Visualization for Amazon VPC gives users real-time insights into traffic without the need to set up and configure multiple other AWS capabilities such as CloudWatch, Amazon Kinesis, or Amazon Athena.

“Most organizations don’t have the benefit of having a security team well-versed in securing workloads in new cloud infrastructure like AWS, let alone the ability to staff it 24×7,” said John Hawley, Vice President of Product Strategy. “Delta Risk provides a SOC-as-a-Service capability via our ActiveEye platform to co-manage security. This enables us to monitor the entire application environment – including AWS-based workloads – around the clock.”

The new visualization feature complements the existing suite of Delta Risk’s ActiveEye security services for AWS, including:

• AWS Configuration Assessment – This validates the current configuration in each AWS Account against best practices as well as Center for Internet Security (CIS) Benchmarks. Continuous validation ensures development teams have the guardrails they need to deploy applications securely. With automated policy checks, DevOps teams can get Slack alerts if newly deployed resources violate security policies. 
  
• AWS CloudTrail Log Analysis and Storage – Continuous review of CloudTrail administration activity identifies actions that violate security best practices. Daily or weekly reports can be delivered via email to summarize security group updates, new users created, or resources added. All activity data is available for real-time analysis for 90 days and stored for one to seven years for forensic and compliance purposes. 
  
• AWS GuardDuty Analysis and Aggregation – A consolidated view of all GuardDuty alerts in a single console eases the workload for security teams. The ability to view related configuration updates, CloudTrail administration activity, and VPC Flow Logs in that same console dramatically reduces the time required to investigate anomalies.