RedLock is now a part of Palo Alto Networks - READ MORE
< Back

RedLock Bolsters Cloud Security with Amazon GuardDuty Integration

by   |   11.28.17, 9:54 PM


With AWS re:Invent 2017 in full swing at Las Vegas, I am thrilled to announce that RedLock is a launch partner for Amazon GuardDuty, a new threat detection service announced by Amazon Web Services (AWS).

The new service serves as an additional data source that RedLock consumes to enrich the security insights that the RedLock Cloud 360 platform provides. This integration enables customers to gain deeper visibility, security, and risk management across AWS environments. Below, I provide a sneak preview into the new capabilities - check them out!


Security Governance


The integration of Amazon GuardDuty findings into the RedLock Cloud 360 platform ensures that you have a single pane of glass to monitor all security insights across your AWS environment.

Policies: RedLock has already done the hard work of mapping granular controls for standards such as CIS and provides hundreds of out-of-the-box policies for AWS, Azure, and Google Cloud. In addition to that, you can readily add policies based on Amazon GuardDuty findings to the RedLock Cloud 360 platform which ensures continuous monitoring as soon as new issues are discovered.

Reporting and Alerting: GuardDuty findings are well integrated into RedLock reporting and alerting framework. The RedLock platform incorporates the findings into its resources risk-scoring algorithm which helps you prioritize remediation of security incidents.

Incident Investigation: RedLock Cloud 360 platform’s investigation capabilities now extend to Amazon GuardDuty which enables you to easily visualize and contextualize the findings. The root cause of an incident and impact analysis can be quickly performed which reduces the time needed to resolve issues.

Host Vulnerabilities: RedLock integrates with vulnerability management tools to provide you with visibility into vulnerable hosts across your AWS environment. Amazon GuardDuty host findings are incorporated into the RedLock host vulnerabilities framework to help you assess all risks associated with cloud hosts.

Automated Remediation: The integration enables organizations to automatically remediate threats identified by Amazon GuardDuty via the RedLock Cloud 360 platform or third party orchestration tools.

To learn more about cloud security governance, watch this short video.


SOC Enablement



The integration of Amazon GuardDuty findings into the RedLock Cloud 360 platform provides additional context which aids in threat detection, incident investigation, and rapid remediation across your AWS environment.

Advanced Threat Detection: To truly detect threats in public cloud computing environments, comprehensive visibility is necessary. RedLock takes a new AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations, threat intelligence, vulnerability feeds, and now Amazon GuardDuty findings. This enables it to alert you about threats in real-time.

Network Investigation: The RedLock Cloud 360 platform’s network investigation capabilities now extend to Amazon GuardDuty network data which enables organizations to easily visualize suspicious network activity. The root cause of an incident and impact analysis can be quickly performed which reduces the time needed to resolve issues.

User Behavior Analytics: The RedLock Cloud 360 platform augments Amazon GuardDuty identity and access management findings with its current machine learning algorithm used to detect user account and access key compromises as well as insider threats.

Enterprise Integration: RedLock Cloud 360 natively integrates with additional enterprise products such as SIEM, workflow management, vulnerability management, and security orchestration tools to provide a single-pane-of-glass visibility for investigation, prioritization, and resolution of alerts. These integrations extend to Amazon GuardDuty, allowing organizations to incorporate both RedLock Cloud 360 platform alerts and Amazon GuardDuty findings into these enterprise tools.

To learn more about enabling security operations across your cloud computing environment, click here.


Learn More

If you would like to learn more about how RedLock can help you gain deeper visibility into AWS security and compliance risks, request a demo.

Request a Demo


Related Posts