AWS Partner Network (APN) Blog
Accelerate Security Incident Response and Recovery with AWS Security Incident Response Partners
By Dean Lawrence, Security Partnerships Lead, Global Services Security — AWS
By Brian Mendenhall, WW Head, Security & Identity Partner Specialists — AWS
By Aliaksei Ivanou, WW Security & Identity Sr. Partner Solutions Architect — AWS
By Joanne Moore, AWS Specialization Programs Sr. Launch Manager — AWS
In today’s cyber threat landscape, a robust incident response plan isn’t just a nice-to-have—it’s critical for businesses of all sizes. When customers prioritize incident readiness and prepare ahead of time for security incidents, there are non-linear benefits in time and cost savings, given offsets in downtime and overall impact.
To address this challenge, Amazon Web Services (AWS) introduced AWS Security Incident Response, a service that combines the power of automated monitoring and investigation, accelerated communication and coordination, and direct 24/7 access to the AWS Customer Incident Response Team (CIRT) to quickly prepare for, respond to, and recover from security events.
To complement this service, we announced the AWS Security Incident Response Specialization at re:Invent 2024, which validates partners’ ability to help AWS customers with incident response, backed by AWS security experts.
AWS Security Incident Response Specialization Partners identify, prioritize, and resolve security incidents, working together with AWS to mitigate threats to customer environments. Areas of support include 24/7 monitoring and triage, in-depth incident investigation and root cause analysis, containment of incidents, and guidance on effective remediation and recovery strategies.
Partner Showcase
AWS Security Incident Response Specialization Partners possess deep AWS experience and work closely with the AWS Customer Incident Response Team to deliver comprehensive solutions that can be tailored to the unique needs of the customer’s organization.
We invite you to explore the AWS Security Incident Response Partner solutions recommended by AWS:
Accenture Managed Security Services
Standardize, automate, and industrialize cloud security deployment, enforcement, incident management and reporting across all cloud deployed assets covering data, network, identity and monitoring with Accenture Managed Security Services.
Arctic Wolf Security Operations Platform – Managed Detection and Response (MDR)
Powered by threat telemetry spanning endpoint, network, and cloud sources, the Arctic Wolf Security Operations Cloud ingests and analyzes more than 1.9 trillion security events a week across the globe—enabling critical outcomes for most security use cases and optimizing customers’ disparate security solutions. Now deployed to more than 3,000 customers worldwide, the Arctic Wolf Platform delivers automated threat detection and response at scale, and empowers organizations of any size to establish world-class security operations with the push of a button.
Cloudtrace Managed Security Services
Cloudtrace offers an ISO 27001 certified 24×7 Security Operations Center (SOC) staffed with AWS certified blue and red teamers to provide an out-of-the-box cloud security team. Their modular services are designed to cater for the individual requirements of your environment and allow for rapid onboarding. Cloudtrace provides 24/7 services, including managed detection and response, cloud attack surface management, continuous cloud penetration testing, and continuous cloud security assessments.
CrowdStrike Falcon Platform
CrowdStrike Falcon Platform is 100% AWS-based and doesn’t require hardware, additional software, or configurations. It is the foundation of next-generation wholistic threat detection and response for endpoints, identity, cloud, and data protection. Discover the power of real-time threat detection, simplified management, and proactive threat hunting, and unleash the unmatched protection of CrowdStrike.
Deloitte ConvergeSECURITY Cyber Incident Readiness, Response, and Recovery (CIR3) Services
Deloitte will prepare AWS customers to be “cyber resilient” through people, processes, and technology for effective response, remediation, and recovery. They support tactical response through incident management coordination and hands-on technical assistance during active incidents. Additionally, Deloitte enhances the ability of AWS customers to maintain core function even in the face of disruptive circumstances by assisting those organizations with preparing for a more resilient tomorrow through readiness and resilience transformative (e.g., cyber recovery vault) enhancements.
Eviden Incident Response (Forensics) – Recovery Solutions
Eviden Digital Forensics and Incident Response (DFIR) services help clients investigate, contain, and recover business operations from a cyberattack. Their certified experts identify external or internal malicious threat actors across endpoints, networks, applications, cloud, operational technology, and the Internet of Things (IoT). Eviden DFIR services are available as incident response retainers or emergency response assistance anytime, anywhere.
Fortra’s Alert Logic MDR
Fortra’s Alert Logic Managed Detection and Response blends proprietary security technology, human analytics, and responsive communication to provide high quality, cloud-optimized security services and compliance-ready auditing at scale. Their cloud-native technology and Security Operations Centers protect organizations 24/7 providing vulnerability management, log analytics, deep-packet network inspection, host protection, and rapid detection and response backed by a 15-minute SLA for high and critical incidents. Alert Logic MDR has numerous 3rd party and AWS-native integration points with configurable intelligent automated response giving customers of any size unparalleled support for their IT environments day and night.
InfusionPoints Incident Response – VNSOC360
InfusionPoints VNSOC360° integrates AWS-native tools like Amazon GuardDuty and AWS CloudTrail to detect, monitor, and respond to security incidents. Operating as an extension of your IT team, they provide continuous monitoring, threat detection, and fast incident response using Amazon CloudWatch and AWS Lambda for automated actions. They help you build, test, and defend your AWS infrastructure with 24x7x365 managed security, ensuring your environment stays secure and compliant.
NTT DATA EMEAL CyberSecurity Incident Response and Forensics
CyberSecurity Incident Response and Forensics (CSIRF) offers a systematic and reliable approach to investigating, assessing, and recovering from incidents, minimizing disruptions to business activities.
Palo Alto Networks Prisma Cloud Enterprise Edition
Prisma Cloud secures applications from code to cloud, enabling security and DevOps teams to effectively collaborate to accelerate secure cloud-native application development and deployment. CNAPP Platform that brings together a complete cloud security platform with CSPM and CWP capabilities. This service ingests findings from several AWS services including Amazon Guard Duty, Amazon Inspector, etc.
Pinnacle Technology Partners Managed Threat Detection
Pinnacle Technology Partners (PTP) Managed Threat Detection service provides critical security monitoring with deep security engineering talent and a focus on key compliance frameworks. While clients focus on proving scientific data, PTP delivers 24x7x365 security monitoring.
RedBear IT Security Incident Response
In the event of a security incident, RedBear provides team, tools, and experience. The RedBear Incident Response service will manage the incident to contain it, eradicate the access or vulnerability, and recover the platform. Forensics will be performed to determine root cause and reduce the risk of re-occurrence. An incident and investigation report will be provided along with remediation steps against the root cause.
Trend Micro Cloud One
Trend Micro’s ABI integration streamlines deployment of cloud security platform and facilitates full integration of XDR solution. Automatically deploy security to workloads and layer Trend threat intelligence on top of your AWS CloudTrail logs to detect any suspicious activity, empowering you to accelerate detection and response in the cloud.
Customers: Work with an AWS Security Incident Response Specialization Partner
AWS Security Incident Response Partners help you navigate cloud security threats, supporting your organization’s readiness to respond to and recover from security incidents.
Explore validated AWS Security Incident Response Partners.
Partners: Learn more about the AWS Security Incident Response Specialization
The AWS Security Incident Response Specialization is available to partners offering consulting services through the AWS Service Delivery Program and partners with software solutions through the AWS Service Ready Program.
To be eligible, partners with a software solution must complete the AWS Foundational Technical Review (FTR) and be be a validated member of the Software Path. Partners with a services solution must be Select Tier or higher.
In addition to AWS Specialization benefits, AWS Security Incident Response Specialization Partners gain access to the AWS Customer Incident Response Team.
To apply, review the Program Guide and access the application in AWS Partner Central (login required).