AWS Partner Network (APN) Blog
Securing your AWS environment with Wiz for Gov, a FedRAMP Moderate authorized security solution
By Shaked Rotlevi, Technical Product Marketing Manager – Wiz
By Faizan Mahmood, Global Partner Account Manager – AWS
Wiz |
On May 12, 2021 President Biden released the Executive Order on Improving the Nation’s Cybersecurity. The Executive Order aims to strengthen the Federal government’s cybersecurity posture and protect the nation’s critical infrastructure from cyber threats. Among the key directions is to accelerate the move to secure cloud services.
The shift to the cloud is a critical component of the US government’s efforts to not only improve cybersecurity but also to improve efficiency, reduce costs, and enhance the delivery of services. By leveraging the scalability, flexibility, and security of cloud computing, Federal agencies are breaking free from the constraints of traditional on-premises infrastructure and tapping into a vast array of advanced technologies and capabilities.
AWS provides Federal agencies with access to resources, expertise, technology, professional services, and our AWS Partner Network (APN) to help them meet the security and compliance requirements of the executive order. In this post, we will learn about Wiz.io, an APN partner, and how Wiz works with AWS to enhance your security in the cloud.
Wiz, a comprehensive Cloud Native Application Protection Platform
Public Sector entities and contractors leveraging traditional security tools often face blind spots, alert fatigue, and operational inefficiencies due to siloes in their security posture. The Government Accountability Office (GAO) reviewed four federal agencies and found they all only fully performed continuous monitoring for 20% of the systems reviewed, the rest had only partial coverage. This is one reason why organizations are moving away from point solutions to a single Cloud Native Application Protection Platform (CNAPP). A CNAPP provides customers with a comprehensive cloud security solution, allowing for complete visibility and effective risk reduction in the cloud.
Wiz is a CNAPP solution that helps organizations, including both 40% of the Fortune 100 and public sector organizations with the most stringent requirements for safeguarding mission-critical data, secure everything they build and run in the cloud. By integrating with native AWS security services, Wiz provides complete visibility into environments, proactive risk reduction, and continuous compliance assessment in the cloud.
Wiz is an AWS Public Sector partner and their CNAPP solution is available in the AWS Marketplace. Wiz holds several AWS Competencies including Security, Cloud Operations, Financial Services, and AWS Built-In. These competencies demonstrate their deep technical expertise and proven success in these key solution areas. Customers who leverage AWS’ secure infrastructure and services along with Wiz’s platform are able to migrate workloads quickly and securely.
Introducing Wiz for Government, a FedRAMP authorized CNAPP
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security in the cloud, helping government agencies accelerate cloud adoption with a common security framework. Wiz is one of the first CNAPPs to achieve FedRAMP Moderate Agency Authorization, allowing US government community organizations with FedRAMP Moderate requirements to take advantage of its platform. AWS provides FedRAMP Moderate authorized cloud services in US East/West regions and FedRAMP High authorized services in AWS GovCloud (US). Wiz for Gov is a platform built on AWS GovCloud (US) and both leverages and integrates with the authorized services that AWS provides.
Achieving FedRAMP Moderate authorization is an example of Wiz’s commitment to securing the public sector. As part of the FedRAMP authorization process, Wiz has gone under rigorous security assessment to show it meets the security standards of the federal government. Specifically, Wiz for Gov complies with the FedRAMP Moderate baseline, derived from National Institute of Standards and Technology (NIST) Special Publication 800-53.
Government agencies are already seeing the great benefits of Wiz CNAPP in protecting their cloud. The U.S. Navy, like many organizations within the Department of Defense (DoD), has challenges rapidly bringing advanced capabilities to its personnel on the ground while abiding by strict security regulations. To meet this challenge head-on, one Navy research facility engaged AWS Professional Services to construct the COSMOS platform, a solution designed to expedite and simplify onboarding and security procedures for cloud workloads, on AWS and integrated with Wiz. Afterwards the customer engaged Strategic Business Systems, Inc. (SBS), a technology firm known for its custom-built solutions for secure environments.
Michael Johnson, Managing Director, Public Sector of SBS recounted that his team:
“focused automating as many steps as we can across the security requirements. Being able to integrate Wiz’s capabilities into COSMOS enabled us to take a process that typically requires three months down to 30 minutes.”
Together, Wiz, AWS and SBS are helping that Navy customer accelerate processes and take advantage of cutting-edge capabilities provided by AWS. By incorporating Wiz as the backbone of its security architecture, COSMOS is positioned to transform the way the Navy maintains cloud environments, accelerates product delivery timelines, and uphold security standards. To learn more about how Wiz is delivering key capabilities to support mission owners, read the case study.
The Wiz Security Graph backed by Amazon Neptune
Wiz’s unique approach to cloud security is based on a Wiz Security Graph, which is backed by Amazon Neptune. The graph allows public sector organizations to effectively detect the most critical security risks in their environment, by correlating all resources and risks on the graph to identify critical attack paths. The risks Wiz assesses include misconfigurations, network exposures, secrets, vulnerabilities, data, malware, and identities to detect the toxic combinations that your organization needs to prioritize. For example, an internet exposed Amazon Elastic Compute Cloud (EC2) instance with a critical vulnerability and access to an Amazon Simple Storage Service (S3) bucket with sensitive data. Actionable context on the graph enables you to proactively enable your teams to identify, prioritize, remediate, and prevent mission-critical risks. This approach reduces the alert fatigue faced with traditional tools and allows you to truly focus on the risks that pose a real threat to your agency.
The following image shows an example exploitable attack path on the Wiz Security Graph. The graph includes relevant context like accessibility from the public internet, vulnerabilities, potential for lateral movement, and access to sensitive data.
Figure 1: The Wiz Security Graph backed by Amazon Neptune
Benefits of Wiz for Gov
With Wiz for Gov, organizations with FedRAMP Moderate requirements can:
- Gain 100% visibility-Wiz enables agencies to remove the risk of blind spots in their environment. Wiz provides full-stack visibility into every technology running in your multi-cloud environment across virtual machines, containers, serverless, and AI technologies, all without having to deploy a single agent. You can connect your AWS Organizations to Wiz in minutes and gain immediate time-to-value.
- Remove critical security risk in the cloud-Wiz continuously monitors for risk in your environment across vulnerabilities, identities, network exposures, misconfigurations, data, secrets, and malware. Risks are prioritized and modeled on the Wiz Security Graph, enabling agencies to effectively focus on removing the most critical risks in their environment.
- Meet compliance requirements- Agencies can assess and report on their compliance posture against CIS Benchmarks including CIS Linux, Windows, and Red Hat STIG benchmarks. You can leverage Wiz’s over 140 built-in compliance frameworks (including FedRAMP, Cybersecurity Maturity Model Certification (CMMC), NIST 800-171), generate compliance reports, and investigate vulnerability findings and inventory with the click of a button.
- Ensure readiness against unforeseen threats- Agencies can stay ahead of threats like the Log4j, MOVEit, and Ivanti vulnerabilities with Wiz’s Threat Center which flags down emerging threats and whether you are exposed to them in your environment.
- Establish secure use of AI- With Wiz AI Security Posture Management (AI-SPM) capabilities, you can securely adopt AI in your organization by gaining visibility into AI pipelines, detecting misconfigurations in AI services such as Amazon Bedrock, and proactively removing attack paths to AI models.
In Summary
Customers with FedRAMP Moderate requirements can now take advantage of the comprehensive Wiz for Gov platform built on AWS GovCloud (US). The Cloud Native Application Protection Platform (CNAPP) provides government agencies with capabilities ranging from visibility, compliance and reporting, risk prioritization, vulnerability management, and AI Security. You can learn more about Wiz for Gov by visiting the Wiz for Government webpage. To learn more about how Wiz works with AWS, visit the Wiz and AWS partner webpage. If you prefer a live demo, we would love to connect with you.
.
Wiz – AWS Partner Spotlight
Wiz is an AWS Advanced Technology Partner and AWS Competency Partner that performs a deep assessment of your entire cloud and then correlates a vast number of security signals to trace the real infiltration vectors that attackers can use to break in. Wiz also gives you the tools to bring your DevOps and development teams into the process to fix these risks, creating a culture of security in your cloud operations that results in a stronger, more secure cloud.