Security in a multi-account environment

Alert Logic Managed Detection and Response (MDR) is always on, providing protection across your entire organization and delivering unrivaled security through five key elements: intelligence driven by data and humans, a scalable MDR platform, security experts named to your account, security insights at your fingertips, and protection tailored to each asset in your environment.

Alert Logic MDR (US) features include:

• A named MDR concierge with 24/7 threat management and a 15-minute escalation SLA
• Real-time reporting, intrusion detection, and user behavior anomaly detection
• Hybrid asset and risk discovery
• Essential compliance coverage
• Vulnerability scanning and Endpoint protection
• Cloud configuration assessment

Aqua Wave provides a SaaS-based, cloud security posture management (CSPM) solution for AWS Control Tower. Aqua CSPM continually audits your cloud accounts for security risks and misconfigurations. This is performed across hundreds of configuration settings and compliance best practices, enabling consistent, unified multi-account security. It also provides self-securing capabilities to help ensure your cloud accounts do not drift out of compliance by leveraging a policy-driven approach. 

Aqua CSPM features include:

• Continuous auditing of hundreds of settings for infrastructure risks and misconfigurations
• Enterprise-ready scale supports hundreds of cloud accounts and integrates with AWS Control Tower
  
• Scan AWS CloudFormation templates (Infrastructure-as-code) for weaknesses
• Self-securing with detailed and actionable advice or automatic remediation

BigID is a modern data intelligence platform for data privacy, security, and governance - built on a foundation of Machine Learning (ML)-based data discovery. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. With BigID, organizations can get deep insight into any data in the data center or cloud, at rest or in motion. Organizations can leverage BigID’s first-of-its-kind application and API framework to action their data in privacy, security or data governance.

BigID features include:

• Automated discovery, cataloging, and classification of all structured and unstructured data
• Identification of sensitive, personal, regulated, critical, and duplicate data identification
  
• Privacy requirement management (with privacy portal), automated data rights fulfillment, consent governance, preference management, and data mapping
• Transformed data security with access intelligence, data remediation, data deletion, labelling, and risk analysis
• Reimagined data governance with data quality, data stewardship, data retention, and metadata exchange and enrichment

CloudKnox is an entitlements management platform that uses a patented activity-based authorization protocol to protect enterprises from machine and human identities with excessive high-risk permissions. CloudKnox works across your AWS accounts to support continuous, adaptable risk-based decision making, alerting organizations of unexpected and excessive risk caused by privilege misuse. 

CloudKnox Cloud Security Platform features include:

• Comprehensive visibility and automatic remediation of all over-permissioned identity and resources including cross account access
• Deliver Permissions-on-Demand which are time and resource bound
• Detect, alert, and remediate infrastructure anomalies
• Monitor and remediate cloud resources for configuration violations through custom alerts and automated reports
• Measure compliance against regulatory frameworks - CIS, NIST, PCI and custom policies
  

Crowdstrike Falcon Endpoint Protection uses advanced artificial intelligence (AI), machine learning, behavioral protection, kernel level visibility and proactive threat hunting to identify potential attacks in real-time. For organizations who are adopting or migrating to cloud workloads, CrowdStrike Falcon Endpoint Protection provides comprehensive visibility and breach protection allowing customers to rapidly adopt and secure technology across any workload.

CrowdStrike Falcon Endpoint Protection Premium features include:

Workload Discovery: Automatically discover all existing cloud workload and containers deployments to get full visibility into the scope and nature of your cloud footprint

Observability: Improve cloud hygiene with real-time information about workloads and containers, including metadata on configurations, networking and security.

Runtime Protection: Protect against malware and sophisticated attacks for Amazon EC2 instances running Linux

EDR for Cloud Workloads: EDR for cloud workloads and containers helps prevent silent failure by capturing raw events for complete event monitoring and visibility

API-Led Integrations: Seamlessly integrate with DevOps and CI/CD pipelines and leverage AWS Cloud Formation, Terraform, Ansible, Chef, Puppet, etc

Ermetic is an identity-first, cloud infrastructure security, Software-as-a-Service (SaaS) solution for detecting, prioritizing, and remediating risky entitlements and misconfigurations at scale. Enterprises use Ermetic to enforce full-stack least privilege access for all cloud identities and manage security posture without impact to application continuity or speed to market.

The Ermetic platform features include:

• Full asset inventory with deep, contextual visibility
• Permission risk assessment and prioritization across identities, configurations, network, and data
• Automated and tailored remediation with actual-use policy suggestions
• Anomaly and threat detection using continuous risk analysis
• Compliance and access governance (CIS, GDPR, HIPAA, PCI, SOC2, etc.)

Lacework is a threat detection, compliance, and automated cloud security monitoring platform that automatically identifies and resolves anomalous changes and discovers cloud compliance issues. It’s embedded security enables continuous security, automation, and faster builds. Using Lacework, DevSecOps teams gain deep visibility into security issues and increase development speed.

Lacework features include:

• Complementary security and configuration support for workloads and accounts running in Amazon Web Services (AWS)
• Deep visibility and alerts across cloud accounts, workloads, containers, and Kubernetes
• One-click investigation of events
• Polygraph-created visual and searchable temporal baseline monitoring entire infrastructure

The Netskope Security Cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

Netskope Security Cloud features include:

• Inline data and threat protection for cloud services, apps, and web access
• Zero-trust network access to private apps and resources
• Cloud access security for managed cloud services and apps
• Cloud and SaaS security posture management for audit checks and compliance
• Cloud infrastructure storage scans with data and threat protection
• Instance awareness between company and personal accounts to detect insiders and unapproved data flows

Prisma Cloud provides cloud security posture management (CSPM) and cloud workload protection (CWP) as a single pane of glass for comprehensive visibility and control. Securely provision automated account registrations, continuous governance, and enterprise-wide management of multiple AWS accounts in just a few clicks. Prisma Cloud also extends cloud automation to integrated Lambda serverless remediation and manages it through a common policy and governance framework.

Prisma Cloud features include:

• CSPM to monitor posture, detect and respond to threats, and maintain compliance
• CWP to secure hosts, containers, and serverless across the application cycle
• Cloud network security to gain network visibility, enforce microsegmentation, and secure trust boundaries
• Cloud infrastructure entitlement management to enforce permissions and secure identities across workloads
• Full lifecycle and multi-account security for any cloud native workload or application
  

Snyk Container is a security solution designed to help developers find and fix vulnerabilities in cloud native applications. Snyk’s seamless integration into the developer workflow, with continuous monitoring of applications in production, empowers developers to continue to release fast, while helping to ensure secure code.

Snyk Container features include:

• Continuous monitoring and automated remediation
• Vulnerability matching to Dockerfile commands
• Vulnerability scanning, assessment, and risk management
• Comprehensive alerts and notification settings
• Asset discovery and tagging
• Real-time analytics and dashboard

Sonrai Dig is an identity and data governance platform built for cloud and container environments, providing complete visibility inside your organization. It continuously identifies and monitors every trust relationship, inherited permission, and policy across all multi-account AWS environments. Sonrai Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security.

Sonrai Dig - Identity and Data Governance Platform features include:

• Auto-remediation of all identity, data, and network risks in your AWS environment
• Continuous access monitoring finds, classifies, and minimizes access to all critical data in structured and unstructured stores
• Over 1000 control policies and 30 frameworks spanning data, identity, cloud-platform, and container compliance regulations
• Machine learning and graph analytics automate identifying, classifying, and prioritizing risks for responsible teams and individuals
  

Vulnerability Management for Modern IT, Tenable.io provides the most accurate information about assets and vulnerabilities in your IT environment. Available as a cloud-delivered solution, Tenable.io features the broadest vulnerability coverage, intuitive dashboard visualizations for rapid analysis, and seamless integrations that help you maximize efficiency and increase effectiveness.

Tenable.io features include:

• Comprehensive assessment
• Predictive prioritization
• Dynamic asset tracking
• Passive network monitoring
• Automated cloud visibility
• Pre-built integrations and flexible API

Trend Micro Cloud One™ - Workload Security is purpose-built for server, cloud, and container environments, providing visibility across your entire hybrid cloud. Automatically protect against vulnerabilities, malware, and unauthorized changes with a wide range of powerful and intelligent capabilities. Workload Security automatically integrates with the DevOps toolchain and includes a rich set of REST APIs, which facilitate deployment, policy management, health checks, and compliance reporting.

Trend Micro Cloud One – Workload Security features include:

• Intrusion prevention, anti-malware, machine learning, behavioral analysis, application control, integrity monitoring, web reputation, firewall, and log inspection
• Security policy automation as you migrate or create new workloads
• Multi-platform application control to detect and block unauthorized software execution
• API-first, developer-friendly tools to help you integrate security controls into DevOps processes
• Integration for leading SIEM, security management, orchestration, monitoring, pipeline, and IT service management tools