AWS Marketplace security resource hub

Learn valuable insights on how new Cloud Workload Security (CWS) functionality can lead to advanced threat detection, increased control, and more.

Choose resource type
  • Choose resource type
  • Webinars
  • Whitepapers
  • KickStart Kits


Register for our webinars to learn from industry leaders on key security topics, such as threat modeling and compliance. You can also discover security solutions available in AWS Marketplace that can help you achieve your security goals.

This webcast provides guidance on the key issues to consider when choosing SIEM or security orchestration and response (SOAR) products for integration on the AWS platform and suggests a process for making such important decisions. Security information and event management plays an important role in collecting data on network assets and traffic. That information can then be funneled through SOAR systems to protect network environments both on-premises and in the cloud.

One of the major concerns security teams have when their organization migrates business to a cloud environment is losing visibility into their systems and threat detection capabilities. Traditional network- and host-based monitoring can be adapted to support intrusion detection in the cloud. In this webcast, SANS Analyst David Szili focuses on the keys to detecting threats in the AWS environment and presents use cases to demonstrate best practices.

In this on-demand webinar, SANS instructor David Hazar, AWS Solutions Architect Manager David Aiken, and Optiv Cloud Security Practice Leader Joe Vadakkan will release guidelines for determining your cloud endpoint security controls and selecting solutions through the AWS Marketplace.

In this on-demand webcast, SANS analyst Thomas Banasik identifies the top challenges businesses face when migrating to the cloud and walks through the process of protecting cloud assets by using a defense-in-depth architecture to create a readily deployable, fully integrated endpoint security strategy.

Cloud-based firewalls, along with threat prevention capabilities (including intrusion detection and prevention systems) are key to securing ever-changing organization perimeters. This webcast provides guidance on the key issues to consider when choosing cloud-based firewall/threat prevention solutions for integration on the AWS platform and suggests a process for making that important decision.

SANS analyst Kevin Garvey explores key features of cloud-based firewalls and how they differ from more traditional firewalls, the ease with which organizations can manage firewalls in AWS, and advanced features of firewalls that are of significant value to users’ organizations.

In this on-demand webinar, SANS Analyst and cloud security expert Dave Shackleford explains how visibility in the cloud differs from more traditional security visibility and suggest how organizations can move toward establishing a cloud visibility strategy, using practical examples to illustrate the process.

As more organizations store sensitive data in the cloud, and as data protection regulations become more stringent, security personnel should consider developing a strategy to protect their assets in the AWS cloud. However, this poses many important questions, such as: How can I securely migrate data from on-premises storage volumes to AWS services, or from existing AWS services to new AWS services?

In this on-demand webinar, SANS analyst and instructor Shaun McCullough provides an introduction to exploring the vulnerabilities associated with modern web applications, the web application firewalls and DevSec operations that oversee security for continually updating of code. This process, known as threat modeling, is vital to the ability to prioritize vulnerabilities and security operations to meet those challenges. Shaun offers practical recommendations for addressing threats, with a focus on web apps, while running in an IaaS/PaaS cloud service using a DevOps process.

In this on-demand webinar, SANS instructor Matt Bromiley explains and defines the various levels of compliance, outlines how risk management and compliance work together, and looks at existing gaps in implementation. The session then addresses how to automate compliance and risk management, including with cloud security controls, to help you answer questions such as: What is the provider’s role and what is the cloud user’s role? Why do you need risk management, and how do you use vulnerability monitoring?

In this on-demand webinar, SANS Director of Emerging Technologies John Pescatore will show how to use the NIST CSF to make the leap to securing infrastructure-as-a-service (IAAS) and hybrid cloud implementations by selecting and integrating the most effective and efficient security services, including both native cloud security services and third-party controls.

This webinar provides guidance on how to understand and protect applications in your pipeline as well as solution suggestions to help secure application deployment and delivery on Amazon Web Services (AWS).

This webinar will focus on the security of the continuous integration and continuous deployment (CI/CD) pipeline and security automation. Join SANS and AWS Marketplace as they discuss how to improve and automate security across the entire CI/CD pipeline and runtime environment.

Join SANS and AWS Marketplace to learn how to leverage different technologies to determine the source and timeline of the event, and the systems targeted to define a reliable starting point from which to begin your investigations.

There are solutions available to enable your ability to conduct effective investigations and help improve your organization’s security posture in AWS. This webinar provides guidance on the key considerations when choosing those solutions.

In this webinar, you will learn how threat hunting differs from alerts and SOC monitoring, and what threats to look for. You will also discover real-life examples that demonstrate how threat hunters can apply cloud infrastructure best practices to reduce the noise in often chaotic environments, making it easier to detect potential events.

In this webinar, SANS and AWS Marketplace explore how organizations can leverage solutions to create more signal and less noise for actionable responses that can enhance and accelerate security operations.

Adding EDR capabilities into your AWS (Amazon Web Services) environment can inform investigations and provide actionable details for remediation. Join this webinar to discover how to unpack and leverage the telemetry provided by endpoint security solutions.

View this webinar to learn how you can systematically and methodically improve your situational awareness. Discover ways to then act upon those insights by leveraging technologies to support threat intelligence, log collection and analysis, incident response, and security orchestration.


Download our whitepapers to learn best practices and strategies for a broad spectrum of security topics. You will gain the perspective of both AWS Marketplace and the SANS Institute and identify software sellers in AWS Marketplace that offer relevant security solutions.

In this paper, we review how you can rethink on-premises security capabilities and technologies so that your deployments for cloud environments will be familiar and yet improved. We also look at an example of how an organization can successfully implement cloud-based firewalls.

This guide examines options for implementing firewalls within Amazon Web Services (AWS). It examines the needs and capabilities associated with today’s firewall and threat prevention services and details general, technical and operational considerations when choosing these products. The guide concludes by examining AWSspecific considerations and recommending a plan of action for organizations considering the purchase of cloud-based firewalls. Before we begin, Table 1 provides definitions of key firewall-related terms.

In this paper, we break down key controls and considerations for protecting your data in the AWS cloud, including encryption and key management, data loss prevention, classifying and tracking data, and more. As part of the shared responsibility model, organizations have the authority to enable controls in the cloud to protect data from exposure and attack. The good news is that more data security controls and products/services are available than ever.

In this paper, we present what customers should consider when evaluating endpoint security technology in the cloud. We discuss a high-level strategy for evaluating these solutions and then discuss implementation options that organizations need to consider when planning to implement these technologies in Amazon Web Services (AWS). We also review why businesses may choose to implement endpoint security in the cloud along with the various needs and capabilities associated with different endpoint security solutions.  

This paper is a use case of modeling the threats against a web application server and how to address those risks in a cloud environment. We will cover the web app stack, including the web server, the application code, and the DevOps pipelines to manage it. Database threats will be covered in future papers in this series. We’ll examine the tools and services that cloud providers offer to operate web applications at scale and integrate security services.

In this paper, we look at a variety of controls to ensure network, application, instance/container, database/storage, and control plane visibility and build upon them to create a security visibility strategy for the cloud. Today organizations are storing sensitive information ranging from business intelligence to personally identifiable information, health records, credit cards and other regulated data in the cloud. It is obvious that cloud is here to stay, and security professionals need to manage the threats and vulnerabilities that go along with cloud deployments.

In this paper, we examined the concept of compliance-forward thinking, which asks organizations to consider compliance requirements when they are planning and building infrastructure, instead of afterward. There is a wealth of options within the cloud service space that can assist in automating and monitoring compliance of your organization and/or your customers’ data.

In this whitepaper, SANS Director of Emerging Technologies John Pescatore provides practical scenarios and guidance to help you quickly identify the right use cases to optimize cloud security operations. Securing information always comes down to providing three basic security functions, the "CIA triad" of confidentiality, integrity and availability.

In this whitepaper, SANS analyst, Thomas Banasik, will discuss how endpoint security solutions in the cloud differ from on-premises practices and identify top considerations when migrating to Amazon Web Services (AWS).

This paper seeks to give you a better idea of what your organization needs to successfully plan and execute a secure application transition to, or deployment in, an AWS environment. We discuss how security teams can best support application development teams, what options you have as a security professional for this support, and how best to guide your development teams as they transition workflows to AWS.

In this paper, we delve into the changing nature of application development and security as organizations are building and deploying applications for the cloud. We'll cover the various phases of a modern application pipeline and discuss some of the security controls that organizations should consider implementing in each. We'll also touch on a number of other critical areas such as privilege management, containers and orchestration, and automation.

In this paper, we discuss needs, implementation options, capabilities, and various considerations for organizations seeking to implement SIEM/SOAR capabilities in Amazon Web Services (AWS). We discuss the integration of SIEM and SOAR in the cloud environment and how that compares to on-premises use. What does a cloud use case look like? What are the differences between cloud and on-premises deployments?

In this paper, we focus on the key steps to detect threats in Amazon Web Services (AWS) and gradually build a security monitoring strategy. Threat detection and continuous security monitoring in cloud environments have to integrate security monitoring of instances and images (system monitoring), just as they do on premises. For cloud services, however, it is also crucial to include the monitoring of the cloud network infrastructure and cloud management plane (cloud monitoring).

In this whitepaper, SANS analyst, Shaun McCullough walks through the threat hunting process and how it should fit into an organization’s overall security strategy. He also discusses what data to gather, options for analyzing it, and the kinds of tools threat hunters can use in their cloud environment.

Following on Kyle’s perspective, AWS Marketplace will share how you can apply this process to your AWS environment with an introduction to relevant AWS services that can enhance your organization’s security posture. Finally, Palo Alto Networks will be presented as a solution to help strengthen investigations in AWS.

In this whitepaper, SANS analyst and senior instructor, Dave Shackleford discusses the latest changes in application development and security, walks you through the various phases of the CI/CD pipeline, and describes the security controls that organizations should consider implementing in each. You will also learn about such critical areas as privilege management, containers and orchestration, and automation.

Today, firewall services are a key component in protecting cloud-based business services, both at the perimeter and between internal processing segments. This eBook describes best practices and techniques for securing cloud-based firewalls in Amazon Web Services (AWS).

Today, firewall services are a key component in protecting cloud-based business services, both at the perimeter and between internal processing segments. This eBook describes best practices and techniques for securing cloud-based firewalls in Amazon Web Services (AWS).

To take advantage of cloud-based recourses to improve endpoint security, a security program must evaluate business, technical, and operational considerations in addition to the overall threat environment. This eBook describes best practices and techniques for securing endpoints in Amazon Web Services (AWS).

Adapting a strong threat modeling process; understanding the business, technical and operational considerations associated with application security; and automating security controls throughout the entire development and deployment life cycle is critical to securing cloud-based apps. This eBook describes best practices and techniques for securing web applications and app pipelines in Amazon Web Services (AWS).

This whitepaper explores how organizations can leverage solutions to get more signal and less noise to enhance and accelerate their security operations.

CSPM enables efficient investigations because it centralizes data sources that provide operational and security insight. As we talk about the different considerations throughout this paper, we highlight the tactics that can aid in an investigation.

In this whitepaper, SANS analyst and senior instructor, Kyle Dickinson discusses ways to integrate CASBs into your organization, common functionalities found within CASB platforms, and how CASBs can aid organizations in securing their footprint in the cloud.

In this whitepaper, SANS analyst and instructor, Justin Henderson explores how to leverage EDR within AWS to achieve a higher standard of security while simplifying what are normally complex tasks.

In the following whitepaper, SANS analyst and senior instructor David Szili will explore security monitoring strategies and services for the cloud. You will learn key considerations around data collection, intrusion detection and prevention systems, and more to inform your threat detection strategy.

KickStart Kits

AWS Marketplace offers over 1500 security solutions from vetted software sellers. Our growing catalog of KickStart Kits offer deployment training that can help expedite your time to value for some of the more popular solutions.

The Complete OWASP Top 10 Ruleset is a comprehensive package for the best web application protection to help protect against the OWASP top 10 web application threats, including SQLi/XSS attacks, general and known exploits, and malicious bots.

Falcon Endpoint Protection Enterprise unifies the technologies required to successfully stop breaches, including true next-gen antivirus and endpoint detection and response (EDR), managed threat hunting, and threat intelligence automation, delivered via a single lightweight agent.

Simplify your life with Deep Security as a Service. The most threat defense techniques across the broadest set of platforms, no matter where your workloads or containers live. Deep Security seamlessly defends your AWS workloads against threats, malware and vulnerabilities & helps speed compliance.

Fortinet FortiWeb Cloud WAF SaaS defends web-based applications from known and zero-day threats including the OWASP Top 10. The solution enables rapid deployment with minimal configuration required.

Secure your endpoints and boost your overall security posture with advice from Optiv and AWS Marketplace on planning for, purchasing, and deploying CrowdStrike Falcon.

Boost your firewall security strategy with advice from Optiv and AWS Marketplace on planning for, buying, and deploying Palo Alto Networks VM-Series Next-Generation Firewall.

Help reduce threat detection and response times in your environment with guidance from Optiv and AWS Marketplace on planning for, buying, and deploying Splunk SIEM and SOAR solutions.

Sumo Logic is a secure cloud-native analytics platform that can reduce investigation times for security and operational issues. It can enhance threat hunting capabilities through features such as elastic scaling of volume and variety and machine-learning powered analytics.

Prisma Cloud delivers security and compliance in under 5 minutes - no agents or proxies required. It dynamically discovers cloud resources and sensitive data to detect risky configurations and identify network threats, suspicious user behavior, malware, data leakage, and host vulnerabilities.

F5 Web Exploits Rules for AWS WAF, provides protection against web attacks that are part of the OWASP Top 10, such as: SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource.

F5 Advanced WAF provides robust web application firewall protection. It can prevent even sophisticated threats from reaching your application servers through features such as behavioral analytics and automated learning capabilities.

The Devo Data Operations Platform collects, enhances and analyzes machine, business and operational data from across the enterprise. Devo provides real-time analytics and insight for IT operations, security analytics, business analytics, customer insight and log management for the world's leading organizations.

Devo delivers real-time business value from analytics on streaming and historical data to help enterprises drive sustained performance and growth. It provides real-time analytics and insight for IT operations, security analytics, business analytics, customer insight,and log management for the world's leading organizations.

Bitglass Next-Gen CASB automatically learns and adapts to new cloud applications, new malware threats, new behaviors and new devices, delivering comprehensive protection for any application and any device. In addition to the apps featured below, Bitglass supports any cloud application - whether it's managed by your organization or not.

Netskope helps the world's largest organizations take advantage of web and cloud without sacrificing security. Their Cloud XD technology targets and controls activities across any cloud service or website and customers get a 360-degree data and threat protection that works everywhere. We call this smart cloud security.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.