AWS Marketplace security resource hub

Learn valuable insights on how new Cloud Workload Security (CWS) functionality can lead to advanced threat detection, increased control, and more.

Choose resource type
  • Choose resource type
  • Webinars
  • Whitepapers
  • KickStart Kits


Register for our webinars to learn from industry leaders on key security topics, such as threat modeling and compliance. You can also discover security solutions available in AWS Marketplace that can help you achieve your security goals.

This webcast provides guidance on the key issues to consider when choosing SIEM or security orchestration and response (SOAR) products for integration on the AWS platform and suggests a process for making such important decisions. Security information and event management plays an important role in collecting data on network assets and traffic. That information can then be funneled through SOAR systems to protect network environments both on-premises and in the cloud.

One of the major concerns security teams have when their organization migrates business to a cloud environment is losing visibility into their systems and threat detection capabilities. Traditional network- and host-based monitoring can be adapted to support intrusion detection in the cloud. In this webcast, SANS Analyst David Szili focuses on the keys to detecting threats in the AWS environment and presents use cases to demonstrate best practices.

In this on-demand webinar, SANS instructor David Hazar, AWS Solutions Architect Manager David Aiken, and Optiv Cloud Security Practice Leader Joe Vadakkan will release guidelines for determining your cloud endpoint security controls and selecting solutions through the AWS Marketplace.

In this on-demand webcast, SANS analyst Thomas Banasik identifies the top challenges businesses face when migrating to the cloud and walks through the process of protecting cloud assets by using a defense-in-depth architecture to create a readily deployable, fully integrated endpoint security strategy.

Cloud-based firewalls, along with threat prevention capabilities (including intrusion detection and prevention systems) are key to securing ever-changing organization perimeters. This webcast provides guidance on the key issues to consider when choosing cloud-based firewall/threat prevention solutions for integration on the AWS platform and suggests a process for making that important decision.

SANS analyst Kevin Garvey explores key features of cloud-based firewalls and how they differ from more traditional firewalls, the ease with which organizations can manage firewalls in AWS, and advanced features of firewalls that are of significant value to users’ organizations.

In this on-demand webinar, SANS Analyst and cloud security expert Dave Shackleford explains how visibility in the cloud differs from more traditional security visibility and suggest how organizations can move toward establishing a cloud visibility strategy, using practical examples to illustrate the process.

As more organizations store sensitive data in the cloud, and as data protection regulations become more stringent, security personnel should consider developing a strategy to protect their assets in the AWS cloud. However, this poses many important questions, such as: How can I securely migrate data from on-premises storage volumes to AWS services, or from existing AWS services to new AWS services?

In this on-demand webinar, SANS analyst and instructor Shaun McCullough provides an introduction to exploring the vulnerabilities associated with modern web applications, the web application firewalls and DevSec operations that oversee security for continually updating of code. This process, known as threat modeling, is vital to the ability to prioritize vulnerabilities and security operations to meet those challenges. Shaun offers practical recommendations for addressing threats, with a focus on web apps, while running in an IaaS/PaaS cloud service using a DevOps process.

In this on-demand webinar, SANS instructor Matt Bromiley explains and defines the various levels of compliance, outlines how risk management and compliance work together, and looks at existing gaps in implementation. The session then addresses how to automate compliance and risk management, including with cloud security controls, to help you answer questions such as: What is the provider’s role and what is the cloud user’s role? Why do you need risk management, and how do you use vulnerability monitoring?

In this on-demand webinar, SANS Director of Emerging Technologies John Pescatore will show how to use the NIST CSF to make the leap to securing infrastructure-as-a-service (IAAS) and hybrid cloud implementations by selecting and integrating the most effective and efficient security services, including both native cloud security services and third-party controls.

This webinar provides guidance on how to understand and protect applications in your pipeline as well as solution suggestions to help secure application deployment and delivery on Amazon Web Services (AWS).

This webinar will focus on the security of the continuous integration and continuous deployment (CI/CD) pipeline and security automation. Join SANS and AWS Marketplace as they discuss how to improve and automate security across the entire CI/CD pipeline and runtime environment.

Join SANS and AWS Marketplace to learn how to leverage different technologies to determine the source and timeline of the event, and the systems targeted to define a reliable starting point from which to begin your investigations.

There are solutions available to enable your ability to conduct effective investigations and help improve your organization’s security posture in AWS. This webinar provides guidance on the key considerations when choosing those solutions.


Download our whitepapers to learn best practices and strategies for a broad spectrum of security topics. You will gain the perspective of both AWS Marketplace and the SANS Institute and identify software sellers in AWS Marketplace that offer relevant security solutions.

In this paper, we review how you can rethink on-premises security capabilities and technologies so that your deployments for cloud environments will be familiar and yet improved. We also look at an example of how an organization can successfully implement cloud-based firewalls.

This guide examines options for implementing firewalls within Amazon Web Services (AWS). It examines the needs and capabilities associated with today’s firewall and threat prevention services and details general, technical and operational considerations when choosing these products. The guide concludes by examining AWSspecific considerations and recommending a plan of action for organizations considering the purchase of cloud-based firewalls. Before we begin, Table 1 provides definitions of key firewall-related terms.

In this paper, we break down key controls and considerations for protecting your data in the AWS cloud, including encryption and key management, data loss prevention, classifying and tracking data, and more. As part of the shared responsibility model, organizations have the authority to enable controls in the cloud to protect data from exposure and attack. The good news is that more data security controls and products/services are available than ever.

In this paper, we present what customers should consider when evaluating endpoint security technology in the cloud. We discuss a high-level strategy for evaluating these solutions and then discuss implementation options that organizations need to consider when planning to implement these technologies in Amazon Web Services (AWS). We also review why businesses may choose to implement endpoint security in the cloud along with the various needs and capabilities associated with different endpoint security solutions.  

This paper is a use case of modeling the threats against a web application server and how to address those risks in a cloud environment. We will cover the web app stack, including the web server, the application code, and the DevOps pipelines to manage it. Database threats will be covered in future papers in this series. We’ll examine the tools and services that cloud providers offer to operate web applications at scale and integrate security services.

In this paper, we look at a variety of controls to ensure network, application, instance/container, database/storage, and control plane visibility and build upon them to create a security visibility strategy for the cloud. Today organizations are storing sensitive information ranging from business intelligence to personally identifiable information, health records, credit cards and other regulated data in the cloud. It is obvious that cloud is here to stay, and security professionals need to manage the threats and vulnerabilities that go along with cloud deployments.

In this paper, we examined the concept of compliance-forward thinking, which asks organizations to consider compliance requirements when they are planning and building infrastructure, instead of afterward. There is a wealth of options within the cloud service space that can assist in automating and monitoring compliance of your organization and/or your customers’ data.

In this whitepaper, SANS Director of Emerging Technologies John Pescatore provides practical scenarios and guidance to help you quickly identify the right use cases to optimize cloud security operations. Securing information always comes down to providing three basic security functions, the "CIA triad" of confidentiality, integrity and availability.

In this whitepaper, SANS analyst, Thomas Banasik, will discuss how endpoint security solutions in the cloud differ from on-premises practices and identify top considerations when migrating to Amazon Web Services (AWS).

This paper seeks to give you a better idea of what your organization needs to successfully plan and execute a secure application transition to, or deployment in, an AWS environment. We discuss how security teams can best support application development teams, what options you have as a security professional for this support, and how best to guide your development teams as they transition workflows to AWS.

In this paper, we delve into the changing nature of application development and security as organizations are building and deploying applications for the cloud. We'll cover the various phases of a modern application pipeline and discuss some of the security controls that organizations should consider implementing in each. We'll also touch on a number of other critical areas such as privilege management, containers and orchestration, and automation.

In this paper, we discuss needs, implementation options, capabilities, and various considerations for organizations seeking to implement SIEM/SOAR capabilities in Amazon Web Services (AWS). We discuss the integration of SIEM and SOAR in the cloud environment and how that compares to on-premises use. What does a cloud use case look like? What are the differences between cloud and on-premises deployments?

In this paper, we focus on the key steps to detect threats in Amazon Web Services (AWS) and gradually build a security monitoring strategy. Threat detection and continuous security monitoring in cloud environments have to integrate security monitoring of instances and images (system monitoring), just as they do on premises. For cloud services, however, it is also crucial to include the monitoring of the cloud network infrastructure and cloud management plane (cloud monitoring).

KickStart Kits

AWS Marketplace offers over 1500 security solutions from vetted software sellers. Our growing catalog of KickStart Kits offer deployment training that can help expedite your time to value for some of the more popular solutions.

The Complete OWASP Top 10 Ruleset is a comprehensive package for the best web application protection to help protect against the OWASP top 10 web application threats, including SQLi/XSS attacks, general and known exploits, and malicious bots.

Falcon Endpoint Protection Enterprise unifies the technologies required to successfully stop breaches, including true next-gen antivirus and endpoint detection and response (EDR), managed threat hunting, and threat intelligence automation, delivered via a single lightweight agent.

Simplify your life with Deep Security as a Service. The most threat defense techniques across the broadest set of platforms, no matter where your workloads or containers live. Deep Security seamlessly defends your AWS workloads against threats, malware and vulnerabilities & helps speed compliance.

Fortinet FortiWeb Cloud WAF SaaS defends web-based applications from known and zero-day threats including the OWASP Top 10. The solution enables rapid deployment with minimal configuration required.

Secure your endpoints and boost your overall security posture with advice from Optiv and AWS Marketplace on planning for, purchasing, and deploying CrowdStrike Falcon.

Boost your firewall security strategy with advice from Optiv and AWS Marketplace on planning for, buying, and deploying Palo Alto Networks VM-Series Next-Generation Firewall.

Help reduce threat detection and response times in your environment with guidance from Optiv and AWS Marketplace on planning for, buying, and deploying Splunk SIEM and SOAR solutions.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.