CIEM on AWS

Using AWS services to accomplish your cloud infrastructure entitlement management goals

What are CIEM solutions?

CIEM solutions help to identify, manage, and mitigate risks associated with access privileges granted to identities and resources in cloud environments. Four fundamental CIEM capabilities are recognized widely: rightsizing permissions, anomaly detection, visualization, and compliance reporting.

What is CIEM on AWS?

AWS has four key services that provide you CIEM capabilities.

Use cases

Rightsizing permissions with IAM Access Analyzer

  1. Continuously monitor identities – Achieve least privilege by continuously monitoring your identities to identify unused access.
  2. Scale your analysis for unused access – Scale analysis of your identities across all accounts in your AWS environment with AWS Organizations and AWS Security Hub integrations.
  3. Rightsize unused access quickly – Accelerate remediation of unused access granted to identities with policy recommendations.
  4. Automate policy reviews – Automate policy reviews before deployments by using policy validation and configuring custom policy checks in your development lifecycle.

Anomaly detection with Amazon GuardDuty

  1. Monitor IAM users with GuardDuty – Identify anomalous behavior relating to IAM users and remediate potential risks.
  2. Continuously review for anomalies – Keep your identities secure by continuously assessing for potential anomalies across your AWS environment.
  3. Scale with a fully managed solution – Scale anomaly detection across all accounts in your AWS environment without requiring manual effort or third-party tooling.

Visualizations with Amazon Detective and IAM Access Analyzer

  1. Centrally review dashboards – Use the IAM Access Analyzer summary dashboard to gain visibility into the effective use of permissions at scale and easily identify accounts that need attention.
  2. Investigate incidents with interactive visualizations – Determine the extent of malicious activity, its impact, and the underlying cause by analyzing relevant historical activities for patterns for your identities.
  3. Visualize access granted to identities – Use Amazon Detective to generate a visual representation of identities and their relationships with resources.

Compliance reporting with AWS Audit Manager

  1. Continually audit identities to assess compliance – Automatically collect evidence for your identities, monitor your compliance posture, and proactively reduce risk by fine-tuning your controls.
  2. Leverage prebuilt frameworks – Map identity-related permissions with prebuilt or custom frameworks and continuously monitor for evidence.
  3. Automate evidence collection with AWS Audit Manager – Transition from manual to automated evidence collection and accelerate your compliance reporting activities. 
"AWS IAM Access Analyzer is instrumental in our data perimeter strategy, allowing our security teams to proactively review and validate public and cross-account access before deploying permissions changes. Using automated reasoning, IAM Access Analyzer provides a higher level of assurance that the permissions granted to AWS resources are as intended. IAM Access Analyzer has significantly increased organizational confidence in our access controls as well as agility to securely scale out in the cloud.”

- Joe Denton, Staff Security Architect, Public Cloud Security, USAA

Next steps

Explore IAM Access Analzyer
Set up an analyzer to continuously monitor for unused access.
Explore Amazon GuardDuty
Use Amazon GuardDuty to detect anomalous behavior.
Explore Amazon Detective
Learn how to use Amazon Detective to investigate suspicious activity.
Explore AWS Audit Manager
Use AWS Audit Manager to setup a framework and collect evidence of compliance.

Explore more of AWS