Forcepoint NGFW + Amazon GuardDuty = Increased Threat Detection and Monitoring

In this scenario, any security strategy needs an extended threat detection capability to identify attacks targeting both technology stacks (on-premise and in-the-cloud) and to share intelligence from the outer cloud layer to the devices securing the workloads and resources on-premise.That’s where Amazon GuardDuty comes in.
 

While the capabilities of a hybrid cloud stack empower organizations to propel their business forward, they also increase the attack surface for malicious actors who can target applications, services and vulnerabilities exposed by the extended perimeter of the cloud provider.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats.

Intelligent threat detection and continuous monitoring with Amazon GuardDuty

Here’s an overview of how GuardDuty works:

GuardDuty gives AWS customers an intelligent and cost-effective option for continuous threat detection in the AWS Cloud. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs. With a few clicks in the AWS Management Console, GuardDuty can be enabled with no software or hardware to deploy or maintain. By integrating with Amazon CloudWatch Events, GuardDuty alerts are actionable, easy to aggregate across multiple accounts, and straightforward to push into existing event management and workflow systems.

Forcepoint Next Generation Firewall, the most secure and efficient enterprise firewall

Forcepoint network security solutions are seamlessly and centrally managed, whether physical, virtual or in the cloud. Administrators can deploy, monitor and update thousands of firewalls, VPNs and IPSs in minutes, all from a single console – cutting network operating expenses by as much as 50%. Advanced clustering for firewalls and networks eliminates downtime, and administrators can rapidly map business processes into strong, accurate controls to block advanced attacks, prevent data theft and properly manage encrypted traffic – all without compromising performance.

Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with efficiency, availability and security. Trusted by thousands of customers around the world, Forcepoint network security solutions enable businesses, government agencies and other organizations to address critical issues efficiently and economically.

Forcepoint developed an integration component that automates real-time export of security findings of Amazon GuardDuty. This integration into Forcepoint NGFW means that users, applications and services hosted on-premise and protected by NGFW benefit from the increased visibility of threat actors targeting the AWS footprint of an organization. Malicious source IP addresses identified by Amazon GuardDuty are subsequently blacklisted into an entire fleet of NGFW engines deployed across the organization sites, delivering increased protection as a result of the shared intelligence.

Integration with Amazon GuardDuty delivers intelligence sharing from the cloud

The diagram below shows how AWS services and our integration component work together to deliver GuardDuty findings automatically into the NGFW engines:

Note: The Forcepoint NGFW and Amazon GuardDuty Integration Guide contains the software packages that are described in the video.

Watch the video below to learn more about the technical implementation. You’ll see a live demo of how the contents of Amazon GuardDuty are seamlessly ingested into Forcepoint NGFW.

This post was first first published on Forcepoint website by Mattia Maggioli. You can view it by clicking here