Cloud technology is going mainstream with more and more organizations are moving to the cloud to save costs on infrastructure as well as provide more reliable digital services. The increasing adoption of cloud technology has raised many security concerns including compliance assurance, security governance, and security operations. Although AWS owns a highly secured cloud infrastructure, organizations are still responsible for their internal security practices. The shared responsibility between organization and cloud service provider (CSP) can be described through the below picture:
In response to this trend, DTonomy has integrated with AWS to allow clients to enhance cloud security automation inside their organizations. We have identified 3 most popular AWS services for cloud monitoring and reporting which are Cloud Trail, Virtual Private Cloud, and Inspector. Using DTonomy workflow, you have a comprehensive set of tools which you can orchestrate to create your own security incident response procedures. Each node in the workflow represents one AWS service with easy setup and is able to receive inputs from other node and produce output under JSON format. You can place the node at any point so that it fits to your own “gold standard” security policies.
Another advantage of using Dtonomy is that you do not have to get rid of your existing tools like Datadog, Signal Science, Sentry, and many more. We provide complete API integration with these services and will expand our list as your demand arises. You can involve numerous service nodes of your choice into your custom flow and perform mock service tests before launching to production. Moreover, your security data can be retrieved and stored to be processed using DTonomy AI. DTonomy AI is our AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations and threat intelligence to provide a unified view of risks across fragmented cloud environments.
Below is a quick explanation of how to configure your AWS integrations on DTonomy workspace:
1. Log in to your AWS Management Console
Simply log into your AWS management console
2. Create Access Key ID and Secret Access Key
- In your AWS Management Console, go to Identity and Access Management (IAM)
- Refer to AWS docs to get your access Keys: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
- Download your access keys for later use
3. Configure the AWS CloudTrail node
- Open DTonomy Workflow, drag and drop AWS CloudTrail -> LOOKUP EVENTS node to the workspace
- Double-click on the node to configure it
- Provide node name (optional), server info (use the access keys from step 2), attribute key and value, time window and max results
Click on edit server to configure AWS server credentials
4. Test the AWS nodes
- Drag and drop INJECT node and DEBUG node to the workspace with the first connecting to the input of your node and the latter connecting to the output of your node.
- Click Deploy to see the result
