Easily monitor for anomalous behavior across multiple SaaS applications with AWS AppFabric

0
145
Indefinite storage: What it is and why you might need it

Source is Amazon Business Productivity

Increasingly, customers are adopting more and more SaaS applications to keep their employees more productive and collaborative. However, the pervasive rise of SaaS applications introduces challenges for cybersecurity teams who are responsible for identifying and fixing vulnerabilities in their company’s security systems and programs.  These teams are responsible for monitoring who has access to sensitive company data, how that data is handled or shared over SaaS applications, and whether the SaaS application settings have changed in a way that leaves the company exposed to risk. To achieve observability over the data that may be lost or exposed across SaaS applications, security teams rely on audit logs from each application to track user events like failed login attempts or escalating admin privileges. Getting these audit logs into security tools to analyze this data involves manual and complex work. Each SaaS application follows its own data schema and framework creating disparate data types with every new application adopted. Cybersecurity teams face key challenges. First, they have to multiple point-to-point integrations from each SaaS app used at their company to their different security and observability tools. Second, they have to normalize the audit logs into a common schema that can be consumed by their security tools. This combined effort can add up to weeks, or even months, per application.

At AWS re:Invent I lead a breakout session with Splunk’s Partner Solutions team that unpacks these challenges, and shows IT administrators and security analysts how AppFabric provides solutions to address challenges faced by cybersecurity teams. Join me at, “BIZ213: Improve SaaS application security observability with AWS AppFabric” to dive into the root causes that observability over SaaS apps is challenging.  We will also demonstrate what cybersecurity teams can do with normalized audit logs provided by AWS AppFabric in tools like Splunk, Rapid7, Logz.io, Netwitness, and Netskope.

AWS AppFabric addresses these challenges for security teams. AppFabric is a fully managed service that quickly connects SaaS applications with customer preferred security tools by aggregating, normalizing, and enriching audit logs from multiple SaaS applications. To get stared with AppFabric, customers simply go to the AWS Console, and authorize AppFabric to ingest audit logs from a list of supported applications providing an authorization token. Next, specify the data format desired to consume the audit logs (e.g.: JSON or Parquet, raw or normalized into Open Cybersecurity Schema Framework) and the destination to which AppFabric will ship these normalized audit logs (e.g. Amazon Simple Storage Service or Amazon Kinesis Data Firehose). Finally, a customer then points their preferred security solution, such as Splunk or Amazon OpenSearch, to those destinations and begins consuming SaaS audit logs in their preferred threat detection and search tools, without requiring any additional data transformation effort. AppFabric eliminates the need for cybersecurity teams to build and maintain a multitude of point-to-point integrations between their growing portfolio of SaaS applications and their portfolio of security tools. It also eliminates the need to transform audit logs that follow very different data frameworks across SaaS apps into a common schema that their security tool can consume. Lastly, cybersecurity teams no longer have to manage multiple data pipelines and can rely on AppFabric to be their central log shipper for SaaS audit logs. By having these audit logs easily consumable in their preferred security tool, cybersecurity teams improve their security posture, and gaining a single view across their infrastructure and SaaS application audit logs.

I cover all of this, and more, at re:Invent ‘23. Coming out of session BIZ213, listeners can quickly implement a simple solution that improves monitoring of anomalous user behavior across your SaaS applications, and can also help you meet regulatory and compliance requirements in a simple and cost-effective way.

Add the BIZ213 session from the re:Invent catalog to your schedule now!

Source is Amazon Business Productivity

Vorig artikelHow to upgrade RHEL 8 to 9
Volgend artikelCross-application audit log analysis with AWS AppFabric