top of page

CyberNEO

AWS Security Managed Platform

Managed security service that provides security measures on AWS accounts

SERVICE

Protect your AWS environment

AWS Security Managed Platform is a managed security platform that implements each security function of AWS and provides operational monitoring so that customers using AWS public cloud services can implement appropriate security controls. It is a solution that deploy AWS CloudTrail and AWS GuardDuty, records and collects events within AWS accounts, and detects and monitors unauthorized behavior and high-risk activities from actions performed within AWS accounts.

Easy introduction steps

AWS Security Managed Platform is developed with a concept that can be deployed in three steps.

  1. Deploy IAM roles, CloudTrail, GuardDuty, and Config required for cross-account connection with CloudFormation

  2. Issue a CyberNEO account and log in to the CyberNEO portal

  3. Register to CyberNEO the resources for receiving events that were output when step 1 was executed.

Provides continuous security monitoring

Monitor events emitted from CloudTrail, GuardDuty and Config and notify admins when risky behavior is detected.

MONITORING ITEMS

Console login monitoring

Analyze login attempt events in the AWS console to detect unauthorized logins. For example, multiple login failures, attempts to access nonexistent IDs, and access from unusual regions are monitored.

Using the root account

If there is a login with the root account, we will notify the person in charge and confirm it.

Change monitoring of IAM resources

To ensure that security controls are not lost through the creation or modification of IAM users, roles, or policies, we will notify and confirm changes to IAM resources after detecting them.

Resource access denied monitoring

In the event of an access-denied event, we investigate the originating service and associated users to determine the risk of such activity.

Network configuration change monitoring

If changes to network resources are detected, if security controls are lost, we will notify the customer, confirm whether the change has been approved, confirm the reason for mitigation, and advise on how to reduce security risks.

Monitor High-Risk GuardDuty Events Network configuration change monitoring

If a high-risk event is output, we will contact you to investigate the details of the event and evaluate the security incident caused by the event.

Monitor Medium and Low Risk GuardDuty Events

Trends in event output for medium- and low-risk events and matching with other events are performed on a monthly basis to determine whether events lead to suspicious activity.

bottom of page