Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, announced a Barracuda Cloud Security Guardian integration with Amazon Detective, a security service from Amazon Web Services (AWS) that is designed to easily analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.
Barracuda Cloud Security Guardian is an agentless Software-as-a-Service (SaaS) solution designed to provide visibility into the security posture of cloud workloads, facilitate compliance, and automate remediation of security incidents.
Amazon Detective is designed to automatically collect log data from customers’ AWS resources and uses machine learning, statistical analysis, and graph theory to help users visualize and conduct faster and more efficient security investigations.
With the Amazon Detective integration, Barracuda customers can get further insight into threats or violations that are exposed by Cloud Security Guardian. For example, if Cloud Security Guardian detects a policy violation in a specific region, the customer can drill down into Amazon Detective and investigate:
- Was there a breach due to the violation? If so, what was the extent of the breach?
- Was there a lateral impact due to the violation? If so, what account or Amazon Elastic Compute Cloud (Amazon EC2) instances were infected?
- Were there any API calls made by a role? From which IP address was their API calls originating?
“Cloud Security Guardian is designed to alert customers to threats and vulnerabilities, allowing customers to fix the violation before there are further attacks,” said Tim Jefferson, SVP of Data Protection, Network and Application Security, Engineering and Product Management, at Barracuda. “The integration with Amazon Detective makes it simple for customers to take their response a step further and understand the impact of the threat by learning more about the context of an attack, such as if there was a spike in inbound or outbound traffic flow after the attack or if there is additional intelligence available about the IP making the attack.”