Demisto_Logo
  • Platform
    • Overview
    • Security Orchestration
    • Incident Management
    • Interactive Investigation
    • Machine Learning
    • Architecture
    • Indicator Repository
  • Solutions
    • Accelerate Incident Response
    • Standardize Incident Response
    • Threat Hunting
    • Cloud Security
    • SOC Metrics
    • MSSP
  • Community
  • Resources
    • Content Library
    • Blog
  • Integrations
  • Company
    • About Us
    • News
    • Join Us
    • Media Kit
    • Contact
  • Free community edition
Free Community Edition
December 3, 2019

Incident Response

Security Orchestration

Threat Intelligence

Partner Integrations

Demisto

Demisto and Amazon Detective: Automated Cloud Threat Investigation and Response

AWS_AutomatedCloud_FeaturedImage-1

Subscribe to Email Updates

envelope-icon.png
subscribe to email updates
  • All
  • Must-Read Articles
  • Product Features
  • Use-Cases
  • News and Events
  • Partner Integrations
  • Tweet

Cloud adoption has heralded a new age of business and technology, as organizations share compute, storage, and infrastructure resources to innovate and scale. But these developments have brought with them their own set of security hurdles to overcome. The volume of data resulting from rapid cloud provisioning and multiple cloud security products makes it impossible for your teams to remain agile and flexible in their threat response - without the help of automation.

However, the ideal “automated” incident response workflow is a balance of automated and manual tasks. It is flexible enough to automate the repetitive and standard tasks but also takes into account the less clear cut security issues that require human investigation to determine the full scope of the problem and the dispositions required.

Demisto and Amazon Detective Integration

This integration between Demisto and Amazon Detective expands on the strategic alliance and existing deep integrations between AWS and Demisto. It provides the ideal workflow balance of automation coupled with deeper human investigation, giving security teams direct access via Demisto to Amazon Detective’s rich source of resource profiles (AWS Account, AWS role, AWS user, EC2 instance, IP Address, User Agent, GuardDuty Findings) and the behavior and actions on these resources.  In cases where further investigation of findings are required, direct access to Amazon Detective is easily integrated into Demisto’s playbooks to speed analysis and standardize incident response. 

 

For example, an alert from AWS Security Hub or GuardDuty might trigger a playbook that creates the incident, provides access to finding/resource details from Amazon Detective and other AWS products to extract wider context, enabling the security team to better prioritize their remediation efforts.
Amazon_Detective_flow_final

Interactive, real-time investigation of complex threats

After running playbooks, your team can then gain greater visibility when investigating threats and issues within target accounts. They can run commands from other security tools in real-time, or dig deeper into Amazon Detective on a specific finding or to identify related items that need to be addressed.  All actions taken by the security analyst are auto-documented within the Demisto War Room, providing an evidence timeline and disposition audit trail for cross team collaboration or post investigation reporting. 

Amazon Detective, coupled with Demisto’s orchestration workflows, help cloud security teams streamline and scale their threat investigation and incident response efforts.

 


We hope you found this integration overview useful. To explore Demisto in greater detail, you can download our free community edition below. 

Free community edition

 

Share:

What Should I Read Next:

December 3, 2019 09:00:00 PM

Demisto and AWS: Identity and Access Management (IAM) Access Analyzer

SHARE

November 27, 2019 04:00:00 PM

SOAR Report 2019 Deep-Dive: Response and Enforcement

SHARE

November 22, 2019 04:00:00 PM

Demisto and Risk Based Security VulnDB: Automated Vulnerability Data Enrichment and Response

SHARE
Careers
foot-logo.png
get in touch

Copyright © 2019   |   DEMISTO - A PALO ALTO NETWORKS COMPANY   |   PRIVACY STATEMENT