Trellix Enhances Zero Trust with AWS Verified Access

-

Trellix leverages AWS for Extended Detection and Response (XDR)


Zero trust (ZT) is a concept adopted by many organizations built on the principle of "never trust, always verify." No implicit trust is granted to assets or user accounts based solely on their network location or asset ownership. But how can SOC teams know what the user is accessing is within policy, and how can they verify this when managing access to multiple security systems? SOC teams are dealing with the unexpected and increased security risks. SOC teams are fighting to protect their organizations on any given day, even more so as users are accessing corporate applications from home, the office, and while traveling. With the increased attack surface, the bad guys can sneak into the corporate network more easily.

How can we make things easier for security professionals? This is where AWS and Trellix make it easier for you to see and respond to risks across your organization. As customers try to keep pace with dynamic attacks and ensure greater peace of mind, they are looking for more centralized visibility and quick resolution of their security issues.

Trellix is at the forefront of the Extended Detection and Response ("XDR") revolution—pioneering a brand-new way to bring detection, response, and remediation together in a single living security solution. The Trellix XDR platform seamlessly integrates with our broad portfolio of endpoint, email, network, cloud, and other security products. Integrated with an additional 1000+ security and business applications, we equip your business with intelligent threat sensing, analytics, and automated response.

What is AWS Verified Access?

AWS Verified Access is a new capability that makes it easier for IT administrators to provide secure access to corporate applications in AWS or on their premises without using a VPN. IT administrators can use Verified Access to define a set of policies to control users' access to corporate applications, eliminating the need to manage access through multiple security systems. These policies can be based on users identity, device security status, and other real-time data such as behavioral analytics that monitors users' activities for potential security risks. This improves customers' application security by letting administrators grant access only when users meet specific security requirements and by preventing access from potentially vulnerable devices. Verified Access simplifies the way enterprises provide secure access to corporate applications for their workers.

 

How can Verified Access and Trellix Helix help my security operations?

Mutual customers can leverage Trellix Helix and integrate with the other nine AWS services to gain visibility in rapidly by ingesting metadata from AWS. This data is then enriched with threat intelligence and evaluated with behavior analysis and machine learning to prioritize those alerts that are most actionable. Trellix Helix provides content and rules against AWS data, helping security analysts understand the security event faster. This new integration with Verified Access would help assist a security investigation, such as correlating a compromised endpoint to a user whose credentials might have been compromised and could affect their AWS accounts.

How does Zero Trust work with XDR?

XDR improves and adds to a company's Zero Trust framework. Visibility and mitigation of security threats are as important as ever, but the challenge of seeing all potential attacks is heightened due to the decentralized, dynamic nature of Zero Trust deployments. Trellix makes Zero Trust architectures better by finding the risks in your telemetry and sharing those with your tools and processes that help determine the authorization and access levels needed for your business to perform its work securely. Trellix's flexible XDR platform connects all Trellix technologies and a broad ecosystem of over 1000+ security tools and applications to provide a seamless SecOps experience in one place.

Visibility into endpoint activity, email messages, network traffic, cloud security posture, data security, AWS information and many other sources is crucial in Zero Trust since assets are no longer confined to Enterprise boundaries and ownership. Trellix Security Solutions analyze and protect your critical vectors, feeding it to the Trellix Security Operations Platform, which offers advanced detection and correlation capabilities and automated responses to help protect your business.

 


  IZ


Comments

Post a Comment

Popular posts from this blog

CISA and ENISA enhance their Cooperation

-
Image
  The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness. Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023. ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those...
Read more

Top Five Most Exploited Vulnerabilities in January 2024

-
Image
In January 2024, cybersecurity faced a remarkable surge in threats, with a focus on exploiting vulnerabilities in technologies from leading vendors. This spike in cyber attacks highlighted the urgent necessity for robust security posture and swift responses to mitigate these vulnerabilities.  Below is an in-depth analysis of the most critical vulnerabilities targeted during January. CVE-2023-46805 and CVE-2024-21887:   CISA Warns Against Ivanti Zero-Day Vulnerabilities On January 19, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding two critical zero-day vulnerabilities discovered in Ivanti products:  CVE-2023-46805 and  CVE-2024-21887.  Assigned CVSS scores of 8.2 (High) and 9.1 (Critical), these vulnerabilities underscore a significant risk to cybersecurity, marked by their capability for arbitrary command execution. This prompted an emergency directive for immediate mitigation within federal agencies, highlighting the...
Read more

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

-
Image
On Feb. 13, 2024, Microsoft issued a  patch  for CVE-2024-21412, a  Microsoft Defender SmartScreen  vulnerability revolving around internet shortcuts. Previously, we discovered that an advanced persistent threat (APT) group we track under the name Water Hydra has been exploiting CVE-2024-21412 in a sophisticated campaign targeting financial market traders, allowing the group to bypass Microsoft Defender SmartScreen and infect its victims with the DarkMe remote access trojan (RAT). Threat actors are constantly finding new ways of identifying and exploiting gaps to bypass security measures. We found that the bypass of CVE-2023-36025 (a previously patched SmartScreen vulnerability) led to the discovery and exploitation of CVE-2024-21412. This highlights how threat actors can circumvent patches by identifying new vectors of attack around a patched software component. It is important that organizations are able to identify and mitigate vulnerabilities, especiall...
Read more