Panther for AWS allows security teams to monitor their AWS infrastructure in real-time

Panther Labs announced Panther for AWS security, a security logging solution designed for AWS security teams. Now, AWS security teams will have a single platform for aggregating, organizing, and prioritizing security-relevant data from AWS accounts and combining signals from multiple hybrid platform environments across their organization.

“One of the top issues for security professionals is collecting and normalizing all of the data produced by AWS and then making sense of that information,” said Jack Naglieri, CEO and founder of Panther Labs. “Redirecting logs out of AWS into legacy SIEM solutions is technically challenging, unnecessarily costly, and often encounters significant ETL challenges.”

There are over 175 discrete AWS services, each churning out its own set of metrics, events, and logs, largely in differing formats. Additionally, there are performance metrics produced by the applications running in AWS. To get beyond the basic functionality offered by CloudWatch, AWS users are forced to resort to other methods to gain end-to-end visibility on AWS.

“We’re excited to work with Panther Labs to empower AWS security teams to optimize for speed, scale, and flexibility,” said Dudi Matot, Principal Segment Lead, Security, AWS. “With Panther for AWS, the management load is taken off security teams while still allowing them all the benefits of an end-to-end monitoring experience for AWS with real-time detection, correlation, and analysis. Panther takes vast amounts of AWS security logs and provides normalization, real-time analysis, and a scalable data warehouse to store and query them.”

The solution allows security teams to continuously monitor their AWS infrastructure with policies-as-code for strong security and ongoing compliance. This ability will provide teams with peace of mind as they detect publicly accessible simple storage service (S3) buckets, identity access management (IAM) compliance with multi-factor authentication (MFA) requirements, and brute force login attempts out of the box with Panther. Panther has over 150 out-of-the-box policies and rules that apply to AWS resources and log types.

“With Panther, we’re able to enforce secure configurations across our Cloud Managed services with daily cloud scans and real-time alerts for misconfigurations, incompliant resources, and suspicious activity,” said Matt Jezorek, VP of Security & Platform Abuse, Dropbox.

Critical benefits of Panther for AWS include:

• Unified visibility across AWS infrastructure data: Effortlessly collect all security-related AWS log types like CloudTrail, Application Load, Balancers, VPC Flow, Guard Duty, and more into a centralized and normalized single view.
• Cloud security scanning in real-time: Scan all AWS infrastructure in real-time and apply customizable scripts in Python to complicated policies to detect misconfigurations.
• Creation of a cloud security data lake: A serverless, zero ops cloud data lake – powered by Snowflake – for all of your AWS and cloud security logs.
• Real-time alerts with detection-as-code: Ingest, parse, normalize, and analyze high volume AWS logs and store them for long term retention, creating a well-structured and scalable security data lake.
• Triage alerts and correlate activity: Apply normalization fields (internet protocols, domains, etc.) to all log records across all data sources, enabling fast and easy data correlation.