At AWS re:Invent 2018, Amazon Web Services announced AWS Security Hub; a tool designed to aggregate, organize, and prioritize alerts as well as event and log data produced by different AWS services as well as AWS Partner Network security solutions such as MVISION Cloud (formerly Skyhigh Networks). In short, AWS has delivered a single-pane-of-glass view to manage and automate security alerts and compliance checks for customers.
How McAfee MVISION Cloud enhances AWS Security Cloud
As an AWS Partner, it is important for McAfee to enhance our joint customers’ experience with our products. To that end, MVISION Cloud integrates with and augments AWS Security Hub with Cloud Access Security Broker (CASB) data to provide to provide customers with deeper insights.
To facilitate this, McAfee will employ the new Amazon Findings Format (AFF). AFF is a communication standard for data interchange between AWS Security Hub and 3rd parties. AFF is a simple representation of several data points in a “finding” that is sent to or from the AWS Security Hub. A finding in McAfee MVISION Cloud’s case would be a configuration incident found in a customer’s AWS resources.
MVISION Cloud’s integration with AWS Security Hub includes taking event data from the MVISION Cloud platform, formatting the incident data into the AFF format, then sending it to the customer’s AWS Security Hub feed. Once the data has arrived, those critical questions (AWS refers to these as “Insights”) can be nourished and enhanced using McAfee CASB data.
What Problem Does McAfee MVISION Address?
AWS Security Hub queries can be enhanced with configuration incident data derived from the McAfee MVISION Cloud policy engines. Consider all the places within a customer’s AWS Services where the potential for misconfiguration could lead to a security incident. This would include:
- Elastic Compute Cloud (EC2) instances
- Amazon Machine Images (AMI)
- Storage services like S3 buckets, EBS, RDS
- Identity and access management (IAM)
- Logging and monitoring services like CloudTrail
- Network Security Groups and Virtual Private Cloud
- (VPC) networks
McAfee MVISION Cloud scans the security configurations of AWS services based on an organization policy standard such as Center for Internet Security (CIS) standards and compliance templates such as HIPAA, PCI, SOX, and ISO, ITAR or any policy a customer would derive to meet their needs.
When a misconfiguration incident is discovered, the incident details is sent to AWS Security Hub using the AFF format where it can be displayed as a dashboard insight or available for customers to query.
A Culture of Openness
Over the years McAfee’s product portfolio has increasingly adopted a platform-centric and open approach to cyber security. It’s worthwhile to demonstrate the pedigree of openness McAfee has cultivated: McAfee DXL, McAfee Security Innovation Alliance, and McAfee CASB Connect. Through these programs, McAfee builds relationships with large and small software vendors across security disciplines (including competitors) to help maximize value for all customers. In addition, McAfee continues to look for opportunities to go to market with strategic partners such as Amazon Web Services.
How do I get started?
Existing McAfee MVISION Cloud for AWS customers already have everything they need to get started.. The Security Hub feature must be enabled in your AWS Console – from there, MVISION Cloud simply needs your Amazon Account ID to channel alerts to Security Hub.
For those that do not yet run McAfee MVISION Cloud, subscribing is easy – it can be found in the AWS Marketplace. Once subscribed, the full rollout of MVISION Cloud for AWS can be connected to Security Hub as described above.
For more information, please visit McAfee & AWS resource pages: