McAfee detects compromised account activity in AWS based on brute force login attempts, logins from new and untrusted locations for a specific user, and consecutive login attempts from two locations in a time period that implies impossible travel – even if the two logins occur across multiple cloud services – to support immediate remediation and limit exposure.
Insider and privileged user threats
McAfee automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and group to identify activity indicative of insider threat. Privileged User Analytics identifies risk from inactive administrator accounts, excessive permissions, and unwarranted escalation of privileges and user provisioning.
Audit Identity and Access Management (IAM) permissions
McAfee audits the Identity and Access Management (IAM) permissions assigned to users and inherited from group membership, highlighting inactive user accounts that can be deleted to reduce the attack surface. IAM Group Analytics discovers groups without active members that can be deleted.
Audit AWS security and compliance configuration
McAfee continuously monitors and audits AWS security configuration settings to ensure compliance with external regulations and internal policies. McAfee uses field-tested industry best practices to suggest modifications to configuration settings to tighten security and ensure compliance.
“McAfee continues to expand its security controls beyond SaaS to help companies cover their custom-built applications running in IaaS including the IaaS platforms themselves.”
“McAfee helps us understand how employees use the cloud to identify insider threats, compromised credentials, and excessive privileged user access.”
“In an environment with millions of unique events each day, McAfee does a nice job of cutting through the noise and directing us to the areas of greatest security concern.”
“McAfee allows us to have more control over data security by adding an additional layer of protection beyond what the typical cloud service provider can offer.”
Standardize on a corporate AWS account
McAfee identifies all AWS accounts in use by employees and enables enterprises to standardize on their corporate AWS account. Using McAfee, you can enforce governance controls and coach users to corporate AWS accounts for centralized visibility and policy enforcement.
Utilizing Amazon’s AWS Security Hub? See how MVISION Cloud and AWS work together to provide deeper visibility, policy enforcement, and compliance for our customers’ public cloud infrastructure.