Security in Amazon Web Services (AWS) is more than just monitoring the containers or virtual machines.

Nerium aims to detect attackers as early as possible in the various stages of an attack (cyber kill chain). Therefore, it's important to conduct monitoring and detection on multiple layers of the digital environment, which also includes AWS cloud security on identities and security groups. AWS offers many possibilities for this through logging, as available in CloudTrail or VPC Flow Logs, for example. An attacker will most likely also interact with the AWS cloud layer during an attack, not just the virtual containers or virtual machines, introducing an opportunity for detection.

Thanks to this approach, specific risks or scenarios unique to an organization can be effectively monitored. Establishing normal behavior provides the ability to detect deviations. For example, if an administrator typically logs in from their own workstation, it's suspicious when the same administrator logs in from a different workstation, even if it's an internal one.

With faster detection of an attacker, incident response processes can be initiated more promptly minimizing the impact of an incident.

Contact

We ensure AWS security through round-the-clock monitoring.

These are some examples for illustration purposes; we do not want to place everything on our website for obvious reasons.

Root login

The administrator always logs in with their root account from one or two systems.

Nerium monitors if the account logs in from an unknown system in the CloudTrail log.

Changing Security Groups

No server or container is directly connected to the internet.

Nerium monitors changes in Security Groups to detect persistence techniques, such as when attackers connect EC2 instances to the internet to establish backdoor access.

Cryptomining

An attacker creates a virtual machine with specific hardware requirements to mine cryptocurrency.

Nerium monitors in the CloudTrail logs for the creation of EC2 instances with specific hardware requirements.

Nerium's approach.

1. The collection of the necessary logging

CloudTrail, VPC flow, and other logging are collected in a separate environment.

2. Determining normal behavior

Nerium, together with the organization, determines what is normal and therefore what is abnormal, which can be monitored.

3. Creation of custom detections

Nerium has over 50 advanced detections for AWS and also creates custom tailored detections based on the previous step.

4. Intervening 24/7 when necessary

In the event of an active attack, we can stop the attacker before the data is stolen or encrypted. We do this by employing pre-documented incident response processes for AWS.

Do you want to protect your organization's AWS environment against cyber attacks? Or do you want to know more?

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

F.A.Q

I'm looking for an incident response guide for my AWS environment. Can Nerium help with this?

Yes, Nerium can help in creating an Incident Response Guide for your AWS environment. This involves identifying potential incidents, setting up a response plan, and providing training to effectively respond to emergencies to minimize impact.

Can you assist us as an incident response partner for any cyber attacks in our AWS environment?

Yes, we can assist you as an incident response partner for any cyber attacks in your AWS environment. We are well-equipped to respond quickly and effectively to minimize the impact of such attacks and get your systems back up and running. For more information, please see our Incident Response Retainer.

In addition to AWS cloud security, how is the virtual layer monitored on which the virtual machines are running?

We accomplish this through the use of an endpoint detection and response tool, which in most cases can also detect vulnerabilities and misconfigurations. For this purpose, we use Crowdstrike Falcon Cloud.