Stackarmour

stackArmor ThreatAlert


stackArmor ThreatAlert is a security incident and vulnerability monitoring solution for AWS cloud services. stackArmor ThreatAlert integrates and aggregates security and vulnerability data from various AWS services such as CloudTrail, GuardDuty and others into a single dashboard, incident management and reporting service to meet FedRAMP, FISMA, HIPAA, and PCI-DSS monitoring requirements. The stackArmor ThreatAlert offers flexible deployment models including an “in-boundary” installation that ensures that security data does not leave the system boundary. This deployment model is especially useful for FedRAMP, FISMA and DFARS compliance use cases and does not require access to the AWS console.

Key features of the stackArmor ThreatAlert solution include:

The stackArmor ThreatAlert solution provides a flexible and extensible accelerator for continuous monitoring, cybersecurity vulnerability assessment and compliance reporting.

Key use cases supported by stackArmor ThreatAlert include:

The stackArmor ThreatAlert can be deployed as a stand-alone security operations solution or can be combined with some of our other accelerators for systems operations and compliance reporting. The stackArmor Cybersecurity Platform includes all of our security and cloud governance modules that include:

All of these discrete best of breed solutions that packaged as part of an integrated DevSecOps solution delivered as a fully managed service. Learn more about stackArmor’s stackArmor Cybersecurity Platform can be tailored to meet specific organizational requirements and can be configured to deliver operations, security or compliance services in any number of flexible combinations.

Please feel free to contact us and schedule a free demo of stackArmor Cybersecurity Platform. The diagram below demonstrates the deployment model within a customers account to support multiple workloads and enclaves.

The stackArmor Cybersecurity Platform is fully managed by our integrated Security Operations Center (SOC) staffed with AWS certified SecDevOps Engineers delivering incident response, compliance reporting and remediation assistance.

Full-stack Cloud Security and Compliance As-A-Service

Active Threat Hunting and Incident Response Services

Effective cybersecurity means going beyond passive logging, monitoring and alerting and requires active threat hunting, incident response and remediation. Our integrated security and compliance platform architecture covers the full-stack including Cloud, Containers, Data and Applications. We also provide integrated compliance reporting for NIST SP 800-171, NIST SP 800-53, HIPAA and GDPR compliance. End to end solution that includes Security Operations, Analytics, Response and Remediation delivered as a service for regulated markets with strong compliance requirements. The service includes dedicated SecDevOps Engineers and Analysts constantly monitoring and generating customized alerts, reports and remediation recommendations. stackArmor ThreatAlertTM is the only proven SOAPA and SOAR solution for regulated markets in public sector, higher education and healthcare markets.

Cost-Effective Security and Compliance Solution

stackArmor provides an end-to-end security and compliance service that helps organizations avoid having to hire expensive and scarce cybersecurity and cloud security experts. Our flexible consumption based cost model allows organizations to get best in breed security services at a highly affordable price. We provide a full set of SecDevOps engineers and analysts who are certified and experienced in AWS engineering and operations support using AWS recommended security best practices contained in the Well-Architected Framework (WAF). We partner with our customers to provide a cost-effective and customized solution that addresses urgent and critical needs that supplement and support our customers’ security and compliance needs.

Full-stack Cloud Security and Compliance Service

Comprehensive security coverage including vulnerability management and penetration scanning of AWS cloud configurations, Docker containers, Cloud instances, Applications and Data integrity checks, malware and anti-virus scans delivered in a single solution. Our continuous monitoring report provides coverage on major and critical security performance indicators. We meet the compliance standards for all major security standards including PCI-DSS, HIPAA, FFIEC, ISO 27001, FedRAMP, NIST 800-171 and FISMA.

Vulnerability and Threat Coverage Matrix

stackArmor Cybersecurity Platform coverage matrix covers the full-stack and has been developed based on NIST, DOD DISA, OWASP, AWS and other Industry best practices and standards. The table below provides an overview of the threats and vulnerabilities included in the service.

Vulnerability Surface Description Frequency of Check/Scan
AWS Cloud Configurations This scan includes common misconfiguration and security best practices that are recommended for protecting data and access including VPC, IAM, S3, RDS and others. Daily scan
Operating System Scans and reports operating system and application server vulnerabilities based on NIST CVE scores. Recommended at least monthly but could be more frequent
Docker Containers Deep scan of container image for common vulnerabilities based on NIST CVE scoring using anchore.io Recommended as part of the CI/CD pipeline
Operational Threats Aggregated collection of findings from common AWS services such as AWS CloudTrail, CloudWatch, and GuardDuty for Account, Instance scanning and unauthorized access. Continuous Scan
Data Files Advanced intrusion detection to detect file integrity issues and report system intrusions. Daily
Anti-Virus and Malware Scanning Integrated antivirus engine for detecting trojans, viruses, malware & other malicious threats. Daily
Custom Scans and Inputs Specialized scanners and integrations with industry leading security solutions including Palo Alto Network, Splunk and Trend Micro amongst others. Dependent on requirements

The service is constantly being enhanced and augmented to cover new types of threats and vulnerabilities to provide highly responsive and updated security coverage.

Flexible Service Delivery Model

The service delivery model includes one-time cybersecurity architecture reviews, vulnerability and penetration scans or continuous monitoring based on customizable reporting requirements. The service delivery includes incident response with customizable alerts, reports and remediation consulting. The stackArmor Cybersecurity Platform can be deployed as a dedicated service within the boundary of the customers’ environment or delivered as a shared service to meet various business, technical and security needs.

The pricing model is flexible and is based on the size of the environment as follows:

  1. stackArmor Security and Compliance Platform (Dedicated Deployment Model)
    • Full-stack alerting and monitoring Small environment with less than 25 instances : $96,000 Annual Subscription
    • Full-stack alerting and monitoring Medium environment with between 25-50 instances : $192,000 Annual Subscription
    • Please send us an email to solutions at stackArmor dot com for large environments.
  2. stackArmor Security and Compliance Platform (Shared Deployment Model)
    • Full-stack alerting and monitoring Small environment with less than 25 instances : Annual Subscription benchmarked to AWS spend.
    • Full-stack alerting and monitoring Medium environment with between 25-100 instances : Annual Subscription benchmarked to AWS spend.
    • Please send us an email to solutions at stackArmor dot com for large environments.

Contact Us for Free Consultation

Learn more about stackArmor Cybersecurity Platform (SCP) and contact us for a free consultation and ask for sample reports. Fill out form to contact a stackArmor Cybersecurity Specialist.

Vulnerability Management and Penetration Testing on AWS Cloud