stackArmor ThreatAlert™ is a security incident and vulnerability monitoring solution for AWS cloud services. stackArmor ThreatAlert™ integrates and aggregates security and vulnerability data from various AWS services such as CloudTrail, GuardDuty and others into a single dashboard and offers incident management and reporting service to meet FedRAMP, FISMA, HIPAA, and PCI-DSS monitoring requirements. The stackArmor ThreatAlert offers flexible deployment models including an “in-boundary” installation that ensures that security data does not leave the system boundary. This deployment model is especially useful for FedRAMP, FISMA and DFARS compliance use cases and does not require access to the AWS console.
Key features of the stackArmor ThreatAlert™ solution include:
- Geocoding of security threats
- Single aggregated view of security events and vulnerabilities
- In-built POAM board for NIST SP 800-53/800-171 compliance
- Integration with Jira and ServiceNow for incident management
- In-boundary deployment model for cost savings
- Included continuous monitoring SME’s and analysts
The stackArmor ThreatAlert™ solution provides a flexible and extensible accelerator for continuous monitoring, cybersecurity vulnerability assessment and compliance reporting.
Key use cases supported by stackArmor ThreatAlert™ include:
- Vulnerability Assessment and Penetration Scanning for Cloud-hosted web applications. Click here to learn more about the stackArmor ThreatAlert™ Security Review Report (SRR) offering.
- FedRAMP and FISMA compliance acceleration through integrated Security Operations, Continuous Monitoring and Incident Response Management. Clear here to learn more.
- DFARS/NIST compliance for Government contractors, Educational institutions and Federally funded organizations. Click here to learn more.
- FISMA compliance and digital risk assessment for cloud-hosted systems through automated scans covering code, containers and cloud configurations.
- Mobile vulnerability assessment and penetration scanning for Apple iOS and Android applications. Click here to learn more about stackArmor ThreatAlert™ Mobile Security Review Report (SRR).
The stackArmor ThreatAlert™ can be deployed as a stand-alone security operations solution or can be combined with some of our other accelerators for systems operations and compliance reporting. The stackArmor Cybersecurity Platform includes all of our security and cloud governance modules that include:
- stackArmor OpsAlertTM : Continuous system operations policy, and governance engine with automated incident response for managing cloud operations at scale for dynamic environments. Critical monitoring of compute, storage, network and system components including CPU, IO, response times, unused EBS volumes amongst other metrics.
- stackArmor ThreatAlertTM : Continuous security logging, monitoring and alerting with integrated vulnerability management, cloud security configurations and penetration scanning. Covers cloud platforms, application, data and user access as well as critical security performance parameters.
- stackArmor RapidSSPTM : Provides an easy to use wizard like experience to create a digital System Security Plan (SSP), Plan of Actions & Milestones (POAM) and Security Assessment Report (SAR). The solution offers a fully hosted service with a Secure Document Repository (SDR) with a reading room and document sharing capability.
All of these discrete best of breed solutions that packaged as part of an integrated DevSecOps solution delivered as a fully managed service. Learn more about stackArmor’s stackArmor Cybersecurity Platform can be tailored to meet specific organizational requirements and can be configured to deliver operations, security or compliance services in any number of flexible combinations.
Please feel free to contact us and schedule a free demo of stackArmor Cybersecurity Platform. The diagram below demonstrates the deployment model within a customers account to support multiple workloads and enclaves.
The stackArmor Cybersecurity Platform is fully managed by our integrated Security Operations Center (SOC) staffed with AWS certified SecDevOps Engineers delivering incident response, compliance reporting and remediation assistance.
Full-stack Cloud Security and Compliance As-A-Service
Active Threat Hunting and Incident Response Services
Effective cybersecurity means going beyond passive logging, monitoring and alerting and requires active threat hunting, incident response and remediation. Our integrated security and compliance platform architecture covers the full-stack including Cloud, Containers, Data and Applications. We also provide integrated compliance reporting for NIST SP 800-171, NIST SP 800-53, HIPAA and GDPR compliance. End to end solution that includes Security Operations, Analytics, Response and Remediation delivered as a service for regulated markets with strong compliance requirements. The service includes dedicated SecDevOps Engineers and Analysts constantly monitoring and generating customized alerts, reports and remediation recommendations. stackArmor ThreatAlertTM
is the only proven SOAPA and SOAR
solution for regulated markets in public sector, higher education and healthcare markets.
Cost-Effective Security and Compliance Solution
stackArmor provides an end-to-end security and compliance service that helps organizations avoid having to hire expensive and scarce cybersecurity and cloud security experts. Our flexible consumption based cost model allows organizations to get best in breed security services at a highly affordable price. We provide a full set of SecDevOps engineers and analysts who are certified and experienced in AWS engineering and operations support using AWS recommended security best practices contained in the Well-Architected Framework (WAF)
. We partner with our customers to provide a cost-effective and customized solution that addresses urgent and critical needs that supplement and support our customers’ security and compliance needs.
Full-stack Cloud Security and Compliance Service
Comprehensive security coverage including vulnerability management and penetration scanning of AWS cloud configurations, Docker containers, Cloud instances, Applications and Data integrity checks, malware and anti-virus scans delivered in a single solution. Our continuous monitoring report provides coverage on major and critical security performance indicators. We meet the compliance standards for all major security standards including PCI-DSS, HIPAA, FFIEC, ISO 27001, FedRAMP, NIST 800-171 and FISMA.
Vulnerability and Threat Coverage Matrix
stackArmor Cybersecurity Platform coverage matrix covers the full-stack and has been developed based on NIST, DOD DISA, OWASP, AWS and other Industry best practices and standards. The table below provides an overview of the threats and vulnerabilities included in the service.
||Frequency of Check/Scan
|AWS Cloud Configurations
||This scan includes common misconfiguration and security best practices that are recommended for protecting data and access including VPC, IAM, S3, RDS and others.
||Scans and reports operating system and application server vulnerabilities based on NIST CVE scores.
||Recommended at least monthly but could be more frequent
||Deep scan of container image for common vulnerabilities based on NIST CVE scoring using anchore.io
||Recommended as part of the CI/CD pipeline
||Aggregated collection of findings from common AWS services such as AWS CloudTrail, CloudWatch, and GuardDuty for Account, Instance scanning and unauthorized access.
||Advanced intrusion detection to detect file integrity issues and report system intrusions.
|Anti-Virus and Malware Scanning
||Integrated antivirus engine for detecting trojans, viruses, malware & other malicious threats.
|Custom Scans and Inputs
||Specialized scanners and integrations with industry leading security solutions including Palo Alto Network, Splunk and Trend Micro amongst others.
||Dependent on requirements
The service is constantly being enhanced and augmented to cover new types of threats and vulnerabilities to provide highly responsive and updated security coverage.
Flexible Service Delivery Model
The service delivery model includes one-time cybersecurity architecture reviews, vulnerability and penetration scans or continuous monitoring based on customizable reporting requirements. The service delivery includes incident response with customizable alerts, reports and remediation consulting. The stackArmor Cybersecurity Platform can be deployed as a dedicated service within the boundary of the customers’ environment or delivered as a shared service to meet various business, technical and security needs.
The pricing model is flexible and is based on the size of the environment as follows:
- stackArmor Security and Compliance Platform (Dedicated Deployment Model)
- Full-stack alerting and monitoring Small environment with less than 25 instances : $96,000 Annual Subscription
- Full-stack alerting and monitoring Medium environment with between 25-50 instances : $192,000 Annual Subscription
- Please send us an email to solutions at stackArmor dot com for large environments.
- stackArmor Security and Compliance Platform (Shared Deployment Model)
- Full-stack alerting and monitoring Small environment with less than 25 instances : Annual Subscription benchmarked to AWS spend.
- Full-stack alerting and monitoring Medium environment with between 25-100 instances : Annual Subscription benchmarked to AWS spend.
- Please send us an email to solutions at stackArmor dot com for large environments.
Contact Us for Free Consultation
Learn more about stackArmor Cybersecurity Platform (SCP) and contact us for a free consultation and ask for sample reports. Fill out form to contact a stackArmor Cybersecurity Specialist.
Vulnerability Management and Penetration Testing on AWS Cloud