SAVIYNT FOR AMAZON WEB SERVICES (AWS)
Complete Visibility into Amazon Web Services (AWS) and DevOps Resources
SAVIYNT FOR AWS COMPLIANCE & SECURITY MANAGEMENT
Complete visibility into AWS and DevOps resources
Saviynt provides a comprehensive view on AWS IAM console / DevOps access including role, action, and tag based permissions. Enterprises can then enforce business processes, approvals and reviews before administrators get access to commission workloads, upload sensitive data in S3 or undertake critical operational activities on AWS / DevOps. With over 250 security controls and risk signatures available out of the box and more that can be user-defined, Saviynt offers the means to continuously monitor the effectiveness of AWS security posture.
Integrate AWS security with enterprise Identity & Access Governance (IAG) processes
Watch a Short Demo To Learn More
Saviynt provides a comprehensive view on AWS IAM console / DevOps access including role, action, and tag based permissions. Enterprises can then enforce business processes, approvals and reviews before administrators get access to commission workloads, upload sensitive data in S3 or undertake critical operational activities on AWS / DevOps.
Real-time security policy enforcement for AWS and DevOps resources
As critical workloads are being deployed on AWS, it is imperative for enterprises to establish and enforce a Minimum Security Baseline (MSB) across different EC2 platforms (e.g. Application server, database server, etc.) and environments (development, test, production). Saviynt can automatically determine this MSB based on existing instances and configurations and identify deviation in patterns and vulnerable / misclassified workloads. Saviynt provides near real-time preventive controls leveraging AWS Config to enforce infrastructure security policies with the ability to stop launch of EC2 instances, revert unauthorized access changes, or simply notify upon policy violations. Saviynt can also extract system configuration, details of local users, service accounts and groups along with policies to clearly identify any deviations from the MSB. It also provisions local and service accounts, monitors activity for anomalies and performs periodic access review.
“Simeio Identity-as-a-Service (IDaaS) is a turnkey offering that allows our customers to adopt a secure, reliable and feature-rich IAM solution while freeing their businesses from the cost and distraction of maintaining their own infrastructure. Whether the IAM solution is hosted in Simeio IDaaS or customer’s own premise, we also monitor and manage this critical solution from Simeio Identity Intelligent Center (IIC). Both Simeio IDaaS and IIC are cornerstones of our business that reside on AWS infrastructure and Saviynt is our partner of choice to secure them. Saviynt for AWS with its controls library provides us early visibility in to potential risks that might arise across our AWS. Saviynt for AWS is also routinely engaged to support our rigorous internal security and audit procedures in addition to customer audits.” HEMEN VIMADALAL, CEO, SIMEIO SOLUTIONS
Stay a step ahead with intelligence-based monitoring
By integrating AWS Config, CloudTrail events, CloudWatch logs, VPC flow logs, DevOps logs (from Chef, Puppet, etc.) Saviynt offers complete visibility into administrative activity on AWS and DevOps as well as integrates with enterprise SIEMs for a holistic view. Enterprises can leverage Saviynt to perform peer and behavioral analytics to detect high risk activity based on various risk scoring parameters including volume spike, ingress / egress traffic, event rarity, outlier access, policy/control violations, threat intelligence, etc. Saviynt enables enterprises to perform signature-less analysis for rapid detection, effective investigation and closed-loop security response.
Enforce consistent Segregation of Duty (SOD) rules and security policies across AWS and AWS resources (EC2, S3, EBS, etc.)
Saviynt Access ProtectTM provides a flexible rules engine and SOD management capabilities for application and business owners to define, enforce and manage business and security policies for DevSecureOps. E.g. same developer cannot perform development and quality analysis, developer should not have admin access to production instances, etc. The policies combined with a rich dashboard provide a granular view into security posture of AWS and clearly identifies gaps in current environment with ‘actionable’ responses. In addition, Access ProtectTM can be integrated with Access Request and Review in a preventive mode to ensure environment stays clean.