blog-header-image
| 3 min read
| Feb 1, 2021
| by Peter Silberman

Introducing Expel Workbench™ for Amazon Web Services (AWS)


If you’re a growing company that was “born in the cloud”, revenue, uptime, new features and innovation are likely some of the big priorities driving your org.

If you had time (and a little forethought) while you were busy building you might’ve baked some security into your CI/CD pipeline. But monitoring security alerts for your application that’s running in AWS isn’t exactly at the top of your to-do list … until one of your big customers (or lawyers or auditors) start asking pointed questions about how you’re monitoring and securing their data in AWS.

Sound familiar?

At this point, most of the customers we work with started asking themselves a few questions:

  • How do I detangle this confusing (and ever-changing) array of AWS services, CloudTrail logs and alerts?
  • Where can I find someone (or the budget to hire someone) who can sift through AWS security alerts and tell me which ones are real risks?
  • What’s the “playbook” for investigating and fixing AWS security alerts?

Then they set out in search of a product to help … and waded through miles of marketing fluff and ended up more than a little irked.

An “easy” button for AWS security

The scenario (and frustration) I describe above – which we’ve heard from orgs in all sorts of industries – is what inspired us to create Expel Workbench™ for AWS.

We think of it as an “easy” button to monitor and investigate potential security risks in your AWS environment. It takes all of your AWS logs and alerts and tells you which ones are real risks (and why all the others aren’t).

How it works:

  • Expel Workbench only surfaces Expel-validated alerts. Our ability to validate alerts is based on the experience of our SOC analysts who’ve run thousands of investigations in AWS environments.
  • Expel Workbench also comes with our bot, Ruxie™, who automatically investigates alerts and gathers additional information before surfacing them up to you, so you’ve got data you need to make quick and accurate decisions.

In addition to gotta-fix-that-now alerts like databases going public or compromised instance credentials, Expel Workbench also tells you when there are “interesting” things like risky authentications or unusual IAM policy changes that may not be immediate risks but are probably something you want to know about. We don’t just rely on AWS GuardDuty, we surface observations and correlations out of your CloudTrail Logs too.

By filtering out false positives and enriching the alerts that matter with investigative details like where the user has authenticated from in the past 45 days or what APIs the AWS role has been observed making in the past 30 days, Expel Workbench shrinks the time it takes you to confirm if an alert is truly something you and your team need to look into.

How Expel Workbench™ for AWS makes your life (and your team’s) easier

If security is something you do when you’ve “got time” or the thought of hiring (and retaining) a team of AWS security analysts makes you want to run away screaming, it’s a good bet that Expel Workbench can help.

How?

With Expel Workbench, you’ll:

  • Become an expert AWS investigator and be able to perform advanced investigations and incident response with a base-level of AWS expertise. It’ll tell you what you need to look at and provide guides on how to respond.
  • Spend less time detecting and more time fixing security risks because it automates alert review and adds investigative details. You’ll have more time back so you can put new security controls in place that prevent security issues.
  • Avoid buying more tools because you don’t need to string together lots of tools to process, analyze and respond to AWS security alerts (and then figure out and train your team on how to use them).
  • Avoid hiring a squad of cloud security gurus who are difficult to find in the first place. We’ve got that covered.

Sound like something that would help your org?

We’d love to answer your burning questions.

Check out our Expel Workbench for AWS page to learn more, or start a free trial.


Subscribe

Introducing a mind map for AWS investigations

Our SOC team remediates quite a few incidents in Amazon Web Services (AWS). Some of these were surprise attacks from red teams, while others were live attackers in our customers’ cloud environments. When running these incidents down, some common themes…
Read More