As with all of Aqua's existing products, Events is designed to work in tandem with AWS-provided security solutions. CSPM Events uses AWS CloudWatch Event rules as a source to determine the AWS API calls made against an account. The same events tracked by CSPM are written to your CloudTrail logs. The difference is that CSPM starts analyzing those events for security risks rather than simply recording them.
AWS ConfigService does allow you to invoke a Lambda function in response to a change within an AWS environment. However, the user is responsible for configuring every event, rule, and function, as well as uploading, hosting, and managing the config code. CSPM Events is designed to be operational within minutes. In less than 10 minutes, you can connect your AWS account to CSPM, launch the provided CloudFormation template, and be set up. CSPM will handle the hard part of analyzing every event and making a security determination based on its properties.
Unlike CloudTrail and ConfigService, CSPM uses ever-evolving algorithms to process your events. Instead of simply comparing the event to a static set of rules, CSPM analyzes the event in the context of numerous other factors, including information provided by the user, information it already knows about the account, whitelists, and information gathered from the global network of CSPM users.
Finally, CSPM is designed to alert you if the status of your existing AWS security solutions changes. For example, if CloudTrail is disabled, a VPC Flow Log is deleted, a ConfigService recorder is stopped, or numerous other events are detected, CSPM will alert you that your account may be at risk. CSPM complements CloudTrail, ConfigService, CloudWatch, and the whole suite of AWS security products.
Did you find it helpful?Send feedback