Scale AWS access and alert analysis services

Go Fast, Safely

AWS access assessments you can actually use

You’ve onboarded your customers’ risk and are working to keep customers secure in the AWS cloud. But it’s not enough to know an AWS security policy changed. Your analysts must understand the effects of security policies so they can determine if an alert is important or if data is exposed.

The AWS security policy language and evaluation are complex (details).  So teaching an automated analysis system which IAM change events are important is tedious, error prone, and burns-out analysts.

Scale AWS access and alert analysis services with k9’s feed of usable AWS access assessment information that demystifies alerts with critical context and accelerates analysis.

Simplify the AWS security model with k9 so you can understand what could happen and prevent incidents instead of reacting to them.

Understand who exactly has access to customer data in AWS, repeatably. Provide analysts the context they need to triage quickly and accurately.  Discover risk so you can manage it. 

Secure customer data by generating strong security policies using k9’s simplified access control model and infrastructure code libraries.

Audit and track compliance continuously with comprehensive & accurate daily reporting.

Solution Brief

Solution Architecture

k9 Security provides the AWS IAM security context your analysis pipeline and analysts need to take action, and stay out of security policy analysis paralysis.

k9 analyzes customer AWS accounts to determine what access each IAM user and role has to core AWS data and security services, and to the specific S3 data and KMS encryption key resources in the account.  k9’s analysis is built on many access simulations using the AWS IAM simulation APIs (free), so you can trust it’s correct and accounts for the deployed AWS security policies: SCP, Resource, and IAM.

Then k9 compiles that analysis and reports access capabilities in terms everyone can understand: administer-resource, read-config, use-resource, read-data, write-data, delete-data.  The analysis describes access from both the principal and resource perspective:

  • Principal: what IAM principals can do with AWS service APIs and resources
  • Resource: how resources may be accessed by principals

k9 encrypts and delivers these access inventory reports to your own secure inbox nightly.  Access inventory reports are ready for review by security analysts, engineers, and even customers responsible for security of application data.  Reports delivered in JSON, CSV, and Excel formats (sample – xslx).  An AWS Access Review dashboard is available for Splunk.

How k9 Works

AWS access controls analyzed every week simplifying customers' security & audit processes

Actually Understand & Improve Access Controls

Understand

Answer questions like:

  • What can that suspicious login do? Create users?  Read or delete data? Which data?
  • Who can administer IAM?  Which IAM users and roles are unused?
  • Who can access sensitive data in S3? Decrypt encrypted data?
  • Who can delete the production database? (what about your continuous-integration user? Find out!)
  • What AWS password and access key credentials exist? When were they last used and rotated?

Continuously audit your AWS environment and verify compliance with access controls required by SOC 2, ISO27001, PCI, and HIPAA.

k9 Security delivers access reports ready to review and act-upon in JSON, CSV, and Excel formats (sample – xslx).  The CSV format loads easily into Splunk and provides the foundation for the AWS Access Review dashboard.

Thank you for your guidance and analysis of our legacy production environments. Visibility from k9 in concert with the centralization of the data is key for us here.

Security Engineer, Community Management Platform

Scale

k9 designed its analysis to be integrated with your existing SIEM and automated analysis workflows.  The well-modeled data loads easily into Splunk and provides the foundation for k9’s AWS Access Review dashboard.

k9’s principal, resource, and access summaries provide the rich context automated analysis processes and human analysts need to make good decisions.

k9 Security can help MSSP and MDR customers integrate k9 data into analysis pipelines and train analysts on AWS security policies.

 

Secure

Fix security policy problems with k9’s complementary policy generation libraries for AWS CDK & Terraform.  Specify who should have access using the simplified k9 access capability model.  k9 infrastructure code libraries generate a best practice policy right within your delivery pipeline.

Now you can finally scale continuous security policy review and improvement out to your application teams.

The k9 S3 and KMS resource policies are so much better than what we have now and what CDK generates with “add read and write permissions.”

Site Reliability Engineer, Event Management Platform

Learn more

Want to know more?  Let’s discuss your event analysis needs, then let us demonstrate how k9 Security can help scale your analysis service capabilities and unburden analysts.

Partnership & Resale

Both public and private-label technology partnerships are available.

Watch Walkthrough