Two powerful trends are converging, leaving enterprises to struggle with securing and monitoring their portfolio of cloud applications. Alerts and notifications from dozens—if not hundreds—of cloud services are overloading systems administrators, allowing real security issues to slip through the cracks unnoticed. At the same time, the deployment of cloud applications is exploding, with a February 2019 Enterprise Strategy Group (ESG) survey revealing that 39% of midmarket and enterprise organizations are taking a cloud-first approach to their new application deployments, up from 29% in 2018.
The result: Attackers have more time and opportunities to exploit vulnerable systems, while IT personnel are overwhelmed with responding to alerts, configuring complicated infrastructure, and attempting to integrate a variety of third-party services to help monitor and secure their rapidly expanding portfolio of cloud applications. In fact, a May 2019 survey by ESG revealed that 33% of organizations impacted by the global cyber security skills shortage say that cloud security is an area in which they have the biggest shortfall.
To help enterprises address these pressing problems, Symantec has continued to integrate its cloud security offerings more closely with the Amazon Web Services (AWS) platform features. As an AWS Advanced Technology and Security Infrastructure Competency Partner, Symantec has already integrated with AWS Systems Manager to help automate operational actions. Now, Symantec has integrated Symantec Cloud Workload Protection (CWP) with Amazon EventBridge, allowing customers to easily send security events from their own environments to drive comprehensive security analytics use cases.
39% of midmarket and enterprise organizations are taking a cloud-first approach to their new application deployments, up from 29% in 2018
How does Amazon EventBridge work?
At its heart, Amazon EventBridge is a new serverless event bus, built on top of the Amazon CloudWatch Events API, that makes it easy to connect application data from a variety of sources with AWS environments. EventBridge allows third-party applications to send messages and data in a standardized way to AWS CloudWatch events and other applications. Companies can link compliant services to Amazon analytics and pull information from Amazon Web Services into third-party applications that support EventBridge.
How does this new integration between Symantec CWP and Amazon EventBridge benefit me?
EventBridge allows the creation of a single, simple integration that extends events from CWP into AWS to power services such as AWS Lambda, AWS Step Functions, and Amazon Simple Queue Service (SQS). EventBridge delivers a stream of real-time event data from CWP to AWS services which can then be used to perform further actions such as risk reduction and threat remediation.
EventBridge makes it easy to build scalable event-driven applications because it handles event ingestion and delivery, security, authorization, and errors. And since CWP natively supports AWS APIs, integration with EventBridge is easy, enabling rapid response to cloud application threats and environmental changes. For example, CWP could publish security event information to EventBridge, which could then trigger specific AWS Lambda functions to take prespecified actions.
By closely monitoring cloud application workloads and generating alerts according to out-of-the-box or customized rules, CWP can provide early warning about potential attacks and risky behavior. When relayed to AWS via EventBridge, this information can be used to automate responses that would normally be performed by cyber security administrators and IT personnel, freeing these human resources for other critical activities.