SAVIYNT FOR AWS GOVERNANCE AND SECURITY MANAGEMENT

Complete visibility and access control on AWS and DevOps resources

Saviynt provides a comprehensive view on AWS IAM console / DevOps access including role, action, and tag based permissions. Enterprises can then enforce business processes, approvals and reviews before administrators get access to commission workloads, upload sensitive data in S3 or undertake critical operational activities on AWS / DevOps. With over 250 security controls and risk signatures available out of the box and more that can be user-defined, Saviynt offers the means to continuously monitor the effectiveness of AWS security posture.

Dasboard on on AWS IAM console / DevOps

Integrate AWS security with enterprise Identity & Access Governance (IAG) processes

Saviynt not only automates and simplifies enterprise IAG processes but also extends them for AWS access life-cycle management. Enterprises can now have a single window to manage access across Cloud and enterprise applications. Triggers from Joiner, Mover and Leaver processes within the enterprise are used to enforce appropriate access in AWS. Access Management is further simplified with the help of roles and attribute/context-based access policies (RBAC/ABAC). Periodic as well as event-based attestations ensure that excessive and outlier access is proactively removed.

Real-time security policy enforcement for AWS and DevOps resources

As critical workloads are being deployed on AWS, it is imperative for enterprises to establish and enforce a Minimum Security Baseline (MSB) across different EC2 platforms (e.g. Application server, database server, etc.) and environments (development, test, production). Saviynt can automatically determine this MSB based on existing instances and configurations and identify deviation in patterns and vulnerable / misclassified workloads. Saviynt provides near real-time preventive controls leveraging AWS Config to enforce infrastructure security policies with the ability to stop launch of EC2 instances, revert unauthorized access changes, or simply notify upon policy violations. Saviynt can also extract system configuration, details of local users, service accounts and groups along with policies to clearly identify any deviations from the MSB. It also provisions local and service accounts, monitors activity for anomalies and performs periodic access review.

CUSTOMER SPEAK

“Simeio Identity-as-a-Service (IDaaS) is a turnkey offering that allows our customers to adopt a secure, reliable and feature-rich IAM solution while freeing their businesses from the cost and distraction of maintaining their own infrastructure. Whether the IAM solution is hosted in Simeio IDaaS or customer’s own premise, we also monitor and manage this critical solution from Simeio Identity Intelligent Center (IIC). Both Simeio IDaaS and IIC are cornerstones of our business that reside on AWS infrastructure and Saviynt is our partner of choice to secure them. Saviynt for AWS with its controls library provides us early visibility in to potential risks that might arise across our AWS. Saviynt for AWS is also routinely engaged to support our rigorous internal security and audit procedures in addition to customer audits.”

HEMEN VIMADALAL, CEO, SIMEIO SOLUTIONS

Stay a step ahead with intelligence-based monitoring

By integrating AWS Config, CloudTrail events, CloudWatch logs, VPC flow logs, DevOps logs (from Chef, Puppet, etc.) Saviynt offers complete visibility into administrative activity on AWS and DevOps as well as integrates with enterprise SIEMs for a holistic view. Enterprises can leverage Saviynt to perform peer and behavioral analytics to detect high risk activity based on various risk scoring parameters including volume spike, ingress / egress traffic, event rarity, outlier access, policy/control violations, threat intelligence, etc. Saviynt enables enterprises to perform signature-less analysis for rapid detection, effective investigation and closed-loop security response.

Enforce consistent Segregation of Duty (SOD) rules and security policies across AWS and AWS resources (EC2, S3, EBS, etc.)

Saviynt Access Protect TM provides a flexible rules engine and SOD management capabilities for application and business owners to define, enforce and manage business and security policies for DevSecureOps. E.g. same developer cannot perform development and quality analysis, developer should not have admin access to production instances, etc. The policies combined with a rich dashboard provide a granular view into security posture of AWS and clearly identifies gaps in current environment with ‘actionable’ responses. In addition, Access Protect TM can be integrated with Access Request and Review in a preventive mode to ensure environment stays clean.

Next Generation Access Governance and Intelligence for your Cloud, Big Data and Enterprise Applications

Amazon web services- Advanced Technology Partner

Sign up for Saviynt Updates