AWS GOVERNANCE AND SECURITY MANAGEMENT
Saviynt provides a comprehensive view on AWS IAM console / DevOps access including role, action, and tag based permissions. Enterprises can then enforce business processes, approvals and reviews before administrators get access to commission workloads, upload sensitive data in S3 or undertake critical operational activities on AWS / DevOps. With over 250 security controls and risk signatures available out of the box and more that can be user-defined, Saviynt offers the means to continuously monitor the effectiveness of AWS security posture.
Saviynt not only automates and simplifies enterprise IAG processes but also extends them for AWS access life-cycle management. Enterprises can now have a single window to manage access across Cloud and enterprise applications. Triggers from Joiner, Mover and Leaver processes within the enterprise are used to enforce appropriate access in AWS. Access Management is further simplified with the help of roles and attribute/context-based access policies (RBAC/ABAC). Periodic as well as event-based attestations ensure that excessive and outlier access is proactively removed.
As critical workloads are being deployed on AWS, it is imperative for enterprises to establish and enforce a Minimum Security Baseline (MSB) across different EC2 platforms (e.g. Application server, database server, etc.) and environments (development, test, production). Saviynt can automatically determine this MSB based on existing instances and configurations and identify deviation in patterns and vulnerable / misclassified workloads. Saviynt provides near real-time preventive controls leveraging AWS Config to enforce infrastructure security policies with the ability to stop launch of EC2 instances, revert unauthorized access changes, or simply notify upon policy violations. Saviynt can also extract system configuration, details of local users, service accounts and groups along with policies to clearly identify any deviations from the MSB. It also provisions local and service accounts, monitors activity for anomalies and performs periodic access review.
By integrating AWS Config, CloudTrail events, CloudWatch logs, VPC flow logs, DevOps logs (from Chef, Puppet, etc.) Saviynt offers complete visibility into administrative activity on AWS and DevOps as well as integrates with enterprise SIEMs for a holistic view. Enterprises can leverage Saviynt to perform peer and behavioral analytics to detect high risk activity based on various risk scoring parameters including volume spike, ingress / egress traffic, event rarity, outlier access, policy/control violations, threat intelligence, etc. Saviynt enables enterprises to perform signature-less analysis for rapid detection, effective investigation and closed-loop security response.
Saviynt Access Protect TM provides a flexible rules engine and SOD management capabilities for application and business owners to define, enforce and manage business and security policies for DevSecureOps. E.g. same developer cannot perform development and quality analysis, developer should not have admin access to production instances, etc. The policies combined with a rich dashboard provide a granular view into security posture of AWS and clearly identifies gaps in current environment with ‘actionable’ responses. In addition, Access Protect TM can be integrated with Access Request and Review in a preventive mode to ensure environment stays clean.