McAfee, FireEye offer integration with AWS for cloud workload security

McAfee is integrating FireEye Helix with AWS' Inspector cloud security tool, to allow companies to more easily apply behavior analysis and machine learning techniques to risk detection for cloud workload data.

cloud security
CIS

McAfee Enterprise and FireEye have integrated FireEye Helix with Amazon Web Services’ Inspector cloud security tool, in a move to offer behavior analysis and machine learning risk-analysis capabilities for enterprises running AWS cloud workloads.

McAfee and FireEye have also announced that they are joining the AWS independent software vendor (ISV) Workload Migration Program (WMP). Symphony Technology Group (STG) completed the acquisition of FireEye in October 2021, and then combined FireEye with the enterprise business of McAfee, which had been previously acquired in July 2021.

FireEye Helix enhances risk analysis for AWS

FireEye Helix is a SaaS-based security operations platform developed on AWS for risk detection and response. FireEye Helix automatically ingests and processes Amazon Inspector EC2 and ECR vulnerability data from the user’s AWS infrastructure, correlating this information with data from hundreds of different security and business applications. FireEye Helix applies machine learning and behavior analysis to produce risks scores for compromised users and vulnerable infrastructure. 

The integration with AWS Inspector, which scans Amazon cloud workloads for software vulnerabilities and unintended network exposure, is intended to allow companies to replace and eliminate the overhead of separate, on-premises SIEM (security information and event management) or SOAR (security orchestration, automation and response) applications.

“The integration with Amazon Inspector will give security professionals visibility within Helix into vulnerabilities on AWS workloads," according to Forrester analyst Allie Mellen. “Enterprises are moving to the cloud — and because of this shift, security professionals need to adapt."

Having visibility into vulnerabilities on cloud workloads is important to protect  business data, Mellen said.

“For AWS customers, this will benefit those using both AWS and FireEye Helix, as they can use the two together to monitor for vulnerabilities in AWS workloads in the same place they likely perform much of the incident response lifecycle already,” Mellen added.

FireEye’s integration with Amazon Inspector follows a series of previous FireEye-Amazon integrations including those with Amazon CloudWatch, Amazon VPC Flow Logs, Amazon Security Hub, AWS CloudTrail, AWS Network Firewall, Amazon GuardDuty, Amazon Simple Storage Service (Amazon 53) and Amazon Route 53. 

FireEye applications offered on AWS Marketplace

FireEye’s complete software as a service (SaaS) security suite is now available on AWS Marketplace. In addition to the integration of FireEye Helix with Amazon Inspector, Helix is also available separately on the marketplace.

Other FireEye applications available on the marketplace include FireEye Endpoint Security, an endpoint detection and response program; FireEye Email Security, designed to stop phishing attacks; FireEye Detection on Demand, which protects files and detects threats, such as ransomware, in Amazon S3 buckets; and CloudVisory, a visibility tool designed to support compliance and governance, reducing the risk of attacks exploiting misconfigurations.

McAfee and FireEye join ISV program

McAfee and FireEye also announced that they have joined the AWS ISV Workload Migration Program (WMP), which helps customers migrate ISV workloads to AWS. WMP works with AWS partners to create a repeatable migration process and methodology for their AWS offering.

The program is designed to facilitate customer migration to AWS SaaS, PaaS and IaaS security products by providing funding, technology enablement and go-to-market support.

Related:

Copyright © 2021 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.