IBM Security QRadar

 View Only

IBM Security QRadar and AWS Verified Access

By Olga Hout posted Sun April 30, 2023 01:19 AM


In the last few years, the “work from anywhere” model has made IT security more challenging. Companies wish to grant flexibility to their employees, without compromising on the security of their applications. 

To tackle this new use case, AWS is introducing a new service called AWS Verified Access. AWS Verified Access will allow secure access to applications in AWS without using a VPN, while still leveraging Zero Trust principles and validating every request, irrespective of the user’s network or location.

[image credits: AWS Verified Access User Guide]

The integration with Amazon Web Services (AWS) Verified Access builds on an existing relationship.

Some of the benefits of AWS Verified Access are:

·      Improved security posture
Verified Access evaluates each application access request in real time, making it difficult for bad hackers to move from one application to another.

·      Integration with security services
Verified Access integrates with identity and device management services, including both AWS and third-party services.

·      Improved user experience
Verified Access removes the need for users to use a VPN to access your applications, reducing the number of support cases related to the use of VPN.

·      Simplified troubleshooting and audits
Verified Access logs all access attempts, providing centralized visibility into application access, to help you quickly respond to security incidents and audit requests.

IBM QRadar SIEM has added support for AWS Verified Access logs and events into our product as a new resource for our threat analytics and correlation. Verified Access audit trail logs can provide insights to QRadar SIEM on suspicious failed access attempts that may indicate malicious behavior.

AWS Verified Access logs will support the OCSF format, embracing the principles of open security standards. These logs will be ingested and parsed by IBM QRadar SIEM, giving customers visibility into every access request, then attempts to prevent and detect security incidents.

Please, reach out to our team if you have any questions. And, as always, if you have a product integration or an enhancement idea you’d like to share with us, please share your feedback by submitting a new feature request via IBM Security Ideas Portal.

P.S. will we see you at RSA’23 in April? Stop by booth #5658 and meet our team in person.