IBM Security Global Forum

 View Only

IBM Security and Amazon Web Services Announce Expanded Partnership at Amazon AWS re:Invent 2019

By Rich Telljohann posted Tue December 03, 2019 04:00 PM


Today, during AWS re:Invent’s keynote session, Andy Jassy, CEO of Amazon Web Services (AWS), announced new native security offerings including Amazon Detective, AWS Identity and Access Management (IAM) Access Analyzer, as well as Amazon Virtual Private Cloud (Amazon VPC) and AWS IAM product updates to enhance the protection of client workloads across AWS. IBM Security was named an AWS Security Launch Partner delivering new integrations and services to augment AWS native security capabilities for extended alignment, visibility, management, and insight across AWS and hybrid cloud environments.

New IBM Security Integrations with AWS Security Services

Amazon Detective with IBM QRadar SIEM

Amazon Detective is a security service from Amazon Web Services (AWS) that makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. IBM QRadar integrates directly with Amazon Detective to augment the security monitoring capabilities of analysts working to protect AWS environments. When working with specific AWS resources and attributes, QRadar users and QRadar managed security services users can quickly right click on an attribute to launch a window into Amazon Detective and gain additional insights from its native ML-based analytics.

Amazon Detective with IBM X-Force Incident Response and Intelligence Services (IRIS)

AWS and IBM Security are jointly committed to helping clients determine how to get the visibility needed to help assess and investigate cybersecurity breaches. Through this combined effort with AWS and IBM Security, Amazon Detective provides an AWS incident response readiness solution that enables visibility from a platform perspective. This solution provides IRIS with the data needed to accelerate triage, access and investigate breach activity. AWS clients can also engage with X-Force IRIS for comprehensive solutions on incident response planning, preparation and remediation.

AWS IAM Access Analyzer with IBM X-Force Incident Response and Intelligence Services (IRIS)

IBM Security offers the ability to accelerate response to security incidents within AWS environments. Working together, X-Force IRIS and AWS IAM Access Analyzer offer an AWS Incident Response Workshop that combines X-Force IRIS offerings into AWS focused deliverables such as tabletop exercises or playbooks. This workshop helps organizations develop incident response workflows based on specific cloud-involved incident use cases. AWS IAM Access Analyzer helps evaluate AWS policies using formal reasoning to detect access changes and provide recommendations. X-Force IRIS aligns with AWS IAM Access Analyzer to accelerate the review of AWS configurations to minimize data exposure and provide post-breach remediation advice.

Amazon VPC Ingress Routing with IBM Security Services

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC. IBM Security consulting and managed security services can design and implement native VPC routing services to maximize the effectiveness of an organization’s security controls. IBM threat management offerings are equipped with orchestration and automation to streamline the execution of security operations.

AWS IAM Session Tags with IBM Cloud Identity IDaaS

IBM Cloud Identity is one of the first vendors to support AWS IAM Session Tags natively in the product for attribute-based access control (ABAC) for fine grained entitlements. IBM enhanced its already existing SSO integration with AWS to support these session tags natively in the out of the box connector. Clients can take advantage of this capability by creating mapping rules between IBM Cloud Identity's directory service and the application configuration for AWS to ensure the user attributes are passed into the session when their users federate into AWS.

Existing Product Integrations and Services with AWS Security


These latest offerings extend IBM Security’s existing support of AWS native security tools including: IBM QRadar integrations with AWS CloudTrail, Amazon CloudWatch, Amazon VPC Flow Logs, Amazon GuardDuty, and AWS Security Hub; Guardium Data Protection Bring Your Own License (BYOL), IBM Security Access Management BYOL, and QRadar BYOL offerings available in AWS Marketplace; and cloud security consulting, system integration, and managed security services designed for AWS to securely plan, move, build and manage the journey to AWS and hybrid cloud.

Clients using IBM Security’s technology and expertise with AWS can ensure their strategic cloud transformation initiatives have the right balance of security controls.

To learn more about these AWS + IBM Security solutions, visit the IBM Security booth #616 at AWS re:Invent 2019, happening December 2-6, or visit