June 8, 2020

Forcepoint NGFW + Amazon GuardDuty = Increased Threat Detection and Monitoring

Mattia Maggioli

Organizations worldwide are increasingly adopting hybrid cloud infrastructures. No two companies are exactly alike. Each occupies a unique stage within their respective security journey. That journey usually involves some level of transition from legacy on-premisees infrastructure to a cloud-only setup. For many companies, a hybrid cloud represents a “best of both worlds” approach to better support their needs.  

While the capabilities of a hybrid cloud stack empower organizations to propel their business forward, they also increase the attack surface for malicious actors who can target applications, services and vulnerabilities exposed by the extended perimeter of the cloud provider.

In this scenario, any security strategy needs an extended threat detection capability to identify attacks targeting both technology stacks (on-premise and in-the-cloud) and to share intelligence from the outer cloud layer to the devices securing the workloads and resources on-premise.That’s where Amazon GuardDuty comes in.

Intelligent threat detection and continuous monitoring with Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats.

GuardDuty gives AWS customers an intelligent and cost-effective option for continuous threat detection in the AWS Cloud. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs. With a few clicks in the AWS Management Console, GuardDuty can be enabled with no software or hardware to deploy or maintain. By integrating with Amazon CloudWatch Events, GuardDuty alerts are actionable, easy to aggregate across multiple accounts, and straightforward to push into existing event management and workflow systems.

Here’s an overview of how GuardDuty works:

How Amazon GuardDuty works

Forcepoint Next Generation Firewall, the most secure and efficient enterprise firewall

Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with efficiency, availability and security. Trusted by thousands of customers around the world, Forcepoint network security solutions enable businesses, government agencies and other organizations to address critical issues efficiently and economically.

Forcepoint network security solutions are seamlessly and centrally managed, whether physical, virtual or in the cloud. Administrators can deploy, monitor and update thousands of firewalls, VPNs and IPSs in minutes, all from a single console – cutting network operating expenses by as much as 50%. Advanced clustering for firewalls and networks eliminates downtime, and administrators can rapidly map business processes into strong, accurate controls to block advanced attacks, prevent data theft and properly manage encrypted traffic – all without compromising performance.

Integration with Amazon GuardDuty delivers intelligence sharing from the cloud

Forcepoint developed an integration component that automates real-time export of security findings of Amazon GuardDuty. This integration into Forcepoint NGFW means that users, applications and services hosted on-premise and protected by NGFW benefit from the increased visibility of threat actors targeting the AWS footprint of an organization. Malicious source IP addresses identified by Amazon GuardDuty are subsequently blacklisted into an entire fleet of NGFW engines deployed across the organization sites, delivering increased protection as a result of the shared intelligence.

The diagram below shows how AWS services and our integration component work together to deliver GuardDuty findings automatically into the NGFW engines:

How AWS Services and Forcepoint NGFW integration

Watch the video below to learn more about the technical implementation. You’ll see a live demo of how the contents of Amazon GuardDuty are seamlessly ingested into Forcepoint NGFW.

Note: The Forcepoint NGFW and Amazon GuardDuty Integration Guide contains the software packages that are described in the video.

Mattia Maggioli

Mattia leads the software engineering arm of Forcepoint Innovation Labs which provides design, prototype and POC capabilities to a wide array of integration activities between Forcepoint and 3rd party products, supporting business with a global ecosystem of technology partners and introducing...

Read more articles by Mattia Maggioli

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.