Barracuda Solutions for Amazon Web Services

Secure your cloud deployment with AWS ‘featured’ solutions and services.

Try Free

Secure your AWS Infrastructure:
Barracuda Cloud Security Guardian for AWS – dive in

Secure your control, data, and management planes to eliminate misconfigurations, user errors, and latent or internal threats. Retain compliance with best practices in cloud security against industry standard including CIS, PCI DSS, HIPAA, and more.

Barracuda Cloud Security Guardian takes over where most solutions leave off. It ensures your environment stays secure while your organization continues to develop and extend cloud service and solutions to your overall infrastructure. Because Cloud Security Guardian is fully integrated with AWS Security Hub, it provides instantaneous alerts and one-click mitigation for detected misconfigurations and compliance violations.

Cloud Security Guardian is unique among Cloud Security Posture Management (CSPM) solutions. It is fully aware of peripheral security including firewalls and WAFs. Cloud Security Guardian can orchestrate and deploy Barracuda CloudGen Firewalls, CloudGen WAFs, and WAF-as-a-Service and manage those configurations for you.

Retaining regulatory compliance

Most regulatory compliance frameworks—GDPR, PCI DSS, etc.—require that infrastructures follow known best security practices to minimize the potential for breaches and data mismanagement. Cloud Security Guardian is built upon CIS Benchmarks, industry-accepted best security practices for IT infrastructures. These benchmarks (150+ of them) have all been turned into policies that Cloud Security Guardian automatically implements the first time it examines an account. Going forward, it constantly monitors this account for any violations of these configurations. In addition to CIS Benchmarks, policies for PCI DSS, HIPAA, and SOC compliance are also included. It is a simple task to modify and add new policies based on your specific needs.

Guard Duty and Cloud Security Guardian

Guard Duty is an AWS service that finds threats by mining Cloudtrail, which logs DNS activity. Although it doesn’t capture everything, it provides flow records on the backend, which doesn’t require a specific permission flow. Cloud Security Guardian ingests Guard Duty findings and provides real-time intelligence and actionable outcomes.

Compliance alerts and Guard Duty alert in one place.

Block malicious IPs in real time across all your cloud Barracuda firewalls.

AWS Security Hub

AWS Security Hub is another security service from AWS. AWS Security Hub gives you a comprehensive view of your high-priority security alerts and security posture across your AWS accounts. There are a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners. But oftentimes this leaves your team switching back and forth between these tools to deal with hundreds, and sometimes thousands, of security alerts every day. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions.

Cloud Security Guardian integrates directly with AWS Security Hub makes these findings actionable. Any security policy violations can be identified, mapped, and remediated, as well as the source of these violations, for example a specific application routine, so future violations can be prevented.

S3 Buckets and Storage Shield

It’s not realistic to try to put an agent on Amazon S3 because you don’t know where the service is—so you need to know what permissions or calls any service can make. Cloud Security Guardian can see all S3 calls including ones that are typically problematic, such as deleteobject, getobjectversionacl, and listallmybuckets. This allows you to put a policy around what developers can do with objects and code. In addition, most modern hackers are hacking Lambda through GetObjectVersionAcl, which gets them into the bucket, and reverse-hack it so any change alerts the hackers.

Storage Shield is a service offered by Cloud Security Guardian that inspects all your S3 buckets for intrusions and malware, and remediates those threats so S3 Buckets no longer create a security risk. Because it is a SaaS service, you only pay for the amount of bucket storage that is scanned.

Amazon Detective

Amazon Detective is a threat investigator, makes it easy to investigate and quickly identify the root cause or potential security issues or suspicious activities. Barracuda Cloud Security Guardian provides easy one-click links into Amazon Detective. If you find a violation from a resource, you can further investigate if that violation has been exploited.

Licensed on metered basis

Because Cloud Security Guardian may be protecting multiple deployments and instances, it is licensed on a per-account or per-VPC basis. This allows Cloud Security Guardian to scale up and down as required in PAYG environments and only charge you for the instances actually being secured. Actual usage is calculated on a monthly basis, ensuring you’re never overpaying for security.

To learn more about Barracuda Cloud Security Guardian, click here.