Trellix Enhances Zero Trust with AWS Verified Access

By Christopher Unick · April 28, 2023

Trellix leverages AWS for Extended Detection and Response (XDR)

Zero trust (ZT) is a concept adopted by many organizations built on the principle of "never trust, always verify." No implicit trust is granted to assets or user accounts based solely on their network location or asset ownership. But how can SOC teams know what the user is accessing is within policy, and how can they verify this when managing access to multiple security systems? SOC teams are dealing with the unexpected and increased security risks. SOC teams are fighting to protect their organizations on any given day, even more so as users are accessing corporate applications from home, the office, and while traveling. With the increased attack surface, the bad guys can sneak into the corporate network more easily.

How can we make things easier for security professionals? This is where AWS and Trellix make it easier for you to see and respond to risks across your organization. As customers try to keep pace with dynamic attacks and ensure greater peace of mind, they are looking for more centralized visibility and quick resolution of their security issues.

Trellix is at the forefront of the Extended Detection and Response ("XDR") revolution—pioneering a brand-new way to bring detection, response, and remediation together in a single living security solution. The Trellix XDR platform seamlessly integrates with our broad portfolio of endpoint, email, network, cloud, and other security products. Integrated with an additional 1000+ security and business applications, we equip your business with intelligent threat sensing, analytics, and automated response.

As AWS announces the General availability for AWS Verified Access, today, Trellix is ready to support mutual customers of this new capability. Today, Trellix support for AWS Verified Access provides visibility into a customer's per application configurations to see when policies are set and changed. This makes it incredibly easier for SOC analysts to correlate security threats seen across their ecosystem with key configuration settings and changes in a customer's AWS environment and can help provide crucial and timely information for a customer's Zero Trust architecture.

What is AWS Verified Access?

AWS Verified Access is a new capability that makes it easier for IT administrators to provide secure access to corporate applications in AWS or on their premises without using a VPN. IT administrators can use Verified Access to define a set of policies to control users' access to corporate applications, eliminating the need to manage access through multiple security systems. These policies can be based on users identity, device security status, and other real-time data such as behavioral analytics that monitors users' activities for potential security risks. This improves customers' application security by letting administrators grant access only when users meet specific security requirements and by preventing access from potentially vulnerable devices. Verified Access simplifies the way enterprises provide secure access to corporate applications for their workers.

How can Verified Access and Trellix Helix help my security operations?

Mutual customers can leverage Trellix Helix and integrate with the other nine AWS services to gain visibility in rapidly by ingesting metadata from AWS. This data is then enriched with threat intelligence and evaluated with behavior analysis and machine learning to prioritize those alerts that are most actionable. Trellix Helix provides content and rules against AWS data, helping security analysts understand the security event faster. This new integration with Verified Access would help assist a security investigation, such as correlating a compromised endpoint to a user whose credentials might have been compromised and could affect their AWS accounts.

How does Zero Trust work with XDR? XDR improves and adds to a company's Zero Trust framework. Visibility and mitigation of security threats are as important as ever, but the challenge of seeing all potential attacks is heightened due to the decentralized, dynamic nature of Zero Trust deployments. Trellix makes Zero Trust architectures better by finding the risks in your telemetry and sharing those with your tools and processes that help determine the authorization and access levels needed for your business to perform its work securely. Trellix's flexible XDR platform connects all Trellix technologies and a broad ecosystem of over 1000+ security tools and applications to provide a seamless SecOps experience in one place.

Visibility into endpoint activity, email messages, network traffic, cloud security posture, data security, AWS information and many other sources is crucial in Zero Trust since assets are no longer confined to Enterprise boundaries and ownership. Trellix Security Solutions analyze and protect your critical vectors, feeding it to the Trellix Security Operations Platform, which offers advanced detection and correlation capabilities and automated responses to help protect your business.

Want to learn more?

Start leveraging the speed and efficiency used between Trellix and AWS to respond to security issues today. Please reach out to AWS@Trellix.com to learn more or attend our latest XDR workshop to get hands-on with Trellix Helix today! To see how Trellix and AWS work together, view our integrations and marketplace listings on the AWS Marketplace.