General


What is Cloud Insight Essentials?

Alert Logic® Cloud Insight™ Essentials is an Amazon Web Services (AWS)-native security service that continuously discovers and assesses your AWS workloads and EC2 instances for vulnerabilities and misconfigurations that don’t follow AWS Security Best Practices. When integrated with Amazon GuardDuty™, Cloud Insight™ Essentials will automatically show you why, where, and how to respond to Amazon GuardDuty™ findings—and provide you with short- and long-term recommendations to stop active attacks now, and to prevent similar attacks in the future.

With Cloud Insight Essentials you can Launch essential security in minutes, with minimal permissions, zero footprint in your AWS environment, and no security experience required so you can easily:

  • Continuously discover your AWS assets across multiple accounts—viewed through an interactive topology map that shows you the exposure status of each asset, and how each asset connects to other assets.
  • Quickly identify risky configurations in your AWS deployments and services that don’t follow AWS Security Best Practices and see recommended remediation actions to improve the security posture of your AWS environments and follow AWS Security Best Practices
  • Take action sooner with incident response support that explains GuardDuty findings, shows how it impacts your current assets and recommends which actions to take first. 

Try Cloud Insight Essentials completely free for the first 30 days, then pay a monthly fee of $49 per AWS account. Go to AWS Marketplace to get started and start seeing results in minutes.

Who is Cloud Insight Essentials for?

Anyone who wants to improve the security posture of their AWS environments without having to become an advanced security expert. The user interface and RESTful APIs make it ideal for Application, DevOps and other IT professionals to get started in minutes.

What is the difference between Cloud Insight™ and Cloud Insight™ Essentials?

 

Cloud Insight™ Essentials

Cloud Insight™

Continuous Asset Discovery

Y

Y

Continuous Configuration Assessment

Y

Y

Amazon GuardDuty Incident Handling

Y

Y

Continuous Software Vulnerability Scanning

Upgradeable

Y

Interactive Dashboards & Reporting

Y

Y

Does Cloud Insight Essentials help me address my shared responsibility model requirements?

Yes. Using Cloud Insight Essentials helps you address your responsibilities in ensuring that your AWS services are securely configured, and that you can quickly respond to suspicious activity detected by Amazon GuardDuty.

Enabling continuous software vulnerability scanning of your EC2 instances helps you identify CVE vulnerabilities and software configurations that could be exploited by attackers.

Amazon GuardDuty Support


How does Cloud Insight Essentials help me with Amazon GuardDuty?

Cloud Insight Essentials makes it easier for you to respond to GuardDuty findings. Alert Logic security experts review all GuardDuty threat detections (called findings) and provide threat descriptions and prioritized short- and long-term recommendations to stop active attacks immediately, and to prevent similar attacks in the future. Using Cloud Insight Essentials with GuardDuty you can:

  • Better understand the cause of GuardDuty findings and the impact to your AWS workloads
  • See historical trends with GuardDuty findings and prevent future findings from happening again
  • Run reports that combine GuardDuty findings with other security threats to see which AWS accounts and workloads present a high-security risk

Do I need Amazon GuardDuty to use Cloud Insight Essentials?

No. You can use Cloud Insight Essentials for automatic environment discovery and configuration exposure management to prevent compromises. You can enable incident response support for GuardDuty at a later time.

How do I manage Amazon GuardDuty for all of my accounts?

Cloud Insight Essentials and Cloud Insight can be configured to synchronize with a Master Account or Individual Accounts to support role-based access with your master GuardDuty account, or your individual GuardDuty member accounts.

I just got an Amazon GuardDuty finding, now what do I do?

Using Cloud Insight Essentials, navigate to the Incidents tab to search or drill-down to the specific finding, review the threat description and enriched investigation report, follow the step-by-step guidance to stop the immediate threat, then follow the step-by-step structural guidance to reduce or prevent future occurrences.

How do I visualize Amazon GuardDuty findings?

Each GuardDuty finding will be displayed in the Cloud Insight Essentials Incident tab along with a topology view to see the targeted asset and associated Subnet, VPC, Region, Security Group and custom tags.

What additional information does Cloud Insight Essential provide for GuardDuty findings?

For every finding, Cloud Insight Essentials will provide an Investigation Report that provides a detailed explanation of the finding, with links to industry articles about the threat. You will also be provided step-by-step recommendations of what to do in your AWS account to see if the threat caused other compromises, and how to prevent it from happening again. See an example below.

How does Cloud Insight Essentials integrate with Amazon GuardDuty?

You can integrate GuardDuty with Cloud Insight Essentials by using our CloudFormation template which deploys a Lambda function and a CloudWatch Events collector. This CloudWatch Events collector gathers all GuardDuty findings and forwards those to Cloud Insight Essentials. When Cloud Insight Essentials receives the findings, the service augments the data by providing more, detailed information about what to do with every finding and how to prevent the finding from occurring again.

Asset Discovery


How does Cloud Insight Essentials discover my AWS environments?

After you create your deployment for the AWS accounts you want to monitor, Cloud Insight automatically discovers and presents you with all the Regions, VPCs, Subnets, and EC2 instances discovered in your configured AWS accounts in an interactive topology view.

What types of changes does Cloud Insight Essentials detect?

After you create your deployment for the AWS accounts you want to monitor, Cloud Insight Essentials starts to using AWS APIs and scan AWS CloudTrail events and presents you with all the:

  • Regions
  • VPCs
  • Subnets
  • Hosts / AMIs
  • Share Security Appliances
  • Route Tables
  • Security Groups
  • Auto Scaling Groups
  • Access Control Lists
  • Launch Configurations

Configuration Checks


What configuration checks does Cloud Insight Essentials perform on my AWS environment?

  • Cloud Insight Essentials performs over 90 checks on your AWS account including the following services: 
    • EC2
    • S3
    • CloudTrail
    • IAM
    • ELB
    • Auto Scaling
    • Route53
    • RDS
    • RedShift
    • VPC

What can I do with configuration check findings from Cloud Insight Essentials

You can view a list of recommended remediation actions that are automatically prioritized by severity and effectiveness for improving your overall security profile.

Vulnerability Scanning


How soon are new instances scanned for vulnerabilities?

New instances are usually scanned within an hour, sometimes sooner. After that they will be scanned once every 24 hours unless a change is reported by CloudTrail, in which case the instance will be rescanned ahead of normal schedule, usually within an hour.

Can I run authenticated scans?

Yes. Within the Cloud Insight UI, you can provide credentials for your Linux and Window systems to perform authenticated scans in addition to unauthenticated scans.

How many software vulnerabilities can Cloud Insight discover?

Cloud Insight checks for 91,000+ vulnerabilities (CVEs) and 8,600+ software configuration issues

Do I need approval from AWS prior to scanning for software vulnerabilities?

No. Cloud Insight has pre-approval from AWS, so you can scan continuously and immediately after CloudTrail reports changes or new additions to your environment.

Compliance


What compliance standards can Cloud Insight address?

Cloud Insight delivers internal discovery, configuration scanning and software vulnerability scanning functionality to help address the following compliance standards and security controls. (Customers with PCI ASV requirements should consult Alert Logic for addition of external scanning and quarterly reports of attestation.)

Compliance Standard

Requirement

Description

PCI DSS 3.2

6.1

Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as “high,” “medium,” or “low”) to newly discovered security vulnerabilities.

PCI DSS 3.2

11.2

Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

PCI DSS 3.2

11.2.1

Perform network vulnerability scans by an ASV at least quarterly or after any significant network change

PCI DSS 3.2

11.2.3

Perform internal and external scans, and rescans as needed, after any significant change.

General Data Protection Regulation (GDPR)

Article 32 (1)

Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk

General Data Protection Regulation (GDPR)

Article 32 (1)(b)

Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services

AICPA SOC2 Trust Service Principles

CC 5.6

Unauthorized External Access - Logical access security measures have been implemented to protect against unauthorized Security and Availability threats from sources outside the boundaries of the system.

AICPA SOC2 Trust Service Principles

CC 6.1

System Vulnerabilities - Vulnerabilities of system components to Security and Availability breaches and incidents due to malicious acts, natural disasters, or errors are monitored and evaluated and countermeasures are implemented to compensate for known and new vulnerabilities.

HIPAA HITECH

164.308(a)(1)

Implement policies and procedures to prevent, detect, contain and correct security violations.

HIPAA HITECH

164.308 (a)(1)(ii)(A)

Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.

HIPAA HITECH

164.308 (a)(4)(i)

Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part

Reporting


What kind of reporting options does Cloud Insight Essentials provide?

Cloud Insight Essentials includes reporting for:

  • Environment Exposure Trends
    • Exposure Assessment Trends report allows you to analyze the overall exposure and average exposure, per vulnerability, of Cloud Insight environments over a selected time period.
    • Severity Trends report allow you view the percentage of hosts with the worst exposures in the high, medium, and low rating categories with a graph to determine whether you are adequately addressing exposures.
  • Vulnerability Analysis
    • Vulnerability Explorer reports allow you to explore the exposures in your environments through interactive histograms that group exposures by CVSS score.
    • Vulnerable Host Explorer reports allow you to explore patterns within host-specific exposures, and provides an interactive, visual representation of exposures, grouped by both image/AMI and VPC.
  • Vulnerability Reports
    • List of Vulnerabilities report returns a tabular list of all current vulnerabilities, details about each vulnerability, and information about the assets affected by the vulnerability.
  • Amazon GuardDuty Incident Reports
    • Incident Daily Digest report displays the incidents received the previous day for the selected deployments. You can view the List of Incidents by threat level, classification type, or by GuardDuty findings.
    • Incident Daily Digest Trends report allows you to view a histogram chart that displays the incident daily digests for specified date range.
    • Incident Distribution Explorer report presents incidents by threat level, classification type, and GuardDuty findings type for a specified time period. You can filter the report by date range, deployment, Account ID and AWS asset.
    • Risk Summary report displays the risk level for a selected group of assets by incident count and average exposure score. The quadrant where the selected asset group appears, and its color, indicates the risk level for the assets.
    • Targeted Deployment Explorer report displays an incident distribution, by AWS asset or Account ID, within your deployments, with filters to see results by one or more asset types and one or more categories.
    • Targeted Deployment Trends report displays an interactive graph depicting incident distribution, for a specified time period, by AWS account, region, and/or AWS asset.

Setup & Integrations


How do I launch Cloud Insight Essentials?

  1. Subscribe to Cloud Insight Essentials in the AWS Marketplace:

    Alert Logic Cloud Insight Essentials for AWS (US)

    Alert Logic Cloud Insight Essential for AWS (UK)

  2. Follow the steps outlined in the welcome emails you’re receive to create an Alert Logic account for Cloud Insight Essentials
  3. Follow the steps outlined in Get Started with Alert Logic Cloud Insight Essentials and Cloud Insight
  4. Cloud Insight Essentials will begin performing configuration checks.

Note: one of the first remediation recommendations you will see in the portal will be to enable Amazon GuardDuty and deploy CloudWatch Event collectors. Once the collectors are in place, Cloud Insight Essentials will be full provisioned.

For more detailed instructions, including key screenshots, please access Provisioning Amazon GuardDuty with Cloud Insight Essentials

Do I need to install agents?

No. Cloud Insight Essentials is agentless and non-intrusive to your AWS environments.

What credentials are required?

You will need a valid AWS account, Alert Logic account and IAM Roles for configuration checks and GuardDuty incidents.

Can I see all of my AWS accounts in Cloud Insight Essentials?

Yes. Cloud Insight Essentials will display all of your AWS Accounts, Regions, Subnets, Security Groups and EC2 instances in a single console. Our support experts can help you.

How quickly can I start seeing results?

Configuration issues are typically presented minutes after provisioning (depending on your traffic). If subscribed to Amazon GuardDuty, findings will appear in the Incident Console minutes after launching the Alert Logic collectors for Amazon GuardDuty findings.

What is the Cloud Insight Essentials footprint in my environment?

Nothing is added to your environment for Cloud Insight Essentials - it operates on output from AWS CloudTrail and Amazon GuardDuty.

What is the software vulnerability scanning footprint in my environment?

Cloud Insight vulnerability scanning adds a scanning appliance to each subnet in each protected VPC. No agents are added to instances.

Does Cloud Insight have customer facing APIs?

Yes. Regularly updated API documentation is accessible from the user interface and here.

How do I integrate with Amazon Inspector?

Amazon Inspector is an AWS service that produces a detailed report, complete with prioritized steps, for vulnerability remediation. The Cloud Insight integration, performed through a specific Lambda check added to our custom Lambda checks, incorporates Amazon Inspector data into your Cloud Insight remediations, which provides a single, holistic view of your security posture.

How do I integrate with AWS Config Rules?

AWS Config Rules comprise an extended rule system for AWS Config. The Cloud Insight integration, performed through a specific Lambda check added to our custom Lambda checks, incorporates AWS Config Rules data into your Cloud Insight remediations, which provides a single, holistic view of your security posture.

How do I integrate with Atlassian JIRA?

The Cloud Insight Add-on for JIRA integrates Cloud Insight remediations as JIRA issues, which allows you to configure, manage, and assign issues to JIRA teams. JIRA team members can use the add-on to review, and then dispose assigned remediations.

Pricing


How much does Cloud Insight Essentials cost?

Cloud Insight Essentials is $49.00 month (USD) per AWS account and is available through AWS Marketplace.

How much does Cloud Insight cost?

Cloud Insight is $49 month per AWS account, plus charges for the number of EC2 instances scanned for vulnerabilities (configurable)—ranging from $0.011 to $0.004 per hour for each EC2 instance scanned per hour. Examples:

One AWS account and vulnerability scanning for up to 50 EC2 instances

  • $49 x 1 AWS account = $49 per month
  • $0.011 x 50 instances x 730 (hours in month) = $401.50 per month
  • Total = $450.50 per month


Two AWS accounts and vulnerability scanning for up to 100 EC2 instances

  • $49 x 2 AWS accounts = $98 per month
  • $0.011 x 50 instances (first 50 instances) x 730 (hours in month) = $401.50 per month
  • $0.010 x 50 instances (instance 51 – 100) x 730 (hours in month) = $365 per month
  • Total = $864.50 per month


Three AWS accounts and vulnerability scanning for up to 300 EC2 instances

  • $49 x 3 AWS accounts = $147 per month
  • $0.011 x 50 instances (first 50 instances) x 730 (hours in month) = $401.50 per month
  • $0.010 x 150 instances (instance 51 – 200) x 730 (hours in month) = $1,095 per month
  • $0.004-hour x 100 instances (instance 201 – 300) = $292 per month
  • Total = $1,935.50 per month

 

Where can you buy Cloud Insight?

The full version of Cloud Insight can be purchased through AWS Marketplace or directly from Alert Logic.

Cloud Insight Essentials customers can upgrade to the full version of Cloud Insight in the application and AWS Marketplace billing will be updated automatically. Note: Vulnerability scanning requires an Alert Logic instance deployed in each VPC.

 

Are there any upfront commitments with Cloud Insight Essentials?

No. Cloud Insight Essentials uses the AWS Marketplace SaaS metering service, which allows you to use the service and pay an hourly fee with no commitments. You can cancel at any time and you only pay for what you use.

How do I upgrade to the full version of Cloud Insight?

Cloud Insight Essentials provides in-app step-by-step instructions to add vulnerability scanning to enable the full version of Cloud Insight. Note: Vulnerability scanning requires an Alert Logic instance deployed in each VPC.

 

How do I upgrade to the full version of Cloud Insight?

Cloud Insight Essentials provides in-app step-by-step instructions to add vulnerability scanning to enable the full version of Cloud Insight.

Note: Vulnerability scanning requires that an Alert Logic instance be deployed in each VPC