When you build applications using AWS Lambda, you have no access to the infrastructure on which traditional security controls used to exist. This means that you cannot deploy any traditional security protections such as Firewalls, Intrusion Prevention, Web Application Firewalls (WAF), Threat Prevention or even Runtime Application Self-Protection (RASP) solutions.
Protect Your AWS Lambda Functions with PureSec Tesseract SSRE
PureSec's SSRE technology provides a trusted and safe computing environment for secure serverless function operation.
Protocol agnostic - PureSec Tesseract SSRE protects serverless functions from attacks coming in from any type of AWS Lambda event triggers such as:
- AWS DynamoDB events
- AWS Kinesis stream processing events
- AWS SES email events
- AWS SNS notification events
- AWS SQS events
- HTTP(s) API events
- AWS CloudWatch events
- AWS IoT events
- AWS S3 events
- Etc..
Supports all runtime languages - PureSec Tesseract SSRE provides protections for AWS Lambda functions written in any relevant language such as: Java, Python, JavaScript (Node.js), Golang, C#, ...
PureSec Tesseract SSRE provides full stack, end to end serverless security protection for your applications:
Serverless Function Firewall - deep application layer inspection of event trigger data which detects the most sophisticated attack payloads consumed from any types of AWS Lambda events
Serverlss Behavioral Protection - PureSec Tesseract SSRE provides unique behavioral protection for AWS Lambda function execution, which blocks 0-day exploits and unknown attack vectors. It creates a trusted and secure computing environment for the function to execute in. PureSec's technology detects and blocks any attempt to subvert serverless function logic - for example:
- Block attempts to leak data
- Block unauthorized outbound traffic
- Block attempts to download and execute malware
- Block malicious code from executing as part of the function's normal execution
- Block unauthorized access to files
Our behavioral protection engine uses machine learning and behavioral profiling of normal function execution in order to build and maintain an adaptive behavioral security policy for each function. Any kind of deviation, which leads to malicious activity will automatically be flagged and blocked, but at the same time - critical function behavior will never get blocked and functions will only perform what they were intended to.
AWS Lambda Environment Hardening - From Build to Deployment - PureSec Tesseract SSRE integrates into your CI/CD process seamlessly. During build time, your AWS Lambda functions are statically scanned to pinpoint risks related to over-permissive IAM roles and access rights. Each function is scanned carefully, detecting the type of interactions it has with other AWS services, and for each such service, the scanner can accurately detect the minimal set of permissions required for normal function operation. The scanner can then either alert or stop the build process, or alternatively, provide automated fix by assigning the least privileged permissions to each role.
Moreover, the CI/CD scanner also detects insecure storage of application secrets, and flags known vulnerable 3rd. party dependencies.
Deep Unparalleled Monitoring & Runtime Behavioral Insights - PureSec Tesseract SSRE records deep monitoring information about AWS Lambda function execution and logs the data in CloudWatch. An integration with Splunk, SIEMs or Neo4J graph database is also provided and enables DevSecOps teams to monitor function execution at all times.
PureSec Tesseract SSRE is truly 100% serverless!
it requires no installation of appliances (virtual or physical), it does not require you to route traffic through a SaaS engine, and no instrumentation agents are needed.
Protection is provided inside your own AWS Lambda function execution environment, with unparalleled performance and accuracy.
© 2018 PureSec
