Drinking from the (Amazon Kinesis Data) Firehose: Trellix leverages AWS services for Extended Detection and Response (XDR)

By Christopher Unick · July 26, 2022

As customers try to keep pace with dynamic attacks and ensure greater peace of mind, they are on the lookout for more centralized visibility and quick resolution of their security issues. Trellix is at the forefront of the XDR revolution—pioneering a brand-new way to bring detection, response, and remediation together in a single living security solution. The Trellix XDR platform seamlessly integrates with our broad portfolio of endpoint, email, network, cloud, and other security products. Integrated with an additional 650+ security and business applications, we equip your business with intelligent threat sensing, analytics, and automated response.

Today, Trellix is collaborating with AWS to make it easier for customers to ingest their event data by publishing Amazon Virtual Private Cloud (VPC) Flow Logs to Amazon Kinesis Data Firehose that directly integrate to Trellix Helix. This makes it incredibly easier and faster to understand, combine and respond to security concerns.

What is Amazon Kinesis Data Firehose?

Kinesis Data Firehose is a fully managed service that enables customers to deliver real-time streaming data to Trellix Helix. Customers can now ingest information from AWS and third-party products directly to Helix that are natively integrated with Kinesis Data Firehose. They can also simplify their toolchains for aggregating, transforming and enriching VPC Flow Logs using Kinesis Data Firehose. Learn more about here: https://aws.amazon.com/kinesis/data-firehose/

What AWS Services can Trellix Helix integrate with via Amazon Kinesis Data Firehose?

Today, there are 4 AWS Services that instantly integrate with Trellix Helix when you configure them today. The configuration only takes a few minutes, and you instantly get visibility into the following use cases and AWS Services:

• Amazon Route 53 - Capture DNS Firewall information to corollate user requests to infrastructure running in AWS. Trellix Helix leverages this information to evaluate the source of these requests and provide risky asset scores when malicious activity is suspected.
• AWS Network Firewall - This allows mutual customers to deploy network security via firewall rules across their Amazon Virtual Private Cloud (Amazon VPC). Trellix Helix provides visibility into the traffic, those requests that were allowed or blocked, and enriches with threat intelligence to help prioritize alerts.
• Amazon VPC Flow Logs - Capture information about the IP traffic going to and from network interfaces in an Amazon VPC. Trellix Helix alerts on malicious traffic and enables faster threat hunting.
• Amazon CloudWatch - Monitor and capture data and actionable insights about applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. FireEye Helix uses this to understand if operational issues in cloud applications are related to security incidents.

Benefits of Leveraging Kinesis Data Firehose with Trellix Helix

This integration benefits customers in two unique ways, lower operational overhead and lower cost of ownership. By leveraging VPC Flow Logs to Kinesis Data Firehose, customer simplify their operations for ingesting and processing VPC Flow Logs into Trellix Helix and other destinations at the same time. Customers no longer have to multiple paths/destinations which removes a step to allow customers to see and respond to their data faster. With VPC Flow Logs delivery natively to Kinesis Data Firehose, customers no longer need to maintain such custom integrations and simplify their delivery of VPC Flow Logs directly to Trellix Helix. Customers today consume flow logs through integrations we have built with Trellix Helix. By choosing a direct path with Kinesis Data Firehose will not only eliminate an extra integration hop, but will also help cut down costs by 30-50%.

Drinking from the Kinesis Data Firehose has never been this easy or cost effective before! Start leveraging the speed and efficiency used between Amazon Kinesis Data Firehose and Trellix to respond to security issues today. Please reach out to AWS@trellix.com to learn more and to start a free trial of Trellix Helix today!