AWS Level 1 MSSP
Modern compute security.

24/7/365 Managed Security Services for AWS

Deepwatch, working closely with AWS, has earned the distinction of the AWS Level 1 Managed Security Service Provider (MSSP) competency by successfully addressing the 10 AWS Managed Security Service (MSS) specialization requirements.

In addition, Deepwatch offers container security for more demanding AWS environments with Modern Compute Security speciality that extends beyond the Level 1 baseline.

AWS Partner Network Validated Level 1 MSSP Software Competency

As a designated Level 1 MSSP Competency Partner, Deepwatch has proven capabilities to protect AWS environments. The Deepwatch Managed Security Platform includes a curated set of best-of-breed SOC technologies which are securely deployed in a dedicated AWS VPC and includes a comprehensive suite of AWS security services, creating a solid foundation to protect your most critical cloud assets.

  • Managed Detection & Response (MDR)
  • Managed Vulnerability Management Program
  • Integrated Endpoint Detection and Response
  • 24/7/365 Threat Monitoring & Response
  • Integrated container security
  • AWS Cloud Security best practices

Breaches involving cloud misconfigurations cost organizations on average $4.62 million in 2020.

- Cost of a Data Breach 2021 Report by IBM

Managed Security Services Built within AWS VPC

With Deepwatch as your AWS Level 1 MSSP, you receive The Deepwatch Managed Security Platform and a team of experts to protect and monitor your data 24/7/365. Customers who choose Deepwatch as their AWS Level 1 MSSP receive:

  • A secure, dedicated AWS VPC with AWS security services
  • The Deepwatch Managed Security Platform, built around Splunk as the core analytics engine
  • Custom, prioritized data ingested and monitored, including GuardDuty, CloudTrail, and Security Hub
  • Secure and compliant AWS certified environment, using AWS recommended best practices and enabling customers to address the shared responsibility model
  • An assigned team of 24/7/365 security experts, called a "Squad," which includes certified AWS Cloud Security experts, who collaborate closely with in-house security teams
  • Aligned with MSSP Level 1 specializations, including Compliance Monitoring to meet PCI-DSS, HIPAA, and SOC2 Type II standards
  • Scalable platform with Maturity Model and Score to measure and benchmark your SecOps maturity and help progress your security program over time
  • Fast time to value, with initial security feeds alerting within days, and final on-boarding completed by Day 60

MSSP Level 1 Partner Competency

Deepwatch is an AWS MSSP Level 1 Security Competency Partner. This competency demonstrates Deepwatch's proven technical proficiency and customer success in delivering effective, innovative cybersecurity solutions that maximize the AWS Suite of Security and Cloud technology services.

Deepwatch's suite of security solutions achieve this designation and qualify for MSSP Level 1 Partner program within these six domains within the Security Competency.

Vulnerability Management

Cloud Security Best Practices & Compliance

Threat Detection And Response

Network Security

Host and Endpoint Security

Application Security

Trusted Partners in Managed Security Services

Healthcare Security Testimonial

Premise Healthcare Logo
The magic sauce of any MSS relationship is how much can they acclimate to your specific business nuances and the specific things about your risk model and your risk tolerance, what assets are valuable to you. We found a partner that could meet us there, and it worked.
- Joey Johnson, CISO, Premise Health

AWS MSSP Level 1 Specialization

Deepwatch has been qualified by AWS to provide the MSS solutions, security architecture, and guidance to meet the following AWS MSSP Level 1 program specializations. In our unique collaboration with AWS, Deepwatch harnesses the power of native AWS security services within The Deepwatch Managed Security Platform and includes a fully provisioned, dedicated AWS VPC for every customer. As an AWS Security Competency partner, Deepwatch experts can engineer a customized AWS security solution that is built to best suit your existing environment and requirements and scale to meet your evolving business requirements.

AWS MSSP Level 1 Services Benefits
AWS Infrastructure Vulnerability Scanning

Deepwatch performs both authenticated and unauthenticated vulnerability scans to identify infrastructure in your AWS environment that is subject to known vulnerabilities, leverage our findings to remediate, and ensure your infrastructure is in line with security best practices.

Deepwatch offers fully-managed vulnerability management program services - from VM technology management and scanning to risk reporting and prioritization to comprehensive remediation planning.

AWS Resource Inventory Visibility

Full visibility into AWS resources is maintained by Deepwatch with the ability to see inventory by type of service, region, account, and other relevant attributes. Logs are indexed continuously and logging is enriched with AWS tags and other relevant metadata.

Deepwatch utilizes CloudTrail logs for event driven notification of instance state changes and recommends AWS Config be activated and rules built around infrastructure. AWS Config logging is then ingested to Splunk for alerting and monitoring. Deepwatch uses AWS Control Tower for guardrails, which sits on top of AWS Config.

AWS Security Best Practices Monitoring

Deepwatch recommends that customers enable AWS Security Hub and the "AWS Foundational Security Best Practices" standard within all AWS accounts.

The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align with security best practices as defined by security experts. Deepwatch then indexes logs to Splunk for dashboards and alerting.

AWS Compliance Monitoring

Deepwatch leverages AWS Security Hub and AWS Config to detect configuration drifts within an AWS account. Logs are ingested to Splunk where dashboards reveal configuration drifts which are continuously reviewed.

The compliance packages you choose to enable are ingested to Splunk where we have dashboards, alerting, and reporting around the findings.

Monitor, Triage Security Events

Deepwatch provides full visibility into security alerts related to your AWS environment with a consolidated list of security events and recommended remediation guidance.

The Deepwatch Managed Security Platform includes a curated set of best-of-breed SecOps technologies which are securely deployed in your own dedicated AWS VPC and include a comprehensive set of embedded AWS services.

Your AWS environment is fully monitored and security events triaged 24/7/365 by a named Squad of security experts to keep your most critical cloud assets protected.

24/7/365 Incident Alerting and Response

Deepwatch maintains 24/7/365 security incident monitoring, alerting, and response services for our customer environments.

Our award-winning Squad Delivery model maintains named security analysts and gives our customers the ability to access their assigned Squad members directly at any time via direct instant messaging, e-mail, and phone numbers.

Distributed Denial of Service (DDoS) Mitigation

Deepwatch recommends that customers deploy AWS Shield for their managed DDoS protection of cloud workloads. AWS Shield integrates easily with existing services to provide instant protection against attacks.

For customers that require a higher level of protection, we recommend subscribing to AWS Shield Advanced protection. Logging for these services is collected by Deepwatch via CloudWatch and delivered to customers in the event of an attack.

Managed Intrusion Prevention System (IPS)

Deepwatch recommends using an Endpoint Detection & Response (EDR) solution from one of the EDR technology leaders including CrowdStrike, SentinelOne or Cybereason. Deepwatch offers fully-managed EDR services which includes the EDR technology stack management and 24/7/365 endpoint threat detection and response delivered by cloud security experts working to continuously detect, investigate, and remove threats from your AWS endpoints.

Managed Web Application Firewall (WAF)

Deepwatch uses and recommends the AWS Web Application Firewall (WAF). AWS WAF helps protect your web applications and APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. The AWS WAF addresses OWASP Top 10 security risks.

Container Threat Detection Deepwatch integrates with native services such as GuardDuty to continuously monitoring cluster activity to identify malicious or suspicious behavior that represents potential threats to container workloads.

Financial Services Customer Testimonial

AWS Alliance Data logo

"Alliance Data uses Amazon Web Services (AWS) platform through our partnership with Deepwatch, an industry-leading managed security services provider. This relationship leverages a Deepwatch-managed AWS Virtual Private Cloud (VPC), which hosts our security information and event management (SIEM) solution, security orchestration, automation, and response (SOAR) solution, and our user and entity behavior analytics (UEBA) solution.

Since these solutions are hosted in an AWS VPC, we enjoy exceptional availability and inherent disaster recovery capabilities, dynamic scalability to ensure our performance goals are always met, as well as a robust shared platform where my team can collaborate, in real-time, with our Deepwatch squad of security analysts, engineers, and threat hunters to monitor, detect, and respond to threats targeting Alliance Data and its brand partners."

Deepwatch Financial Case Study

Bank Moves To The Cloud Case Study

An enterprise banking client chose Deepwatch to scope, design, and build a full security monitoring solution customized to their workflows with AWS cloud services. The solution included The Deepwatch Managed Security Platform built within a Dedicated AWS Virtual Private Cloud (VPC), Amazon Simple Email Service (SES), Scalable Amazon EC2 compute instances, and more. Within a total of 60 days, the entire security monitoring solution was fully functional and monitored 24/7/365.