AWS Level 1 MSSP
Modern compute security.

Deepwatch performs both authenticated and unauthenticated vulnerability scans to identify infrastructure in your AWS environment that is subject to known vulnerabilities, leverage our findings to remediate, and ensure your infrastructure is in line with security best practices.

Deepwatch offers fully-managed vulnerability management program services - from VM technology management and scanning to risk reporting and prioritization to comprehensive remediation planning.

Full visibility into AWS resources is maintained by Deepwatch with the ability to see inventory by type of service, region, account, and other relevant attributes. Logs are indexed continuously and logging is enriched with AWS tags and other relevant metadata.

Deepwatch utilizes CloudTrail logs for event driven notification of instance state changes and recommends AWS Config be activated and rules built around infrastructure. AWS Config logging is then ingested to Splunk for alerting and monitoring. Deepwatch uses AWS Control Tower for guardrails, which sits on top of AWS Config.

Deepwatch recommends that customers enable AWS Security Hub and the "AWS Foundational Security Best Practices" standard within all AWS accounts.

The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align with security best practices as defined by security experts. Deepwatch then indexes logs to Splunk for dashboards and alerting.

Deepwatch leverages AWS Security Hub and AWS Config to detect configuration drifts within an AWS account. Logs are ingested to Splunk where dashboards reveal configuration drifts which are continuously reviewed.

The compliance packages you choose to enable are ingested to Splunk where we have dashboards, alerting, and reporting around the findings.

Deepwatch provides full visibility into security alerts related to your AWS environment with a consolidated list of security events and recommended remediation guidance.

The Deepwatch Cloud SecOps Platform includes a curated set of best-of-breed SecOps technologies which are securely deployed in your own dedicated AWS VPC and include a comprehensive set of embedded AWS services.

Your AWS environment is fully monitored and security events triaged 24/7/365 by a named Squad of security experts to keep your most critical cloud assets protected.

Deepwatch maintains 24/7/365 security incident monitoring, alerting, and response services for our customer environments.

Our award-winning Squad Delivery model maintains named security analysts and gives our customers the ability to access their assigned Squad members directly at any time via direct instant messaging, e-mail, and phone numbers.

Deepwatch recommends that customers deploy AWS Shield for their managed DDoS protection of cloud workloads. AWS Shield integrates easily with existing services to provide instant protection against attacks.

For customers that require a higher level of protection, we recommend subscribing to AWS Shield Advanced protection. Logging for these services is collected by Deepwatch via CloudWatch and delivered to customers in the event of an attack.

Deepwatch recommends using an Endpoint Detection & Response (EDR) solution from one of the EDR technology leaders including CrowdStrike, SentinelOne or Cybereason. Deepwatch offers fully-managed EDR services which includes the EDR technology stack management and 24/7/365 endpoint threat detection and response delivered by cloud security experts working to continuously detect, investigate, and remove threats from your AWS endpoints.

Deepwatch uses and recommends the AWS Web Application Firewall (WAF). AWS WAF helps protect your web applications and APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. The AWS WAF addresses OWASP Top 10 security risks.