07/12/2021 | News release | Distributed by Public on 07/12/2021 09:31
New Relic has partnered with Trend Micro to help our Amazon Web Services (AWS) and Microsoft Azure customers further strengthen their cloud observability and security posture. New Relic's Conformity integration automatically brings in all your SIEM data from Trend Micro Cloud One - Conformity into New Relic for all your observability needs. With this partnership, you can build a complete cloud visibility strategy by complementing New Relic-powered observability with added visibility into your cloud security and compliance.
Trend Micro Cloud One is a security services platform for cloud developers that delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your hybrid and multi-cloud security infrastructure with clarity and simplicity. Cloud One consists of seven cloud security services that address workload security, container security, file storage security, network security, application security, open source security, and security posture management.
Cloud One - Conformity provides cloud best practices to help cloud developers fulfill their side of the shared responsibility model with continuous guardrails for building well in the cloud. Because industry standards and compliance requirements constantly change, it's important to know that your workloads are automatically evaluated to check alignment with industry best practices. These continuous scans for compliance and industry standards provide actionable intelligence to know where and how to improve your security posture. They serve as a roadmap for building secure, efficient, and automated cloud operations.
Conformity's cloud best practices align you with Azure and AWS Well-Architected frameworks and insights about compliance standards and frameworks for your workloads running in the cloud. Conformity auto-checks using nearly 1,000 cloud service configuration best practices across more than 90 services from AWS, Microsoft Azure, and Google Cloud Platform. The Conformity Knowledge Base is a continually growing library that contains cloud service configuration guides for remediating misconfigurations to rectify any risks. Conformity runs a bot that scans your cloud resources, compares them to the rules, and then generates checks as a result of the scans. The Compliance and Conformity Report in Conformity supports more than a dozen standards including AWS Well-Architected, HIPAA, GDPR, ISO 27001, SOC-2, and PCI-DSS. These reports give you an instant assessment of your organization's cloud infrastructure compliance. You can take remediation measures to improve compliance levels, potentially avoiding reactive fixes and expenditures due to non-compliance.
Conformity users can enjoy the following benefits by using the integration with New Relic.
New Relic's Conformity integration helps your teams and various personas in your organization look at exactly the information you need to know and proactively identify potential problems before they become incidents. Teams can resolve any incidents that do occur in a timely and efficient manner. Tagging your AWS resources consistently and meticulously lets you obtain interesting insights into your security and compliance posture, related to teams, operating environments, applications, (and even business units, cost centers, and data classification).
Imagine that you notice a high-severity Conformity rule related to security that resulted in failed checks for more than 1,000 resources in your AWS account. At first glance, this might seem alarming. But when you have the context of the application, the environment, or the team responsible for these failed checks, then you can make informed decisions. You'll know what to do with the situation, and if it needs attention at all. For example, the failed checks might be coming in from short-lived experimental applications that developers are running for rapid prototyping. Or, maybe the resources were launched by an automated software test that serves a specific purpose and isn't related to this particular security check. Otherwise, with so many instances of a failed check, it might take too long to get to the relevant resource that belongs to an Internet-facing production app with zero tolerance for a breach or outage.
You can filter your New Relic One dashboards by faceted attributes to build unique views of your Conformity data to gain instant insights into interesting use cases. For example, you can easily build a PCI compliance view just by adding one filter, as shown in the following example. You can build views that filter by AWS Region, or AWS Account. You can also filter by AWS Well-Architected categories like security and tags like environment, team, business unit, and cost center.
A New Relic dashboard with filters enables you to see views like PCI compliance metrics.
Get real-time threat monitoring events from Conformity integrated with the rest of your existing workloads in New Relic, and other alerting and incident management tools you use for paging the operations teams. For faster troubleshooting, the events are routed to the right team with surrounding context.
This enriched view gives you information related to AWS Well-Architected and other security and compliance information, next to telemetry for the workload you are viewing. You can quickly isolate problems with correlated events. For example, a spike in the cost of your application might be tied directly to the unused Amazon DynamoDB table or the underutilized Amazon Elastic Compute Cloud (Amazon EC2) instance. You can use a check report in Conformity to identify these issues.
New Relic's Proactive Detection with Applied Intelligence powers the Lookout visualization, which instantly catches sudden and anomalous changes to your Conformity data. This proactive detection is available without additional setup. You can use your own custom queries that look at the attributes you use to facet and track anomalies. The following three example views illustrate how you can get immediate, proactive detection with intuitive visuals in New Relic Lookout:
New Relic Lookout view with risk level. Proactively catch anomalous surges in various risk categories.
Lookout view with rule ID. Know which rules are resulting in anomalous trends, so you can fix your workloads or configure rules to best suit your needs.
Lookout view faceted using AWS Region. Know how your AWS Regions are trending so that you can catch sudden changes proactively.
Let's take a closer look at the integration so you understand its architecture, how to deploy it successfully, and the unique insights of using Conformity and New Relic together. The integration is open sourced in New Relic's GitHub repository. It is packaged as an AWS solution using the serverless framework and deploys an AWS CloudFormation stack in your AWS account. Before using the integration, you must deploy the Conformity-to-S3 solution. The solution deploys all the AWS resources that are required to send Conformity checks and events in real-time to an Amazon Simple Storage Service (Amazon S3) bucket. This enables further integration with other services (in this case, New Relic).
The integration uses:
The following architecture diagram shows the deployment view of the integration in your AWS account.
Architecture diagram of New Relic One integration with Trend Micro Cloud One - Conformity.
The integration deploys an AWS CloudFormation stack into your AWS account that contains an AWS Lambda function and an Amazon EventBridge rule. The Lambda function is triggered in real time whenever a new Conformity check (JSON file) is uploaded into the Amazon S3 bucket deployed by the Conformity-to-S3 solution. The Lambda function is also triggered once every 30 days, to pull all Conformity checks into New Relic. The Lambda function sends the checks into New Relic using the Python Telemetry SDK that uses New Relic Event API under the hood. The Event API requires access to the New Relic Insert API key. To fetch all Conformity checks, the Lambda function also needs access to the Conformity API key. Both the New Relic Insert API key and the Conformity API key are securely managed as AWS Secrets Manager secrets.
Before you begin, make sure the following requirements are met:
To prepare for deploying the integration, make sure dependencies are set up correctly:
Deploy the integration using serverless CLI by running the following command. If you have an AWS CLI profile set up, include --profile .
This deploys the solution using the configuration defined in config.dev.yml file in the us-east-1 AWS Region of your AWS account, by default. You must specify the AWS account the integration is deployed to, by setting up your AWS CLI Profile on your machine or build host. You can change the default region in your serverless.yml file by setting the region property inside the provider object. You can also deploy to a different AWS Region by passing the --region flag to the sls command.
You must deploy this solution in the same AWS account and AWS Region where you deployed the Conformity-to-S3 solution.
After the integration is deployed to your AWS account, you should start to see Conformity data in the TMCloudOneConformityEvent custom event reported into your New Relic account. You can explore it with Data Explorer.
Let's build a dashboard to keep tabs on all your AWS account checks reported by Conformity. Complete the following steps:
The following example shows a New Relic dashboard for Trend Micro Cloud One - Conformity (called 'Conformity dashboard'), where you can gain insight into Conformity-reported checks and events for all cloud accounts that you have linked.
New Relic dashboard for Trend Micro Cloud One Conformity
Above the free tier limit of 100 GB/month, you pay for the amount of data ingested into New Relic. See New Relic Pricing for details. To track your data ingestion volume for this integration, you can use the following NRQL queries in the query builder:
SELECT round(rate(bytecountestimate()/1e9, 1 day)) AS 'GB/day' from TMCloudOneConformityEvent SINCE 1 month ago SELECT bytecountestimate()/1e9 AS 'GB' from TMCloudOneConformityEvent SINCE 1 month ago
As our final step, let's create a custom dashboard for chief information security officers (CISOs), accomplished in a matter of a few minutes. The dashboard tracks the top Conformity rules across all your AWS accounts to immediately warn of high severity events such as creating publicly accessible Amazon S3 buckets, Amazon Relational Database Service (Amazon RDS) instances, Amazon EC2 instances, and Amazon Elasticsearch Service (Amazon ES) cluster instances, and activity by the root account or deletion of AWS CloudTrail logs.
New Relic dashboard with Conformity insights for CISOs.
As soon as you create the new dashboard, it is immediately available in the smartphone app:
New Relic mobile dashboard with Conformity insights for CISOs.
Ready to try out this integration on your own?
If you don't already have a Cloud One account, you can sign up for a new account that includes a 30-day free trial. In the AWS Marketplace, go to Trend Micro Cloud One to subscribe. (If you received a private offer for Trend Micro Cloud One in the AWS Marketplace, see Subscribe to Trend Micro Cloud One with a private offer.)
If you don't already have a New Relic One account, you can sign up in the AWS Marketplace for a perpetually free New Relic One Pay-As-You-Go w/Free Tier account. For details on what's included in the New Relic free tier, see the FAQs on the New Relic Pricing page. Customers using the AWS Private Marketplace can draw down from their AWS Enterprise Discount Program (EDP) agreement. You can also purchase New Relic One from preferred systems integrators or resellers.
Then you can deploy our Cloud One - Conformity integration in your AWS account and explore the New Relic dashboards and New Relic Lookout views described in this blog post.