Panther + AWS

Detect AWS misconfigurations and suspicious activity in real-time with detection-as-code and normalized logs in a security data lake.

Download Brief

Amazon Web Services (AWS) provides cost-effective and agile cloud services that enable rapid innovation. Purposefully designed as a flexible, secure cloud computing environment, its core infrastructure powers companies across industry verticals and enterprise sizes. However, while the cloud streamlines business operations, expanding environments increase the complexity of enforcing security controls and add to the risk of costly breaches.

To operate securely in AWS, data from a variety of services such as CloudTrail, S3, and VPC flow logs need to be collected, analyzed, and retained for threat detection and forensics analysis. But pulling large volumes of data from AWS into a SIEM can be technically challenging and prohibitively costly, and frequently requires dedicated teams to manage ETL pipelines that normalize data at scale.

Security professionals securing AWS environments face a number of key challenges today, including:

  • Noisy data: High volumes of logs become overwhelming.
  • Complex environments: Multi-region, multi-account deployments complicate security controls.
  • Inefficient tools: Most security tools weren’t built for cloud-scale, resulting in inefficient operations that increase security risk.
  • High operational costs: Securing AWS requires constant maintenance and specific skills sets that unnecessarily burden security teams. 

Panther for AWS: Powered by Detection-as-Code and a Security Data Lake

With a single platform for aggregating, organizing, and prioritizing security-relevant data from AWS accounts, Panther provides the foundation for security teams to monitor activity and enforce controls across rapidly expanding environments.

Panther makes it easy to collect a variety of AWS security logs and provides normalization, real-time analysis, and a scalable data warehouse to store and query data during an investigation. For modern, cloud-focused teams heavily leveraging AWS, Panther provides a fast, scalable, and flexible platform for detection and response. Deployed in a single-tenant SaaS environment, Panther removes the operational burden of managing infrastructure and empowers teams to focus on what they know best: security.

With Panther for AWS, security teams can quickly bootstrap a centralized security data lake with all security-relevant logs like CloudTrail, ALB access logs, VPC flow logs, GuardDuty, and more. Once processed, teams can explore their data with SQL and trigger high-fidelity alerts with Python.

Detection-as-code, real-time alerts, and a scalable security data lake provide the powerful capabilities security teams need to detect increasingly sophisticated threats and answer critical questions during a breach.

Panther is designed to secure your AWS environment

Daily Cloud Scans

Continuously monitoring your entire AWS infrastructure for changes and insecure configurations.

Complete Resource Visibility

Understand your cloud footprint by modeling AWS resources as JSON.

Configuration Change Logs

Store a history of AWS configurations for compliance in a robust security data lake.

Compliance Out-of-the-Box

Map detections to frameworks like MITRE ATT&CK and CIS to ensure regulatory compliance.

Panther + AWS: Flexible, Scalable, Searchable Cloud Security and Compliance

As cloud environments grow, enforcing security becomes increasingly complicated. A recent report from the Cloud Security Alliance, “State of Cloud Security Concerns, Challenges, and Incidents,” found that misconfigurations are one of the leading causes of breaches and outages.

With real-time alerts and more than 150 out-of-the-box detections, Panther provides the visibility and alerting infrastructure teams need to monitor configurations across all of their critical AWS services.


Challenge Detecting misconfigurations across complex, sprawling AWS environments.

Detect every configuration change and store a complete history of AWS compliance in a security data lake.

Aggregate disparate AWS logs and secure your entire AWS environment with custom and out-of-the-box detection-as-code.

Monitoring of CloudTrail to automatically discover new assets and maintain an accurate inventory and history of all of your AWS cloud assets. Review the state of all of your cloud assets and infrastructure at the time of an incident to effectively investigate it and maintain strong security.


Challenge Supporting business growth and cloud expansion without compromising security

Automate level-one alert triage so your team can focus on high-value tasks like investigations and detection engineering.

Track activity across your entire environment with normalized data to quickly gain a broader perspective of your AWS security posture and detect incidents across multiple logs and services.

Detect suspicious activity as soon as it happens across your entire environment and dispatch helpful, contextual, and informative alerts. Get alerted in real-time about suspicious activity across your environment

Track attacker behaviors across your entire environment to proactively and reactively defend against sophisticated attacks.


Challenge Slow searches, disparate data formats, and limited retention

Quickly create a security data lake, a structured security logs data warehouse without any overhead or data ops. Combine all of your security logs, both AWS and logs from other SaaS applications such as Okta, G Suite and hundreds of other environments.

Run fast searches with columnar data and scalable computing power to detect incidents and accelerate security investigations and make it easy to quickly find the malicious needle in your security data haystack that you need.

AWS Cloud Security and Threat Detection with Panther

Designed to secure even the most complicated AWS environments, Panther provides security teams a modern platform for real-time threat detection, log aggregation, incident response and continuous compliance.

With Panther, your team can centralize security operations for AWS and leverage a single view of your data to gain greater situational awareness, rapidly detect sophisticated attacks, and build an agile security program that maintains pace with your fast-growing business.

Learn more about the tailored version of Panther, designed for AWS security teams to ensure real-time threat detection, log aggregation, incident response, and continuous compliance here.

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo