As with all of CloudSploit's existing products, Events is designed to work in tandem with AWS-provided security solutions. CloudSploit Events uses AWS CloudWatch Event rules as a source to determine the AWS API calls made against an account. The same events tracked by CloudSploit are written to your CloudTrail logs. The difference is that CloudSploit starts analyzing those events for security risks rather than simply recording them.

AWS ConfigService does allow you to invoke a Lambda function in response to a change within an AWS environment. However, the user is responsible for configuring every event, rule, and function, as well as uploading, hosting, and managing the config code. CloudSploit Events is designed to be operational within minutes. In less than 10 minutes, you can connect your AWS account to CloudSploit, launch the provided CloudFormation template, and be setup. CloudSploit will handle the hard part of analyzing every event and making a security determination based on its properties.

Unlike CloudTrail and ConfigService, CloudSploit uses ever-evolving algorithms to process your events. Instead of simply comparing the event to a static set of rules, CloudSploit analyzes the event in the context of numerous other factors, including information provided by the user, information it already knows about the account, whitelists, and information gathered from the global network of CloudSploit users.

Finally, CloudSploit is designed to alert you if the status of your existing AWS security solutions changes. For example, if CloudTrail is disabled, a VPC Flow Log is deleted, a ConfigService recorder is stopped, or numerous other events are detected, CloudSploit will alert you that your account may be at risk. CloudSploit complements CloudTrail, ConfigService, CloudWatch, and the whole suite of AWS security products.