AWS Cloud: Proactive Security and Forensic Readiness – Part 4


Security controls can be either technical or administrative. A layered security approach to protecting an organization’s information assets and infrastructure should include preventative controls, detective controls and corrective controls.
Preventative controls exist to prevent the threat from coming in contact with the weakness. Detective controls exist to identify that the threat has landed in our systems. Corrective controls exist to mitigate or lessen the effects of the threat being manifested.
This post relates to detective controls within AWS Cloud. It’s the fourth in a five-part series that provides a checklist for proactive security and forensic readiness in the AWS Cloud environment.
Detective controls in AWS Cloud
AWS detective controls include processing of logs and monitoring of events that allow for auditing, automated analysis, and alarming.
These controls can be implemented using AWS CloudTrail logs to record AWS API calls, Service-specific logs (for Amazon S3, Amazon CloudFront, CloudWatch logs, VPC flow logs, ELB logs, etc) and AWS Config to maintain a detailed inventory of AWS resources and configuration. Amazon CloudWatch is a monitoring service for AWS resources and can be used to trigger CloudWatch events to automate security responses. Another useful tool is Amazon GuardDuty which is a managed threat detection service in AWS and continuously monitors for malicious or unauthorized.
Event logging
Security event logging is crucial for detecting security threats or incidents. Security teams should produce, keep and regularly review event logs that record user activities, exceptions, faults and information security events. They should collect logs centrally and automatically analysed to detect suspicious behavior. Automated alerts can monitor key metrics and events related to security. It is critical to analyse logs in a timely manner to identify and respond to potential security incidents. In addition, logs are indispensable for forensic investigations.
The challenge of managing logs
However, managing logs can be a challenge. AWS makes log management easier to implement by providing the ability to define a data-retention lifecycle or define where data will be preserved, archived, or eventually deleted. This makes predictable and reliable data handling simpler and more cost-effective.
The following list recommends use of AWS Trusted Advisor for detecting security threats within the AWS environment. It covers collection, aggregation, analysis, monitoring and retention of logs, and, monitoring security events and billing to detect unusual activity.[Source]-https://blog.cloudsecurityalliance.org/2018/11/16/aws-cloud-proactive-security-forensic-readiness-2/
AWS Certification Course Courses in Mumbai. 30 hours practical training program on all avenues of Amazon Web Services. Learn under AWS Expert.


Comments

Post a Comment

Popular posts from this blog

Is Data Scientist & Data Analyst are same? Learn the Differences Now!

Image
If we talk about the hottest jobs in tech right now, then only two names will pop up in your mind those are a data analyst or data scientist.  And, that’s not only we are saying even the Harvard Business Review declared “data scientist” as the“sexiest job of the 21st century .” But there is a lot of confusion between both the names even people who have some basic knowledge of data science consider both the job profiles as one.  Well, the reason behind this confusion is both of the professions deal with big data, rather defined vaguely and sometimes used interchangeably with one another. So, here we are to explain the differences between the two of them and that too in the easiest way. Let’s begin the brief introduction of both the terms, followed by skillsets each require to understand well.   Definition a. Data Analysts Data Analysts play a vital role in the Data Science domain. As a role, they play a variety of tasks associated with collectin...
Read more

What Is Java? A Beginner’s Guide to Java and Its Evolution

What is Java used for? Before I answer the question, what is Java used for, let me brief you about why you should choose Java. Java is highly popular and has dominated this field from early 2000’s till the present 2018. Java has been used in different domains. Some of them are listed below: Banking: To deal with transaction management. Retail: Billing applications that you see in a store/restaurant are completely written in Java. Information Technology: Java is designed to solve implementation dependencies. Android: Applications are either written in Java or use Java API. Financial services: It is used in server-side applications. Stock market: To write algorithms as to which company they should invest in.   Big Data: Hadoop MapReduce framework is written using Java. Scientific and Research Community: To deal with huge amount of data. Wait! Java can do more. Let’s see how some of the technologies make use of Java as an essential core of their functionalit...
Read more

Full Stack Development : All that you need to know

What is a Full Stack Development professional? A full stack development professional is the one who is having a sound technical knowledge of each and every aspect of development – front end, back end, various operating systems among other details of the technology. These people are usually termed as “developer generalists”. The significant thing to be noted here is that full stack developer should not be confused with senior developers. In nutshell, this stack of developers can create any complex application from the scratch, provided they would have understood how each technical layer should interact with the other. Why Full Stack Development? At the beginning of this post, we have mentioned about a query that had instantly popped in the mind – why would a company require full stack development professional. Here’s the answer: 1. Creation of unique code: The developer or the agency would be able to create a unique code for multiple technologies; as they could work with ...
Read more