Five Prominent AWS Security Services and Their Use Cases


In this modern era, organizations running on Cloud can face severe threats from hackers at any time. Data breaches happen daily, and business has a responsibility to their customers to protect their data. They must protect against data theft or security breaches. Businesses are facing many challenges related to security like:
Data Privacy
Integrity, Non-authentication and Non-Repudiation
Online attacks like phishing, man-in-the-middle attack, DDoS, SQL injection, Phlashing, etc.
That is why, it is crucial for businesses to protect their Cloud infrastructure before it gets hacked. So, there should be a safe and complete system dedicated to securing the Cloud infrastructure. In this post, we will focus on the AWS services that help businesses to protect their AWS infrastructure and their relevant use-cases.
1. AWS WAF
What is WAF?
AWS WAF is a Web Application Firewall that monitors web request which is forwarded to Application Load Balancer (ALB), Amazon API Gateway or CloudFront. AWS WAF can also allow or block any web request as per your rules and conditions.  That means your WAF sits above CloudFront or ALB so, if you don’t have these services on your infrastructure then you cannot use AWS WAF.
When to choose WAF?
AWS WAF can allow or block only the web request so, if you want to block the web request, WAF is the right choice for you. AWS WAF works with rules and conditions for the web request.
For example:
If you want your CloudFront or load balancer to serve content for public requests, but also want to block requests from attackers then WAF can help you. Sometimes you see some of the web requests with one IP’s continuously hit the website, in this case, you can use WAF to block those IPs. WAF’s another feature is it allows you to count the requests that match the properties you specify.  So, if you want to allow or block any of the requests based on new properties on the web request, you can use AWS WAF. WAF helps to count the request based on those properties and once you become confident then you can allow or block those requests. This helps you to avoid accidental blocking of traffic to the website.
AWS WAF
Fig: WAF
2. AWS SHIELD
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. There are two tiers of AWS Shield – Standard and Advanced.
You can use AWS Shield-standard with no additional cost. AWS Shield standard defends against the most common DDoS attack that targets your website or applications.
When to choose AWS Shield and its types?
You can use AWS WAF to help minimize the effect of DDoS attack so when to use AWS Shield? AWS Shield standard is automatically included with no extra cost but if you need extended protection against DDoS attack for your Amazon Elastic Compute Cloud instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, Amazon Route 53 hosted zones, and your AWS Global Accelerator accelerators than you can use AWS Shield Advanced.
If you have the technical expertise and want full control over monitoring for and mitigating layer 7 attacks, AWS Shield Standard is likely the appropriate choice. But if your business or industry is a likely target of DDoS attacks, or if you prefer to let AWS handle most of the DDoS protection and mitigation responsibilities for layer 3, layer 4, and layer 7 attacks, AWS Shield Advanced might be the best choice.
3. AWS INSPECTOR
What is AWS Inspector?
Amazon Inspector is an automated security assessment service that helps to make better security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities and deviations for best practices and provides a list of security issues. Amazon Inspector Assessment is done on each EC2 instance to verify the security best practices. AWS Inspector is tag based and the agent-based security assessment service. The Assessment template looks for EC2 instances with specific tags to identify Assessment targets.
When to choose AWS Inspector?
AWS inspector is an IDS (Intrusion Detection System) which helps you to detect the vulnerabilities
in your application. It only detects and provides you with the assessment report and the prevention should be done by yourself.  It provides you the report on how vulnerable is your application. If you feel there is some memory leakage in your application, then AWS Inspector can help to find out for you. If you find there is no encryption happening when data in transit, you can use this service to find out the cause. Also, if you want to analyze the network configuration to find the accessibility of EC2 instances, then AWS Inspector is the best service for you.
4. Amazon GuardDuty
What is GuardDuty?
Amazon GuardDuty is an intrusion detection service that monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and Machine Learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.
When to choose Amazon GuardDuty?
As an intrusion detection service, Amazon GuardDuty helps in issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains.  If you want to detect compromised EC2 instances serving malware or mining bitcoin, unauthorized infrastructure deployments like instances deployed in a region that has never been used, password policy change, unusual API calls, etc. Amazon GuardDuty is the best service to be used.
Amazon GuardDuty can be enabled with no software or hardware to deploy and maintain.
5. AWS Key Management Service (KMS)
What is KMS?
AWS Key Management Service (KMS) makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. AWS KMS is integrated with AWS CloudTrail to record all API requests, including key management actions and usage of your keys. AWS KMS is integrated with AWS services to simplify using your keys to encrypt data across your AWS workloads. When to choose KMS?
KMS is a fully managed service that makes it easy to create and control encryption keys in AWS.
KMS utilizes symmetric encryption which means that the same key is used for encryption and decryption. If you want an extra layer of security while Data at Rest, then KMS is the best option for you. Amazon KMS is integrated with almost all the AWS services.
When you encrypt your data, your data is protected, but you must protect your encryption key. AWS KMS also helps to encrypt your plain text data with data key and encrypt the data key with another key. This is called as Envelope Encryption.[Source]-https://blog.cloudthat.com/five-prominent-aws-security-services-and-their-use-cases/
AWS Training for BeginnersCourses in Mumbai. 30 hours practical training program on all avenues of Amazon Web Services. Learn under AWS Expert


Comments

Post a Comment

Popular posts from this blog

How To Earn a Top-Paying AWS Certification & Salary

Back in the spring of 2013 when Amazon Web Services (AWS) unveiled its certification program, could anyone foresee how popular AWS certifications would become in such a short period of time? Fast forward six years, and you’ll notice a significant global demand represented by testing centers around the world. AWS exams are now offered in multiple languages, and an increasing number of IT professionals are interested in knowing what goes into obtaining an AWS Certification (or possibly multiple certifications). AWS certifications have become a featured highlight whenever the Global Knowledge IT Skills and Salary Report is released. The high adoption rate of AWS cloud services by organizations around the globe has translated into some of the top salaries for those IT professionals choosing to pursue these certifications in particular. Of the 12,271 IT professionals who participated in the Global Knowledge 2019 IT Skills and Salary Survey, 1,011 respondents said they hold an AWS...
Read more

Big Data Analytics What it is and why it matters

History and evolution of big data analytics The concept of big data has been around for years; most organizations now understand that if they capture all the data that streams into their businesses, they can apply analytics and get significant value from it. But even in the 1950s, decades before anyone uttered the term “big data,” businesses were using basic analytics (essentially numbers in a spreadsheet that were manually examined) to uncover insights and trends. The new benefits that big data analytics brings to the table, however, are speed and efficiency. Whereas a few years ago a business would have gathered information, run analytics and unearthed information that could be used for future decisions, today that business can identify insights for immediate decisions. The ability to work faster – and stay agile – gives organizations a competitive edge they didn’t have before. The Importance of Big Data Analytics Graphic Why is big data analytics important? Big data...
Read more

Full Stack Development : All that you need to know

What is a Full Stack Development professional? A full stack development professional is the one who is having a sound technical knowledge of each and every aspect of development – front end, back end, various operating systems among other details of the technology. These people are usually termed as “developer generalists”. The significant thing to be noted here is that full stack developer should not be confused with senior developers. In nutshell, this stack of developers can create any complex application from the scratch, provided they would have understood how each technical layer should interact with the other. Why Full Stack Development? At the beginning of this post, we have mentioned about a query that had instantly popped in the mind – why would a company require full stack development professional. Here’s the answer: 1. Creation of unique code: The developer or the agency would be able to create a unique code for multiple technologies; as they could work with ...
Read more