In part 1 of this of this two-part series, How to detect security issues in Amazon EKS cluster using Amazon GuardDuty, we walked through a real-world observed security issue in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and saw how Amazon GuardDuty detected each phase by following MITRE ATT&CK tactics. In this blog post, […]
In this two-part blog post, we’ll discuss how to detect and investigate security issues in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon GuardDuty and Amazon Detective. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run and scale container workloads by using Kubernetes in the AWS […]
Register now with discount code SALXTDVaB7y to get $150 off your full conference pass to AWS re:Inforce. For a limited time only and while supplies last. Today we’re going to highlight just some of the sessions focused on threat detection and incident response that are planned for AWS re:Inforce 2022. AWS re:Inforce is a learning […]
In the week leading up to AWS re:Invent 2021, we’ll share conversations we’ve had with people at AWS who will be presenting, and get a sneak peek at their work. How long have you been at Amazon Web Services (AWS), and what do you do in your current role? I’ve been at AWS nearly 4 […]
May 10, 2022: The Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper has been archived, so we have updated the link in this blog post accordingly. AWS recently released the Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper. This whitepaper aligns the National Institute of […]
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon GuardDuty is an automated threat detection service that continuously monitors for suspicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. In this post, I’ll share how you can use GuardDuty with […]
The Security Operations Center (SOC) has a tough job. As customers modernize and shift to cloud architectures, the ability to monitor, detect, and respond to risks poses different challenges. In this post we address how Amazon GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to […]
AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment. The whitepaper reviews how to prepare your organization for detecting and responding to security incidents, explores the controls and capabilities at your disposal, provides topical examples, and outlines remediation methods that […]
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Given the many log types that Amazon GuardDuty analyzes (Amazon Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and DNS logs), you never know what it might discover in your […]
We’re relentlessly innovating on your behalf at AWS, especially when it comes to security. Last November, we launched Amazon GuardDuty, a continuous security monitoring and threat detection service that incorporates threat intelligence, anomaly detection, and machine learning to help protect your AWS resources, including your AWS accounts. Many large customers, including General Electric, Autodesk, and […]
Capture and analyze events from logs and metrics to gain visibility. Take action on security events and potential threats to help secure your workload. Resources Threat management in the cloud: Amazon GuardDuty and AWS Security Hub Best Practices:
Improvement PlanConfigure service and application logging AWS Answers: native AWS security-logging capabilities Getting started with CloudWatch Logs Developer Tools/Log Analysis Authentication and Access Control for Amazon CloudWatch Identity and access management in Amazon S3 Amazon GuardDuty Lab: Automated Deployment of Detective Controls Creating a trail in CloudTrail Lab: Automated Deployment of Detective Controls AWS Config Lab: Automated Deployment of Detective Controls AWS Security Hub Analyze logs, findings, and metrics centrally Use Amazon Elasticsearch Service to log and monitor (almost) everything Find a partner that specializes in logging and monitoring solutions Configuring Athena to analyze CloudTrail logs Centralize logging solution Logging and Monitoring Automate response to events Lab: Automated Deployment of Detective Controls Lab: Amazon GuardDuty hands on Implement actionable security events AWS service documentation Using Amazon CloudWatch Metrics Using Amazon CloudWatch Alarms |