The second pillar to well-architected AWS cloud security - Detective Controls
This is the third in a series of seven on the five pillars for well-architected AWS security. For the entire series, visit the Five pillars – AWS blog page here.
Typically, Detective Controls focus on intrusion, more commonly known as Intrusion Detection Systems (IDS). These are automated and are designed to monitor and analyze network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous. Some IDS controls go further: they will trigger automated processes that can include recording suspicious activity or scanning the computers involved to try to find signs of compromise.
IDS controls are very valuable to resource managers and IT not just because they allow a timely response to compromises, but because they offer the capability to identify devices that are in imminent danger of compromise. To do so, IDS controls need some kind of feedback loop, with a security provider, to learn the latest malicious activities and recognize them when detected.
Within the AWS infrastructure, there are a number of detective controls that run the gamut from processing logs to monitoring, automated analysis, and alarms.
To monitor metrics with alarming:
Service-level logs, i.e. logging access requests:
To develop a well-architected Detective Controls pillar, customers must:
- Understand how they will detect and investigate security events
- Defend against emerging security threats
Visit the AWS Well-Architected Lab series to read more about Investigations and Defending against Threats.
In our next blog post in this series, we’ll examine Infrastructure Protection or NetSec. To follow this series in its entirety, visit the Five Pillars – AWS blog page here.
Barracuda Cloud Security Guardian secures your cloud infrastructure with an easy-to-use, highly automated solution that helps keep you secure in an era of increasing complexity and multiplying compliance mandates. For a free scan, visit our website here.