The second pillar to well-architected AWS cloud security - Detective Controls

Thèmes:

4 nov. 2019

This is the third in a series of seven on the five pillars for well-architected AWS security. For the entire series, visit the Five pillars – AWS blog page here.

Typically, Detective Controls focus on intrusion, more commonly known as Intrusion Detection Systems (IDS). These are automated and are designed to monitor and analyze network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous. Some IDS controls go further: they will trigger automated processes that can include recording suspicious activity or scanning the computers involved to try to find signs of compromise.

IDS controls are very valuable to resource managers and IT not just because they allow a timely response to compromises, but because they offer the capability to identify devices that are in imminent danger of compromise. To do so, IDS controls need some kind of feedback loop, with a security provider, to learn the latest malicious activities and recognize them when detected.

Within the AWS infrastructure, there are a number of detective controls that run the gamut from processing logs to monitoring, automated analysis, and alarms.

To monitor metrics with alarming:

CloudTrail logs

AWS AP Calls

CloudWatch

Configuration history:

AWS Config

SourceManaged detection threat service with continuous monitoring:

Amazon GuardDuty

Source

Service-level logs, i.e. logging access requests:

Amazon Simple Storage Service (Amazon S3)

To develop a well-architected Detective Controls pillar, customers must:

Understand how they will detect and investigate security events

Defend against emerging security threats

Visit the AWS Well-Architected Lab series to read more about Investigations and Defending against Threats.

In our next blog post in this series, we’ll examine Infrastructure Protection or NetSec. To follow this series in its entirety, visit the Five Pillars – AWS blog page here.

Barracuda Cloud Security Guardian secures your cloud infrastructure with an easy-to-use, highly automated solution that helps keep you secure in an era of increasing complexity and multiplying compliance mandates. For a free scan, visit our website here.

Rich Turner

Rich is the Director of Public Cloud Product Marketing at Barracuda. He joined the team as part of the acquisition of C2C Systems in 2014. Rich is one of Barracuda’s public cloud experts – he works directly with the cloud ecosystems and has been quoted in eBooks from Microsoft on public cloud security. He is also a frequent contributor to Barracuda’s own cloud blogs. For our cloud motions, he helps develop strategies and execution with our partners and sales teams.

If you'd like to get in touch with Rich, you can connect with him on LinkedIn and follow him on Twitter.

You can email Rich at rturner@barracuda.com.