This is the third in a series of seven on the five pillars for well-architected AWS security. For the entire series, visit the Five pillars – AWS blog page here.
Typically, Detective Controls focus on intrusion, more commonly known as Intrusion Detection Systems (IDS). These are automated and are designed to monitor and analyze network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous. Some IDS controls go further: they will trigger automated processes that can include recording suspicious activity or scanning the computers involved to try to find signs of compromise.
IDS controls are very valuable to resource managers and IT not just because they allow a timely response to compromises, but because they offer the capability to identify devices that are in imminent danger of compromise. To do so, IDS controls need some kind of feedback loop, with a security provider, to learn the latest malicious activities and recognize them when detected.
Within the AWS infrastructure, there are a number of detective controls that run the gamut from processing logs to monitoring, automated analysis, and alarms.
To monitor metrics with alarming:
- CloudTrail logs
- AWS AP Calls
- CloudWatch
Configuration history:
Service-level logs, i.e. logging access requests:
To develop a well-architected Detective Controls pillar, customers must:
- Understand how they will detect and investigate security events
- Defend against emerging security threats
Visit the AWS Well-Architected Lab series to read more about Investigations and Defending against Threats.
In our next blog post in this series, we’ll examine Infrastructure Protection or NetSec. To follow this series in its entirety, visit the Five Pillars – AWS blog page here.
Barracuda Cloud Security Guardian secures your cloud infrastructure with an easy-to-use, highly automated solution that helps keep you secure in an era of increasing complexity and multiplying compliance mandates. For a free scan, visit our website here.
Rich est directeur marketing pour les produits de cloud public chez Barracuda. Il a rejoint l'équipe dans le cadre de l'acquisition de C2C Systems en 2014. Rich est l'un des experts du cloud public de Barracuda. Il travaille directement sur les écosystèmes cloud et est cité dans des ebooks de Microsoft sur la sécurisation du cloud public. Il est également contributeur régulier des blogs thématiques sur le cloud de Barracuda. Dans le cadre de notre travail sur le cloud, il aide au développement de stratégies et à leur exécution avec nos partenaires et nos équipes commerciales.
Si vous souhaitez entrer en contact avec Rich, vous pouvez vous connecter avec lui sur LinkedIn et le suivre sur Twitter.
Vous pouvez envoyer un e-mail à Rich à l'adresse [email protected].
