This is the third in a series of seven on the five pillars for well-architected AWS security. For the entire series, visit the Five pillars – AWS blog page here.
Typically, Detective Controls focus on intrusion, more commonly known as Intrusion Detection Systems (IDS). These are automated and are designed to monitor and analyze network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous. Some IDS controls go further: they will trigger automated processes that can include recording suspicious activity or scanning the computers involved to try to find signs of compromise.
IDS controls are very valuable to resource managers and IT not just because they allow a timely response to compromises, but because they offer the capability to identify devices that are in imminent danger of compromise. To do so, IDS controls need some kind of feedback loop, with a security provider, to learn the latest malicious activities and recognize them when detected.
Within the AWS infrastructure, there are a number of detective controls that run the gamut from processing logs to monitoring, automated analysis, and alarms.
To monitor metrics with alarming:
- CloudTrail logs
- AWS AP Calls
- CloudWatch
Configuration history:
Service-level logs, i.e. logging access requests:
To develop a well-architected Detective Controls pillar, customers must:
- Understand how they will detect and investigate security events
- Defend against emerging security threats
Visit the AWS Well-Architected Lab series to read more about Investigations and Defending against Threats.
In our next blog post in this series, we’ll examine Infrastructure Protection or NetSec. To follow this series in its entirety, visit the Five Pillars – AWS blog page here.
Barracuda Cloud Security Guardian secures your cloud infrastructure with an easy-to-use, highly automated solution that helps keep you secure in an era of increasing complexity and multiplying compliance mandates. For a free scan, visit our website here.
Rich ist Director of Public Cloud Product Marketing bei Barracuda. Er stieß im Rahmen der Übernahme von C2C Systems im Jahr 2014 zum Team. Rich ist einer der Public-Cloud-Experten von Barracuda – er arbeitet direkt mit den Cloud-Ökosystemen und wurde in E-Books von Microsoft zum Thema Public Cloud Security zitiert. Er schreibt außerdem häufig für die eigenen Cloud-Blogs von Barracuda. Für unsere Cloud-Initiativen hilft er bei der Entwicklung von Strategien und deren Umsetzung mit unseren Partnern und Vertriebsteams.
Wenn Sie mit Rich in Kontakt treten möchten, können Sie sich auf LinkedIn mit ihm vernetzen und ihm auf Twitter folgen.
Sie können Rich ein E-Mail [email protected] senden.
