This is the sixth in a series of seven on the five pillars for well-architected AWS security. For the entire series, visit the Five pillars – AWS blog page here.
For a number of organizations, Incident Response (IR) is the first symptom of a poorly-architected cloud security framework. Often, incidents aren’t even identified until well after they have occurred, and damage has been done. In those cases, response quickly escalates to remediation, and there are numerous cautionary tales of companies being irreparably harmed by large and undetected breaches and incidents.
Within a well-architected IR Framework, the notion of IR is more basic. Incidents are typically security failures or non-compliances that can be easily identified and rectified. Solutions that prevent incidents still may have the requirement to identify intentional malicious incidents, even if they were ultimately prevented for occurring.
IR can take many forms, from simple identification and rectification, or prevention, to changes in policies and strategies that avoid future similar incidents. Organizations that leverage well-architected cloud frameworks as a basis to enforce security and workflow best practices can utilize IR as a way to identify where best practices aren’t being followed and why. In that way, IR becomes part of a continuous feedback loop to help keep a well-architected cloud framework secure.
Within the AWS infrastructure, several practices can help facilitate effective incident response
- Detailed logging which contains content including file access and changes
- Automated processing of events through AWS APIs
- Leveraging AWS CloudFormation to create a “clean room” in which you can carry out forensics in an isolated environment
- Leveraging AWS Lambda to create rules that will trigger automated responses
In the final blog in this series, we’ll discuss ways to tie these pillars together into a continuous cycle of Well-Architected AWS Cloud Security. To follow this series in its entirety, visit the Five Pillars – AWS blog page here.
Barracuda Cloud Security Guardian has been designed from the ground up to integrate with AWS and leverage built-in security and alerting features. For a free scan, visit our website here.
Rich ist Director of Public Cloud Product Marketing bei Barracuda. Er stieß im Rahmen der Übernahme von C2C Systems im Jahr 2014 zum Team. Rich ist einer der Public-Cloud-Experten von Barracuda – er arbeitet direkt mit den Cloud-Ökosystemen und wurde in E-Books von Microsoft zum Thema Public Cloud Security zitiert. Er schreibt außerdem häufig für die eigenen Cloud-Blogs von Barracuda. Für unsere Cloud-Initiativen hilft er bei der Entwicklung von Strategien und deren Umsetzung mit unseren Partnern und Vertriebsteams.
Wenn Sie mit Rich in Kontakt treten möchten, können Sie sich auf LinkedIn mit ihm vernetzen und ihm auf Twitter folgen.
Sie können Rich ein E-Mail [email protected] senden.
