Overview of Cloud Native Security Services from AWS

Security plays an important role for any industry as every day there is news of another massive data breach in many places. Security is a core functional requirement to protect critical information, manage the access, logging and monitoring. Hence organization spend significant amount of resources to manage the security of their resources whether it is in physical or virtual (in-cloud).

Some people believe that moving to a cloud platform would ensure that their data is safe but it is not the actual scenario. Cloud security is still an important aspect that needs to be factored into.

In earlier days, Security-specific native service or tools did not exist in AWS. However, now cloud platforms have standard security best practices as the default option which is simple to implement and manage. Also, cloud services provide opportunities to improve on security through automations. AWS provides a range of security services and features that AWS customers can use to secure their assets.

Below table describes about the Security services provided by AWS

Who is Responsible for What in Cloud??

Securing the data is everyone’s responsibility. With this aspect, AWS uses a Shared Responsibility model to define the roles in managing the security. Customers are responsible for security in the cloud and AWS is responsible for security of the cloud.

AWS Security Hub

AWS Security Hub service provides a comprehensive view of high priority security alerts and compliance status across AWS accounts. Security hub is a place where user can centralize and prioritize security and compliance findings across AWS accounts, services and supported third-party partners. It allows the user to have more visibility into the security and compliance status of the AWS environments. It is important to note that AWS Config is required for Security Hub’s compliance checks.

Key Benefits

• Identify and prioritize the most important issues by grouping and correlating security findings with Insights.
• Collect and process security findings from multiple accounts within a region.

Security Hub Insights and Latest Findings:

User can integrate other AWS services or third-party products to receive their findings in Security Hub.

Custom Actions:

User can also send selected insights and findings to AWS CloudWatch Events by creating a custom action in Security Hub console.

Usage and Estimation

AWS provides a 30 day free trial for using Security hub across AWS accounts and regions.

User can view an estimate by navigating from the Security Hub console to Settings > Usage

AWS GuardDuty

AWS GuardDuty mainly used for threat detection and prevention. GuardDuty helps security professionals to identify threats in their environment and protect against any malicious or suspicious behaviour.

GuardDuty findings severity categorized into 3 levels – LOW, MEDIUM and HIGH

User can ingest, process and visualize GuardDuty finding logs in a Serverless environment.

GuardDuty service can be used free of cost for 30 days.

The primary detection category includes,

• Account Compromise
• Instance Compromise
• Reconnaissance

Key Benefits

• To detect known and unknown threats.
• Automate threat response.
• Continuously monitors unauthorized and anomalous API activity.

GuardDuty Findings:

GuardDuty findings will be automatically send to CloudWatch events and user can update the frequency for updated findings. Now, user can export GuardDuty findings to S3 buckets.

Usage and Estimation

GuardDuty will display the volume of data processed and estimated daily average service charge for AWS account.

User can view an estimate by navigating from the GuardDuty console to Settings > Usage

Now that you understand why cloud security is so important, get busy on actually achieving it.

As you can see, this priority doesn’t even have to be that difficult to achieve. Talk to us to tailor the best cloud security for your business!

Written by :     Geetha Pandiyan  & Umashankar N