In this video, learn about the purpose of using AWS detective controls to identify potential security threats or incidents.
- [Instructor] Amazon has a large number of tools, that are hosted at AWS, that can help you identify the threats to your platform. They use these tools to look at all different aspects of security or provide different monitoring solutions, or details as to what's going on in your account. They call them Detective Controls, and the idea is they can help you quickly identify any security threats, or potential security threats, or help you deal with incidents when they happen at AWS. You may have to do this from a legal point of view, just like Amazon. Amazon has to provide the details to internal auditors that are coming in, and looking at how Amazon manages their security, what security controls do they actually carry out? And that might be the first step that you have to carry out at Amazon as well, is to figure out the level of compliance that you need, does Amazon do their job, on setting up security on the components that they manage? And then do you have to do the same thing internally to ensure that the compliance that you want is actually being carried out? Can you validate all the controls that you need? Is that legally required by your company? So there's a wide variety of tools we'll look at, that give us the ability of gathering that information very quickly. For example, I might want to go into CloudTrail and prove who authenticated to my organization or to a particular account, over the last couple of years. I can hold onto that information forever. Or maybe I want to identify and classify the actual data stored in S3 buckets. So I could sign up for Amazon Macy, and get the details as to the type of data, the classification of the data, and who actually accessed those data records. So you might have a lot of controls that you want to carry out. Now we just talked about S3 data, but maybe for your additional data records, you want full encryption. Well, we can certainly do that at AWS as well. And from the control aspect, you can set up identity and access management, to control access to absolutely everything at AWS. Your internal auditors are probably going to be interested in auditing what's being set up as well, or they may be directly involved to ensure that the security controls, are the best they can be. The overall longterm job is to ensure that when you get notified that there's a security failure or a problem, what do you actually do? What's the condition to actually solve that problem? So, we have to look at how we can move from a manual notification, that is just reading a report or looking at a log and say, if this happens, I want to set up the conditions, that I can have an automated solution and be notified. So that's the big job at Amazon, to move your notifications, and setting up the conditions that are an automatic response to a problem. The big question you have to ask yourself is, how are you going to detect and investigate security events at AWS? 'Cause they're going to happen, and we know there's a number of different tools we can use at AWS, you also might want to integrate, some of the third party tools as well, to make this a win win.
- Design principals
- Identity and Access Management (IAM)
- Protecting AWS credentials
- Identifying threats
- Auditing security
- Infrastructure protection
- Protecting data at rest and in transit
- Responding to security incidents
- Managing incident response