☁️
CTHFM: AWS
  • Welcome
  • Getting Started
    • Account Setup
  • AWS CLI
    • AWS CLI Overview
    • Installation
  • AWS Fundamentals
    • AWS Documentation
    • AWS Shared Responsibility Model
    • Organizational Hierarchy
    • AWS Principals
    • IAM Fundamentals
      • IAM Policy Components
      • IAM Documentation References
    • AWS Security Services Overview
    • AWS Core Services
    • AWS Frameworks
    • Regions and Availability Zones
  • SQL
    • SQL Refresher for Threat Hunting
  • Logging Reference
    • Cloudtrail
      • What is Cloudtrail?
      • Setting Up Cloudtrail
      • Cloudtrail Events Structure
      • Filtering and Searching CloudTrail Logs
      • IAM ID Prefixes
      • Additional Resources
      • API References
    • VPCFlow Logs
    • GuardDuty
      • Multi-Account Setup
      • GuardDuty Concepts
      • GuardDuty Finding References
      • S3 Protection
      • Malware Protection
        • EC2 Malware Protection
          • EC2 Protection Resources
          • Monitoring Scans
          • EC2 Malware Protection Events: CloudWatch
        • S3 Malware Protection
          • Enabling S3 Malware Protection
          • After Enabling S3 Malware Protection
          • S3 Malware Resource Plan Status
          • S3 Malware Protection Quotas
      • RDS Protection Enablement
      • Lambda Protection Enablement
      • Trusted IP Lists and Threat Lists in Amazon GuardDuty
      • Remediation Recommendations
      • GuardDuty API Reference
      • GuardDuty Quotas
    • Access Analyzer
      • Setup
      • External Access and Unused Access Analyzer Findings
      • Review Findings
      • Access Analyzer Resources
      • Access Analyzer API Reference
    • AWS Network Firewall
      • Permissions
      • Firewall Log Contents
      • Logging Destinations
      • CloudWatch Firewall Metrics
    • AWS Config
      • Resource Management in AWS Config
      • AWS Config Integrations
      • AWS Config Resources
      • Configuration Item
      • Config Rules
        • Evaluation Modes
  • CloudWatch
    • Amazon CloudWatch
      • CloudWatch Concepts
      • CloudWatch Metrics
        • Filter Pattern Syntax
      • CloudWatch Alarms
        • Alarm Recommendations
      • Subscriptions
      • CloudWatch Agent
      • CloudWatch Insights
        • Supported Logs and Discovered Fields
        • CloudWatch Insights Query Syntax
      • Anomaly Detection
        • Create Anomaly Detector
        • Alarms for Anomaly Detections
      • CloudWatch Filter Syntax
      • CloudWatch Service Quota
  • Athena For Threat Hunting
    • Introduction to Athena
    • Setting Up Athena
    • SQL For Threat Hunters
    • Automated Response
    • Query Best Practices
  • AWS Security Research and Resources
    • AWS Security Blog
    • AWS Goat
    • Cloud Goat
    • Pacu
    • Prowler
    • Scout Suite
  • Threat Hunting in AWS
    • Threat Hunting in AWS
    • Threat Hunting Introduction
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • MITRE Att&ck
      • MITRE Att&ck Concepts
      • MITRE Att&CK Data Sources
      • MITRE Att&CK Mitigations
    • MITRE Att&ck: AWS
      • MITRE Att&CK Matrix
      • Amazon Web Services Security Control Mappings
    • AWS Threat Hunting Ideas
      • AWS Threat Hunting Ideas: EC2
      • AWS Threat Hunting Ideas: Lambda
      • AWS Threat Hunting Ideas: SQS
      • AWS Threat Hunting Ideas: SNS
      • AWS Threat Hunting Ideas: RDS
Powered by GitBook
On this page
  • Overview
  • 1. Identity and Access Management (IAM)
  • 2. Threat Detection and Monitoring
  • 3. Data Security and Encryption
  • 4. Application Security
  • 5. Network Security
  • 6. Compliance and Governance
  • 7. Incident Response and Autoremediation
  • Summary Table
  1. AWS Fundamentals

AWS Security Services Overview

Overview

AWS provides a broad range of security services that help protect cloud resources, detect vulnerabilities, and meet compliance standards. These services cover various aspects such as identity management, threat detection, data encryption, network security, and incident response. Below is an overview of the core AWS security services and how they fit into a comprehensive security strategy.

1. Identity and Access Management (IAM)

AWS IAM (Identity and Access Management)

  • Manages users, roles, policies, and permissions for AWS services.

  • Controls who can access which resources and what actions they can perform.

  • Supports MFA (Multi-Factor Authentication) and temporary credentials through roles.

Use Case:

  • Secure access to AWS resources by assigning least-privilege permissions.

2. Threat Detection and Monitoring

Amazon GuardDuty

  • A threat detection service that continuously monitors AWS accounts, networks, and workloads.

  • Detects suspicious activity such as unusual API calls, brute-force attacks, or data exfiltration.

Use Case:

  • Identify compromised instances or anomalous user behavior.

AWS CloudTrail

  • Logs API calls made across the AWS environment, providing detailed activity tracking.

  • Essential for auditing, compliance, and incident investigation.

Use Case:

  • Monitor changes to critical resources and detect unauthorized activities.

AWS Security Hub

  • Provides a centralized dashboard to monitor and manage security alerts from various AWS services.

  • Aggregates findings from GuardDuty, Inspector, Macie, and other services.

Use Case:

  • Maintain an organization-wide security posture with consolidated security alerts.

3. Data Security and Encryption

AWS Key Management Service (KMS)

  • Provides a secure way to create, manage, and control encryption keys for data encryption across AWS services.

  • Supports encryption for S3 buckets, RDS, Lambda, and other resources.

Use Case:

  • Encrypt sensitive data stored in S3 and control access through KMS keys.

AWS CloudHSM

  • Offers hardware security modules (HSMs) to meet stringent compliance requirements for key management.

  • Provides dedicated HSM appliances to manage cryptographic operations.

Use Case:

  • Store encryption keys within an HSM for compliance with regulations like FIPS 140-2.

Amazon Macie

  • Uses machine learning to automatically discover and classify sensitive data, such as PII.

  • Helps detect data leaks or inappropriate data sharing.

Use Case:

  • Monitor and secure sensitive information like credit card numbers or social security numbers in S3 buckets.

4. Application Security

AWS WAF (Web Application Firewall)

  • Protects web applications by filtering malicious traffic such as SQL injection or cross-site scripting (XSS).

  • Integrates with Amazon CloudFront and Application Load Balancer (ALB).

Use Case:

  • Protect public-facing applications from common web exploits.

AWS Shield

  • Provides DDoS (Distributed Denial-of-Service) protection for AWS applications.

  • AWS Shield Advanced offers enhanced protection, including near real-time attack visibility and incident support.

Use Case:

  • Protect a website from DDoS attacks during peak traffic.

Amazon Inspector

  • Automatically scans EC2 instances and container workloads for vulnerabilities and misconfigurations.

  • Generates security findings with severity ratings and remediation steps.

Use Case:

  • Identify outdated software versions or unpatched vulnerabilities in EC2 instances.

5. Network Security

Amazon VPC Security (Virtual Private Cloud)

  • Provides isolation for workloads by segmenting them into VPCs and subnets.

  • Supports Security Groups and Network ACLs (Access Control Lists) to restrict inbound and outbound traffic.

Use Case:

  • Limit access to sensitive services by defining firewall rules in security groups.

AWS Network Firewall

  • A managed network firewall service that protects VPCs from malicious traffic.

  • Supports stateful inspection, intrusion detection, and prevention.

Use Case:

  • Securely route traffic between VPCs and prevent unauthorized network activity.

6. Compliance and Governance

AWS Config

  • Continuously tracks resource configurations and provides compliance monitoring.

  • Helps identify resources that drift away from approved configurations.

Use Case:

  • Ensure compliance with security policies by detecting configuration changes.

AWS Audit Manager

  • Automates audit preparation to track and report on compliance with frameworks such as PCI-DSS, HIPAA, or GDPR.

  • Generates detailed audit reports and evidence automatically.

Use Case:

  • Prepare for compliance audits with minimal manual effort.

7. Incident Response and Autoremediation

AWS Systems Manager

  • Provides operational tools to manage and automate incident responses.

  • Runbooks can automate tasks like restarting instances, applying patches, or gathering logs during an incident.

Use Case:

  • Automate common incident response workflows with predefined runbooks.

AWS Lambda (for Autoremediation)

  • Use Lambda functions to trigger automatic remediation actions in response to security alerts.

  • Integrates with CloudWatch Alarms and GuardDuty findings for real-time responses.

Use Case:

  • Automatically quarantine a compromised instance detected by GuardDuty.

Summary Table

Category

Service

Description

Use Case

Identity Management

IAM

Manage users, roles, and permissions

Grant least-privilege access to resources

Threat Detection

GuardDuty

Detect anomalous behavior and threats

Identify suspicious API activity

Threat Monitoring

CloudTrail

Track API calls and changes to resources

Investigate unauthorized changes

Data Security

KMS

Manage encryption keys for AWS services

Encrypt S3 data at rest

Application Security

WAF

Protect web apps from common exploits

Mitigate SQL injection attacks

DDoS Protection

AWS Shield

Defend against DDoS attacks

Protect public-facing applications

Compliance

Config

Track resource configurations and compliance

Ensure security configurations are maintained

Incident Response

Systems Manager

Automate incident response and patch management

Restart instances during incidents

PreviousIAM Documentation ReferencesNextAWS Core Services

Last updated 8 months ago