Lead Image © Amy Walters, 123RF.com
Cloud security with AWS GuardDuty
Guard on Duty
Organizations, no matter the size, should implement infrastructure for preventing, detecting, and responding to security incidents. In this article, I focus mainly on detection with an AWS-native tool called GuardDuty [1], which sends its findings to a security information and event management (SIEM) system to generate and correlate security alerts to which analysts can react.
Cloud Dangers
One of the principal concerns many companies still have when migrating their assets to the cloud is security and compliance, even though cloud services now take this topic seriously. Cloud vendors have done a brilliant job marketing their security technology as the best and most sophisticated; however, data breaches happen frequently, and bad actors are targeting those large cloud providers.
Securing an on-premises data center is slightly different from securing your assets in the cloud. What is the definition of the cloud? Many would say someone else's computers, but in reality, it is so much more complex than that, although it is true that pure cloud computing involves leasing infrastructure resources from a service provider.
Both models have advantages and disadvantages and likely neither is perfect, so you must carefully choose which model you use depending on the level of security you need for your business. No matter how "big" the cloud provider, the shared responsibility model would be similar.
According to Amazon Web Services (AWS), they are responsible for protecting the underlying infrastructure that runs all of the services offered. This infrastructure comprises the hardware, software, networking, and facilities that run AWS Cloud services, including physical controls. Customers are responsible for the rest of the security controls. For example, the famous Capital One hack happened because of a misconfiguration of
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Security in the AWS cloud with GuardDuty
Amazon GuardDuty continuously monitors your AWS accounts and workloads for potential threats. -
Build a secure development and production pipeline
We investigate best practices to secure CI/CD pipelines with DevSecOps. -
Shadow admin permissions and your AWS account
Malicious attackers are trying to conquer your AWS castle in the cloud. To mount a strong defense, you'll need a deeper understanding of privilege escalation and shadow admin permissions.