Lead Image © xcfoto, 123RF.com
Security in the AWS cloud with GuardDuty
En Garde!
GuardDuty is a sophisticated threat intelligence tool offered by AWS as a specialist service that takes care of ever-evolving infrastructure attacks [1]. In this article, I show you how to enable GuardDuty on AWS through Infrastructure as Code with HashiCorp's venerable Terraform [2] and look at the type of alerts it stands guard and looks out for. Minus a third-party application ingesting the resulting alerts into a security operations center (e.g., Splunk), I'll demonstrate an end-to-end DevSecOps solution.
Cloud technologies have brought a number of significant advances in the ways we create and maintain Internet infrastructure. Coupled with DevOps practices, which help expedite application software releases, the tools in use today are a million of your Earth miles from the tools of yesteryear.
As part of the cloud's innovation, Amazon Web Services (AWS) brought to the fore utility computing , or Pay as You Go. In addition to the speedy, dynamic creation (and destruction) of resources, flexible billing, and the Infrastructure-as-a-Service (IaaS) model from AWS, do not forget the continual blessing of new features and services by the bucket load (pun intended). Some of these cloud services fall by the wayside and are quietly deprecated, and some create a significant new revenue stream for AWS.
In the same way that data centers need security monitoring, these new-fangled cloud services still present the time-honoured issue of tracking who is attacking your online resources, with a very real need to gain an insight into the attackers' targets.
Dive, Dive, Dive
AWS describes the key features of GuardDuty as "… a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Cloud security with AWS GuardDuty
AWS GuardDuty uses machine learning and threat intelligence to identify malicious activity for continuous security monitoring in the cloud. -
Infrastructure as Code with Terraform
Application releases can take place several times a day. Terraform helps you roll out virtual machines automatically in your data center or in the cloud, and you adapt the manual only when it changes. -
Build a secure development and production pipeline
We investigate best practices to secure CI/CD pipelines with DevSecOps. -
Shadow admin permissions and your AWS account
Malicious attackers are trying to conquer your AWS castle in the cloud. To mount a strong defense, you'll need a deeper understanding of privilege escalation and shadow admin permissions.