AWS Security Services

Amazon GuardDuty: Intelligent Threat Detection

Amazon GuardDuty is a threat detection service that continuously monitors your AWS environment for malicious activity and unauthorized behavior.

Key features include:

• Machine learning and anomaly detection to identify potential threats

• Analysis of CloudTrail logs, VPC Flow Logs, and DNS logs

• Automatic threat intelligence updates

• Container-aware protection for workloads across EC2, ECS, and EKS

GuardDuty can detect various threats, including:

• Compromised EC2 instances and container workloads

• Reconnaissance by attackers

• Account compromise attempts

• Unusual API calls or activities

AWS CloudTrail: Comprehensive Auditing and Logging

CloudTrail provides a record of actions taken by users, roles, or AWS services in your account. It enables:

• Auditing of AWS account activity

• Security monitoring and troubleshooting

• Compliance with internal policies and regulatory standards

Amazon Detective: Advanced Security Investigation

Amazon Detective helps security teams conduct faster and more effective investigations. It offers:

• Automated data collection and processing

• Visualization of security data to identify root causes

• Integration with GuardDuty and other AWS security services

IAM Access Analyzer: Fine-tuning Access Permissions

IAM Access Analyzer helps you refine your IAM policies by:

• Identifying resources that are shared with external entities

• Providing actionable recommendations to improve security

• Continuously monitoring for changes in resource access

AWS Identity and Access Management (IAM): Core Access Control

IAM is the foundation of AWS security, allowing you to:

• Manage user identities and access to AWS resources

• Implement the principle of least privilege

• Use multi-factor authentication (MFA) for enhanced security

AWS Security Hub: Centralized Security Management

Security Hub provides a comprehensive view of your security and compliance status across AWS accounts. It offers:

• Aggregation of security findings from various AWS services

• Automated security checks against best practices and standards

• Centralized dashboard for security monitoring and management

Sources

GuardDuty-https://aws.amazon.com/guardduty/features/

CloudTrail-https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

Detective -https://docs.aws.amazon.com/detective/latest/userguide/what-is-detective.html

IAM Access Analyzer - https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

IAM -https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

Security Hub - https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html