Effective Threat Detection and Incident Response

Networks, servers, applications and data are under virtually constant siege from both automated and targeted attacks. Once compromises and data breaches are discovered, companies often learn that attackers have been camped out for months—conducting reconnaissance and spreading across the network to find the most valuable resources or data. It’s important for organizations to have effective threat detection and incident response systems in place to identify and address issues before they become headline news.

Shared Responsibility Model

When dealing with cloud platforms and cloud workloads, it’s crucial to understand the shared responsibility model. Yes, the platform provider—whether it’s AWS, or Azure, or Google Cloud—takes on some responsibility for securing and protecting the underlying infrastructure of the cloud services they manage, but you are responsible for the security of the servers, applications and data you run from that cloud.

There is no one right way to approach security, though. There are multiple models of shared responsibility out there, and it’s up to you to identify what you’re responsible for and address it accordingly.

You should begin with a thorough risk assessment. Rank the importance of your applications and prioritize remediations based on that analysis. Is the application customer facing? Does it have access to sensitive or controlled data? How is the data segregated?

AWS Security Best Practices 

Focusing on AWS specifically, there are some essential best practices you should follow for securing your account:

• Lock down the root account
• Follow least privilege for identity and access management (IAM) Users and Roles
• Ensure S3 access control lists (ACLs) and Bucket Policies are properly configured
• Enable a strong password policy and multi-factor authentication (MFA) requirement for IAM users
• Enable CloudTrail and AWS Config
• Leverage encryption for services that have key management systems (KMS) integration
• Not a one-time activity – You must continuously monitor for changes

There are a variety of common configuration errors that come up consistently for AWS customers. Sadly, companies frequently do the hard work for the hackers. Many of the breaches and exposures that occur with data in the cloud are a result of unconfigured or misconfigured security controls.

Security tools alone are not enough as your AWS environment becomes more complex, and the need for comprehensive AWS security – including people, process, and technology – becomes apparent. Cyber threats continue to increase in volume and sophistication, so where do you start when incorporating advanced threat detection and response capabilities into your security strategy?

Make sure you monitor activity and identify insecure configurations on a persistent basis—or hire the security experts who can do it for you. To learn more, check out our Managed Detection and Response solution and also watch our webinar: Managed Threat Detection and Response for Securing AWS Applications.