Highlights:

  • Amazon GuardDuty and AWS Security Hub are the two current services that power Security Incident Response.
  • Customers can use the integrated incident management capabilities to fix any possible breaches that Security Incident Response finds.

Amazon Web Services Inc. is widening its cybersecurity portfolio with the latest service that will make it simpler for users to spot and mitigate security breaching attempts.

Recently, the product, AWS Security Incident Response, was introduced. The cloud giant unveiled several platform additions ahead of this week’s AWS re: Invent 2024 conference, where additional product changes are anticipated.

Amazon GuardDuty and AWS Security Hub are the two current services that power Security Incident Response. The former product is a threat detection engine that looks for malicious activities in cloud environments. In the meantime, Security Hub identifies vulnerabilities linked to configuration. It has connectors that can gather technical information from specific cybersecurity solutions made by third parties.

Data from GuardDuty and third-party cybersecurity products that clients integrate with Security Hub power Security Incident Response. The new service filters unneeded logs and checks the gathered data for indications of malicious activity. Additionally, it highlights issues that are especially urgent and need to be addressed right away.

Businesses that sign up for the service get access to several playbooks, which are automated workflows created to expedite routine cybersecurity tasks. Initially, they were created for the AWS Customer Incident Response Team, or CIRT, which assists users in responding to security incidents. According to the cloud giant, its playbooks automate processes like identifying the launch of a malicious container in a Kubernetes cluster.

Customers can use the integrated incident management capabilities to fix any possible breaches that Security Incident Response finds. To maintain the teams that work to mitigate cyberattacks, there are various features for videoconferencing, file exchange, and messaging. Businesses can report a cybersecurity problem to AWS’ CIRT team or another breach remediation provider using a case tracking page.

“Customers gain access to self-service investigation tools and 24/7 support from the AWS CIRT,” AWS Senior Developer Advocate Betty Zheng reported. “Customers also have the ability to handle incidents independently or interoperate with third-party security vendors.”

Some related duties are also well suited for Security Incident Response. AWS claims that businesses may use the tool to model cyberattacks and assess how well their breach response teams perform. These exercises give a business the chance to find cybersecurity workflow weaknesses before hackers do.

Security Incident Response incorporates a dashboard that shows data about businesses’ breach response initiatives to facilitate analysis. It monitors parameters like the mean time to resolution and the number of cybersecurity incidents reported within a specified period.

Based on information supplied by the customer, AWS customizes several aspects of Security Incident Response. To make sure the service won’t mark traffic from known IP addresses used by its subsidiaries as malicious, for instance, a business can provide a list of those addresses. These configuration guidelines help cybersecurity teams save time by lowering false positives.

“Customers can also configure permissions for the service to execute containment actions by deploying specific IAM roles,” Zheng explained. “By using these Security Incident Response containment capabilities, customers can achieve faster incident response times and potentially minimize the impact of security events on accounts and resources.”