Search for Well Architected Advice
Keep up-to-date with security threats
Maintaining awareness of the latest security threats is essential for defining and refining your security controls. By understanding current attack vectors, organizations can proactively implement necessary measures to safeguard their workloads, ensuring a resilient security posture.
Best Practices
Stay Informed on Security Threats
- Regularly review reputable cybersecurity news sources, and subscribe to threat intelligence feeds to keep informed about emerging threats and vulnerabilities.
- Utilize the AWS Security Bulletins and the AWS Security Blog to understand the latest updates and best practices relevant to your AWS services.
- Implement a threat intelligence platform to aggregate data from multiple sources, including AWS Managed Services and third-party feeds, to have a comprehensive view of potential security threats.
- Develop a routine for reviewing the Common Vulnerabilities and Exposures (CVE) List to identify applicable vulnerabilities affecting your workloads.
- Engage with AWS security partners and consider using third-party tools that provide advanced threat detection and security analytics.
- Automate the monitoring of logs and alerts for unusual or unexpected behavior using AWS services like AWS CloudTrail and Amazon GuardDuty, ensuring a swift response to potential security incidents.
Questions to ask your team
- How frequently do you review and update your security threat intelligence sources?
- Are you leveraging AWS Managed Services for real-time alerts on security incidents?
- Do you have a process for integrating third-party threat information feeds into your security operations?
- How do you ensure your team is aware of the latest Common Vulnerabilities and Exposures (CVE) List updates?
- What mechanisms do you have in place for threat modeling and updating your security controls based on new vulnerabilities?
- Do you run regular security assessments to identify potential attack vectors?
- Is there a dedicated team responsible for monitoring and responding to security threats?
- How do you evaluate the effectiveness of your current security measures against the latest threat landscape?
Who should be doing this?
Security Analyst
- Monitor and analyze security alerts and notifications from AWS and third-party tools.
- Stay informed about the latest security threats and vulnerabilities through reputable sources.
- Conduct regular reviews of the Common Vulnerabilities and Exposures (CVE) List to identify relevant risks.
- Collaborate with development and operations teams to ensure appropriate security controls are implemented.
Cloud Security Architect
- Develop and maintain a security framework aligned with AWS best practices and threat intelligence.
- Implement and optimize AWS Managed Services to enhance security monitoring.
- Design architecture and controls to mitigate identified attack vectors effectively.
- Advise teams on integrating third-party threat information feeds into existing security processes.
DevOps Engineer
- Automate security processes and workflows to improve efficiency in security operations.
- Ensure that deployment pipelines include security testing and validation stages.
- Collaborate with the security team to implement feedback from threat intelligence into development operations.
- Maintain infrastructure as code configurations to reflect security best practices.
Incident Response Team Member
- Quickly respond to unexpected or unusual behavior alerts in AWS accounts.
- Conduct analysis and diagnostics on potential security incidents.
- Coordinate with security analysts to investigate threats and vulnerabilities.
- Document findings and improve incident response processes based on lessons learned.
What evidence shows this is happening in your organization?
- Security Threat Landscape Report: A comprehensive report outlining current security threats, attack vectors, and emerging vulnerabilities, including a section on how these threats could impact the organization’s workloads.
- Security Incident Response Plan: A detailed plan that outlines the steps to be taken in response to security threats, including roles and responsibilities, communication strategies, and engagement with AWS Managed Services for threat detection.
- Threat Intelligence Dashboard: An interactive dashboard that aggregates threat intelligence from AWS and third-party feeds, providing real-time visibility into potential security threats and unusual behaviors in the organization’s AWS accounts.
- CVE Monitoring Checklist: A checklist that guides teams on monitoring the Common Vulnerabilities and Exposures (CVE) List to regularly identify and assess vulnerabilities relevant to the organization’s infrastructure.
- Automated Security Best Practices Playbook: A playbook that outlines best practices for automating security processes, including regular testing and validation of security controls, integrated with AWS security features and third-party tools.
Cloud Services
AWS
- Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
- AWS Security Hub: Provides a comprehensive view of your security alerts and security posture across your AWS accounts, simplifying threat management and compliance.
- AWS IAM Access Analyzer: Helps you identify resources in your organization and accounts that are shared with an external entity, mitigating exposure to security threats.
- AWS Config: Tracks AWS resource configurations and allows you to evaluate them against desired security policies, ensuring compliance.
Azure
- Azure Security Center: Provides unified security management and advanced threat protection across hybrid cloud workloads, helping to identify vulnerabilities.
- Azure Sentinel: A cloud-native SIEM that uses built-in AI and provides intelligent security analytics across your enterprise, helping to detect and respond to threats.
Google Cloud Platform
- Google Cloud Security Command Center: Provides visibility into and helps you understand your security posture by identifying vulnerabilities across your GCP resources.
- Chronicle: Security analytics powered by GCP that allows you to process and analyze security telemetry at scale, providing insights into threats.
Question: How do you securely operate your workload?
Pillar: Security (Code: SEC)