Keep up-to-date with security threats

PostedNovember 27, 2024

UpdatedMarch 21, 2025

ByKevin McCaffrey

Maintaining awareness of the latest security threats is essential for defining and refining your security controls. By understanding current attack vectors, organizations can proactively implement necessary measures to safeguard their workloads, ensuring a resilient security posture.

Best Practices

Stay Informed on Security Threats

Regularly review reputable cybersecurity news sources, and subscribe to threat intelligence feeds to keep informed about emerging threats and vulnerabilities.
Utilize the AWS Security Bulletins and the AWS Security Blog to understand the latest updates and best practices relevant to your AWS services.
Implement a threat intelligence platform to aggregate data from multiple sources, including AWS Managed Services and third-party feeds, to have a comprehensive view of potential security threats.
Develop a routine for reviewing the Common Vulnerabilities and Exposures (CVE) List to identify applicable vulnerabilities affecting your workloads.
Engage with AWS security partners and consider using third-party tools that provide advanced threat detection and security analytics.
Automate the monitoring of logs and alerts for unusual or unexpected behavior using AWS services like AWS CloudTrail and Amazon GuardDuty, ensuring a swift response to potential security incidents.

Questions to ask your team

How frequently do you review and update your security threat intelligence sources?
Are you leveraging AWS Managed Services for real-time alerts on security incidents?
Do you have a process for integrating third-party threat information feeds into your security operations?
How do you ensure your team is aware of the latest Common Vulnerabilities and Exposures (CVE) List updates?
What mechanisms do you have in place for threat modeling and updating your security controls based on new vulnerabilities?
Do you run regular security assessments to identify potential attack vectors?
Is there a dedicated team responsible for monitoring and responding to security threats?
How do you evaluate the effectiveness of your current security measures against the latest threat landscape?

Who should be doing this?

Security Analyst

Monitor and analyze security alerts and notifications from AWS and third-party tools.
Stay informed about the latest security threats and vulnerabilities through reputable sources.
Conduct regular reviews of the Common Vulnerabilities and Exposures (CVE) List to identify relevant risks.
Collaborate with development and operations teams to ensure appropriate security controls are implemented.

Cloud Security Architect

Develop and maintain a security framework aligned with AWS best practices and threat intelligence.
Implement and optimize AWS Managed Services to enhance security monitoring.
Design architecture and controls to mitigate identified attack vectors effectively.
Advise teams on integrating third-party threat information feeds into existing security processes.

DevOps Engineer

Automate security processes and workflows to improve efficiency in security operations.
Ensure that deployment pipelines include security testing and validation stages.
Collaborate with the security team to implement feedback from threat intelligence into development operations.
Maintain infrastructure as code configurations to reflect security best practices.

Incident Response Team Member

Quickly respond to unexpected or unusual behavior alerts in AWS accounts.
Conduct analysis and diagnostics on potential security incidents.
Coordinate with security analysts to investigate threats and vulnerabilities.
Document findings and improve incident response processes based on lessons learned.

What evidence shows this is happening in your organization?

Security Threat Landscape Report: A comprehensive report outlining current security threats, attack vectors, and emerging vulnerabilities, including a section on how these threats could impact the organization’s workloads.
Security Incident Response Plan: A detailed plan that outlines the steps to be taken in response to security threats, including roles and responsibilities, communication strategies, and engagement with AWS Managed Services for threat detection.
Threat Intelligence Dashboard: An interactive dashboard that aggregates threat intelligence from AWS and third-party feeds, providing real-time visibility into potential security threats and unusual behaviors in the organization’s AWS accounts.
CVE Monitoring Checklist: A checklist that guides teams on monitoring the Common Vulnerabilities and Exposures (CVE) List to regularly identify and assess vulnerabilities relevant to the organization’s infrastructure.
Automated Security Best Practices Playbook: A playbook that outlines best practices for automating security processes, including regular testing and validation of security controls, integrated with AWS security features and third-party tools.

Cloud Services

AWS

Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
AWS Security Hub: Provides a comprehensive view of your security alerts and security posture across your AWS accounts, simplifying threat management and compliance.
AWS IAM Access Analyzer: Helps you identify resources in your organization and accounts that are shared with an external entity, mitigating exposure to security threats.
AWS Config: Tracks AWS resource configurations and allows you to evaluate them against desired security policies, ensuring compliance.

Azure

Azure Security Center: Provides unified security management and advanced threat protection across hybrid cloud workloads, helping to identify vulnerabilities.
Azure Sentinel: A cloud-native SIEM that uses built-in AI and provides intelligent security analytics across your enterprise, helping to detect and respond to threats.

Google Cloud Platform

Google Cloud Security Command Center: Provides visibility into and helps you understand your security posture by identifying vulnerabilities across your GCP resources.
Chronicle: Security analytics powered by GCP that allows you to process and analyze security telemetry at scale, providing insights into threats.

Question: How do you securely operate your workload?
Pillar: Security (Code: SEC)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals