Monitoring to Enhance Security

  1. Home
  2. Monitoring to Enhance Security

AWS CloudTrail

In order to help with our after-the-fact investigations and near-real-time intrusion detection, AWS CloudTrail offers a log of all requests for AWS resources in the account such as what service are accessed, what action are performed, and who made the request can be seen for each event.  AWS CloudTrail captures information about every API call to every AWS resource we use, such as sign-in events. After we have enabled AWS CloudTrail, event logs are delivered after every five minutes.

Amazon Virtual Private Cloud (Amazon VPC) Flow Logs

Amazon VPC Flow Logs is a defined feature which enables us to capture information about the IP traffic going to and from network interfaces in the Amazon VPC. Using Amazon CloudWatch Logs flow log data is stored. Once we have created a flow log, we can view and retrieve its data in Amazon CloudWatch Logs. Additionally, Elastic Load Balancing and elastic network interfaces offers access logs which capture detailed information about requests or connections sent to the load balancer.

Amazon CloudWatch

Amazon CloudWatch offers a means of monitoring the use of AWS resources. There are standard metrics offered by AWS for a variety of AWS resources. Amazon users can also create their own custom metrics with the help of agents that have been installed to feed data to Amazon CloudWatch for monitoring. Now the Amazon CloudWatch Alarms are primarily built to report out-of-bound conditions discovered in log files. Such that the Amazon CloudWatch Alarms are triggered depending on thresholds that have been specified in the alarm. The alarm can be configured to send notifications and perform an action.

AWS Config

AWS Config records configuration changes to an AWS account. AWS Config can be used to retrieve an inventory of AWS resources in an AWS account at a particular time. AWS Config can be used to identify new and deleted resources. AWS Config can issue notifications when resource configurations change. AWS Config use cases include the following –

  • Resource discovery
  • Troubleshooting
  • Change management
  • Audit compliance
  • Security analysis

AWS Config Rules allow rules to be set up to check configuration changes recorded by AWS Config. There are prebuilt rules provided by AWS.

Amazon Inspector

An automated security assessment service is Amazon Inspector that assists in improving the security and compliance of applications deployed on AWS. To check for vulnerabilities or any type of deviations from best practices Amazon Inspector automatically assesses applications. Thereby after performing an assessment, a detailed list of security findings prioritized by level of severity is produced by the Amazon Inspector.

AWS Certificate Manager

AWS Certificate Manager can be defined as a service which provides provision, manage, and deploy SSL/ TLS certificates for use with AWS Cloud services. In order to secure network communications and establish the identity of websites SSL/TLS certificates are used over the internet.

AWS Web Application Firewall (AWS WAF)

AWS Web Application Firewall (AWS WAF) is defined as a web application firewall that assist in protecting web applications from attacks by allowing to configure rules that allow, block, or monitor (count) web requests based on conditions that define. Some of the conditions include IP addresses, HTTP headers, HTTP body, Uniform Resource Identifier (URI) strings, SQL injection, and cross-site scripting.

AWS Trusted Advisor

AWS Trusted Advisor customer support service helps to monitors cloud performance and resiliency, as well as cloud security. Our AWS environment is inspected by the AWS Trusted Advisor and makes recommendations when opportunities may exist to save money, improve system performance, or close security gaps.

Menu