AmazonNews/PR

Amazon launches AWS Security Incident Response service to tackle cyber threats

2 Mins read
AWS Security Incident Response

Amazon Web Services (AWS) has unveiled a new service, AWS Security Incident Response, designed to help organizations swiftly and effectively manage security events. This service aims to bolster preparedness, response, and recovery from various security incidents, including account breaches, data theft, and ransomware attacks.

The AWS Security Incident Response service leverages automation to triage and investigate security alerts identified by Amazon GuardDuty and other integrated third-party threat detection tools through AWS Security Hub. By automating these processes, the service enhances efficiency and ensures critical threats are prioritized.

Additionally, it provides 24/7 access to AWS Customer Incident Response Team (CIRT) experts, offering hands-on support during security events. The service covers all phases of incident management, including preparation, detection, analysis, and recovery.

Addressing complex security challenges

As cyber threats grow in complexity, security teams face an increasing volume of alerts that can overwhelm resources and lead to missed priorities. AWS Security Incident Response mitigates these challenges through three key capabilities:

  • Automated Triage and Prioritization: The service identifies high-priority incidents requiring immediate attention by filtering and suppressing findings based on expected behavior. This ensures teams can focus on the most critical threats.
  • Simplified Coordination and Notification: Preconfigured notification rules and permissions enable seamless communication with internal and external stakeholders, including third-party security providers. The service offers a centralized console featuring messaging, secure data transfer, video conferencing, and automated case history tracking.
  • Self-Service Tools and Expert Support: Customers gain access to investigation tools and 24/7 assistance from AWS CIRT. The flexibility to handle incidents independently or collaborate with third-party vendors allows organizations to tailor incident responses to their unique requirements.

The service also includes a dashboard with metrics to monitor and improve incident response performance. Key indicators, such as mean time to resolution (MTTR) and the number of active and closed cases, are readily available, enabling security leaders to measure progress and optimize processes.

Getting started with AWS Security Incident Response

The onboarding process for Security Incident Response is simple and integrates with AWS Organizations to provide enhanced security across all accounts. It starts by selecting a central account to manage and analyze active and historical security events.

Proactive incident response features can be enabled to monitor and investigate findings from GuardDuty or third-party tools through Security Hub. The service automatically sorts and remediates findings using customer-specific data, such as IP addresses and IAM principals. For unresolved findings, it creates a security case and alerts relevant stakeholders.

Additionally, specific IAM roles can be configured to execute containment actions, enabling quicker response times and reducing the impact of security events on resources.

Global availability

AWS Security Incident Response is now available in 12 AWS regions, including North America (N. Virginia, Ohio, Oregon), Asia Pacific (Seoul, Singapore, Sydney, Tokyo), Canada (Central), and Europe (Frankfurt, Ireland, London, Stockholm).

Organizations worldwide can now leverage this comprehensive solution to enhance their security postures and address evolving cyber threats.

Read next: AWS vs Azure vs Google Cloud vs Akamai – Choosing the right cloud platform for your business

Leave a Reply

Your email address will not be published. Required fields are marked *

8 × 1 =