Amazon Web Services provides several useful security tools as a starting point for any organization. So, here is various Tools AWS Gives to help you with compliance.
Here is a list of Various Compliance tools from AWS:
- Amazon GuardDuty
- Amazon Inspector
- Amazon Detective
- Amazon Macie
- AWS Artifacts
- AWS Config
- AWS Security Hub
Now let’s get an understanding of all this.
It is a continuous security monitoring service that identifies possible malicious activity within the AWS environments. It analyses Amazon CloudTrail and AWS VPC Flow Log Data to look for issues such as the use of exposed credentials, communication from malicious URLs, IPs or domains, and escalation of privileges. Amazon GuardDuty helps the AWS customers keep their AWS environment running with less interruption to their operations and ensures organization compliance with security standards. When the Amazon GuardDuty detects unexpected and potentially damaging behavior in your AWS environment, it displays alerts in the Amazon GuardDuty Management Console.
Amazon Inspector is a service that helps automated security assessment to improve the security and compliance of applications deployed on Amazon Web Services. Amazon Inspector automatically assesses applications for deviations from the best practices. After performing an assessment, Amazon Inspector provides a detailed list of security findings by the level of security.
Amazon Inspector includes a knowledge base of various kinds of rules mapped to collective security best practices and vulnerabilities definitions. Some examples of built-in rules include checking for remote root login that is being enabled or vulnerable software versions installed.
Amazon Detective, an Amazon Web Services offering designed to help organizations analyze and visualize security data and identify security issues, is now being previewed to partners and customers. The company revealed the preview at the AWS re:invent 2019 conference in Nevada.
According to the company, Amazon Detective services start collecting log data as soon as it is enabled and provides visual summaries and analytics related to ingested data. It also offers comparisons of recent activity against historical baselines established after two weeks of account monitoring.
Amazon Macie is a fully managed security service that continuously monitors the data in the AWS environment based on the file type, content type, regular expression, etc., set by the IT administrator. It uses machine learning to classify, discover, and protect sensitive information in the AWS. It offers dashboards and alerts by which an admin knows how the data is being accessed. It can also discover and report the occurrence of various essential files like PEM key in an S3 Bucket, or a publicly accessible S3 Bucket. As of now, AWS Macie is available for S3 in a few AWS Regions.
AWS Artifact is a dashboard-type portal that offers enterprises full access to compliance and security reports, which will be implemented to the Amazon Web Services (AWS) public cloud.
AWS artifacts provide reports that can act as a proper guide to other colleagues and team members, including all developers, thus ensuring all necessary standards are being followed.
A few examples of reports Service Organization Control and Payment Card Industry Data Security Standard.
All such reports are classified by the AWS as artifacts and further grouped into two categories: confidential and public. Public Artifacts are accessible across all the AWS accounts, whereas some of the confidential artifacts that mainly require the approval of Amazon and may also require the customer or user to first sign-in as a non-disclosure agreement before receiving the report.
The admin also has the authority to decide whether to restrict or distribute the artifact’s access with the help of AWS permissions for the Identity and Access Management.
AWS Config is also a fully managed service that offers a detailed view of the resources associated with your AWS account, which include how they are being configured, how they are being related to one another, and how the different configurations and their relationships have to keep on changing over a while.
AWS Config uses the Amazon Simple Notification Service to stream configuration changes and notifications. Config uses the Amazon Simple Storage Service (S3) to stir configuration items; they are delivered in a configuration stream. Permissions to the AWS Config service is managed via AWS IAM. All AWS Config API calls are logged with the help of a CloudTRail.
At the time of setting up AWS Config, you can configure settings such as turning on/off Config recording, which AWS resources are data retention, recorded, S3 bucket, IAM Role, SNS Topic, and S3 Bucket.
AWS Security Hub
AWS Security Hub is a one-stop shop for users to monitor and manage security alerts and compliance information coming from a wide range of cloud services, has graduated from preview status, becoming generally available. AWS revealed the tool in December 2019, in the wake of a bevy of security breaches affecting customers who did not configure their Amazon S3 storage buckets correctly. While not the fault of the Amazon Web Services platform, the company has stepped up its security initiatives, previously adding controls to block out public access to S3 storage buckets.
How can Cloudanix help?
Cloudanix is your Ops Dashboard which cuts across all these tools and several others and gives you a single swiss-knife for your Ops needs. Use the free trial and check it out for yourself.