Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Taking a Look at AWS and Cloud Security Monitoring
  • Data Breach
  • Vulnerabilities

Taking a Look at AWS and Cloud Security Monitoring

5 years ago Tripwire Guest Authors
Taking a Look at AWS and Cloud Security Monitoring

More and more companies understand the benefits of cloud computing, which is making their migration to the cloud more rapid. Per IDG’s 2020 Cloud Computing Study, 81% of organizations said that they’ve migrated either one application or a portion of their infrastructure to the cloud. The reasons why a company would shift its services towards the cloud depend on its business priorities, of course. General reasons for migrating include 1) cost-savings, 2) reliability, 3) scalability, and 4) flexibility.

Even so, it’s important that organizations implement the necessary security controls to once they’ve migrated to the cloud. This whitepaper puts particular focus on cloud-native security controls offered by Amazon Web Services (AWS), one of the most common public cloud infrastructure providers used by organizations today. The controls in Network Security and Endpoint as well as Services Security can help security engineers to protect the AWS infrastructure and ensure that they function effectively.

Let’s break them down below.

AWS Organization and VPC

AWS architecture provides maximum accessibility to services within the same geographical area and helps organizations have a higher uptime. Geographical areas called regions are where physical data centers are located. Within a region, there can be several Availability Zones (AZ) hosting multiple isolated data centers. So, a company can have multiple accounts for different projects/environments and for accessing AWS services across different AWS regions. In the end, accounts can be managed separately or controlled and monitored under AWS Organizations.  

Amazon VPC, a virtual data center located on the cloud, is the foundation of AWS environments. Organizations can build virtual networks within, launch different infrastructure resources from a VPC, and achieve high availability by placing various servers in multiple AZs and having multiple subnets of a VPC. Each subnet, in turn, routes traffic between the subnet and other VPC networking components. Other VPC networking components include Security Groups (SG) and Network Access Control List (NACL), Internet Gateways and NAT Gateways, Route Tables and VPNs, as well as direct connect and VPC endpoints.

To capture and troubleshoot traffic flows, security groups, and NACLs rules, VPC Flow logs are used. They can be created for specific networks, subnets, or a VPC, and they can be configured to capture different types of traffic on various AWS services. However, they cannot be used for traffic inspection since they don’t capture traffic instantaneously. Instead, VPC Traffic Mirroring can capture almost-real-time traffic and send a copy of the output to out-of-band security appliances.

The Reachability Analyzer, a new feature in the VPC, examines network communication pathways between resources by showing either all hops in the path from source to destination for reachable destinations or configurations blocking communication for unreachable destinations. Unlike ping, which uses packets, Amazon VPC builds a model of the network configuration and then assesses that configuration.

By using technical controls such as Network Security, Endpoint and Services Security, and Monitoring and Automation, the infrastructure can be sufficiently protected.  

Deploying Security Controls

Using AWS native services such as AWS Network Firewalls, AWS Web Application Firewalls (WAF), AWS Shield, or 3rd-party software available in AWS Marketplace, security engineers can organize various security controls. Here’s some context on how these services can help:

AWS Network Firewall provides network protection for Amazon VPCs by inspecting traffic flow for matches against a database of known threat signatures and anomalies.

WAF provides Layer 7 protection for AWS services against common web application exploits, and WAF rules can be either built from scratch or pre-configured.

AWS Shield provides Standard and Advanced protection against DDoS incidents, with the Advanced protection offering additional benefits such as 24/7 accessibility to the AWS DDoS Response Team and cost protection against spikes.

To control all these different security rules and policies, AWS Firewall Manager can be extended to numerous AWS accounts under the same AWS organizations. It can also be used to eliminate unused and redundant security groups.

Securing and Monitoring Endpoints

Security and monitoring of the different types of endpoints is essential, and several AWS services are available to help organizations do this. For instance, Amazon CloudWatch monitors real time traffic, collects logs for different AWS services and applications, as well as collects performance metrics among many other operations. It integrates well with other security monitoring tools such as AWS CloudTrail, an auditing service which records all account activities and events history, tracks changes, and proves non-repudiation. It then publishes the logs to Amazon CloudWatch.

Easily managing the various company assets located in the cloud can be done using AWS System Manager. It provides services that are suited for different purposes in system management, monitoring, and automation such as AWS System Manager Inventory, AWS System Manager Distributor, AWS System Manager Patch Manager, AWS System Sessions Manager, and AWS System Automation.

Continuous Monitoring

To ensure a company’s assets in the cloud remain safe from attacks and run as they should, continuous monitoring tools are used to detect and respond to threats as well as to constantly evaluate resources.

As an example, Amazon Inspector is used to find vulnerabilities and security misconfigurations by using pre-defined assessment templates. Each assessment template contains rules packages that instruct Amazon Inspector on how the assessment target should be evaluated. There are four rules packages: 1) Network reachability, 2) Common vulnerability and exposures (CVEs), 3) Center for Internet Security (CIS) benchmarks, and 4) Security best practices.

While Amazon Inspector finds the vulnerabilities, Amazon GuardDuty detects various types of threats and unauthorized behaviors. Once a threat has been detected, Amazon Detective can help a security engineer with incident investigation and threat hunting.

Ensuring that OSes, applications, and database are compliant is the job of services such as AWS Config and AWS Audit Manager. AWS Config ensures that technical controls that meet compliance requirements are in place, while AWS Audit Manager collects the evidence to show that these technical controls are implemented. 

Viewing all the security controls from different services and AWS accounts within a company from a centralized console can be achieved with either AWS Security Hub or AWS -ELK (Elasticsearch, Logstash and Kibana), which is offered as a SaaS.

Automating Services

Many AWS services have automation built-in to continuously run assessments, collect information, and combine results. Scripts can be run to complete a specific task using services like System Manager Run Command and System Manager Automation.

Both AWS CloudTrail and CloudWatch Events allow for full automation, i.e., finding the event, sending an alarm, and then triggering a remediation action. CloudWatch integrates with almost every AWS service, and an event will trigger a CloudWatch Event that is captured by CloudTrail and invokes an action based on the event patterns.

Conclusion

The various AWS native managed security services outlined in this review can help organizations decide how they best fit into their security landscape. Implementing these services can help organizations reduce operations complexities and workloads, better discern the environment’s security standing, and eliminate costs by removing unnecessary duplicate 3rd-party controls.

Not all organizations can implement those measures on their own, however. That’s because many don’t have just AWS environments to worry about. In July 2021, for instance, 73% of security professionals told Dimensional Research in a recent survey that their employers have a multi-cloud strategy. This figure doesn’t even consider the number of organizations that need to secure hybrid-cloud environments.

Fortunately, Tripwire’s cybersecurity solutions help organizations to achieve complete visibility of their entire infrastructure including single AWS deployments, multi-cloud environments, and hybrid-cloud arrangements. Those tools then help security teams to monitor their connected assets’ configurations and manage any known vulnerabilities.

Learn more about Tripwire’s cloud cybersecurity solutions here.

About the Author: With a passion for cybersecurity education and awareness, Liselle Henry is currently a 2nd-year Cybersecurity student at Fanshawe College Ontario who enjoys researching and writing about current cybersecurity issues and technologies along with their impact in various industries.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Taking a Look at AWS and Cloud Security Monitoring” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Encryption, High Severity, TripWire

Continue Reading

Previous NSA Warns Public Networks are Hacker Hotbeds
Next Tripwire Patch Priority Index for July 2021

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

2 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
  • The Buyer’s Guide to AI Usage Control
  • Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
  • Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT