Amazon Web Services (AWS) is one of the leading cloud providers alongside Microsoft Azure and Google Cloud. Cloud Computing is extremely convenient and usually cheaper than hosting your own IT infrastructure. However, it comes with its unique challenges when it comes to cybersecurity. When you are using someone else’s platform, you may not be able to implement security solutions and monitor them as easily as you would like. Also, you have limited control over the physical security of the servers your cloud infrastructure is on. To assist with this AWS has created several solutions that help their clients with securing their cloud infrastructure. This article is going to go over some of the best ways to secure your AWS cloud infrastructure:
Security groups are a mandatory part of AWS, every time you create an EC2 instance it will automatically be assigned to a security group. Simply put a security group is a label, and every machine that has this label is subject to the rules of the security group. These rules will restrict traffic to and from that machine based on IP address, protocol, and destination port. It has an implicit deny, which means anything that is not explicitly allowed will be blocked. Security groups are one of the easiest ways to secure groups of machines.
Network Access Control List (NACL)
An NACL functions similar to a security group but rather than being applied to individual machines it’s applied at the VPC level. They allow you to further filter out traffic and don't need to be assigned to individual machines.
This is Amazon’s vulnerability assessment tool. You can use it to scan instances in your environment and get full vulnerability assessments on them. It can be set up to automatically assess applications for exposure, vulnerabilities, and deviations from best practices.
AWS Config is a configuration management/compliance tool. It allows you to assess, audit, and evaluate the configuration of your AWS resources. It simplifies the process of compliance auditing, security analysis, change management, and operational troubleshooting.
This is a threat detection service that monitors for malicious activity and unauthorized activity on your AWS accounts, workloads, and data stored on Amazon S3 buckets. It uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.
CloudWatch, AWS Lambda and SNS
These three tools come together to allow for automated detection, remediation and notification of security events in AWS. CloudWatch is a monitoring service that collects data in the form of computer logs, metrics and events. AWS lambda is a serverless computer service that allows you to run code without needing to provision servers. SNS is Amazon’s simple notification service, allowing you to notify people via text, email or phone calls. Together they allow you the ability to detect security incidents via CloudWatch, execute a command in response via lambda and send out notifications to the correct personnel via SNS. An example of this service is shown below:
Source @ amazon
These tools together provide a lot of coverage for your network. However, many people find them difficult to use or get set up. If that’s the case for your business, you can contact one of our consultants here to assist with securing your cloud infrastructure.
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on our social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.