In this blog post, we’ll show you how to use AWS Network Firewall to automatically respond to potential security events within your Amazon Web Services (AWS) environment that are detected by Amazon GuardDuty. The goal is to rapidly contain the impact of security events, while providing additional time for follow-up investigation.
By coding the response steps using services like AWS Lambda and AWS Step Functions, your response time can be reduced down to minutes or even seconds....
In this blog we will cover how to build an ML powered bird classification solution using a DeepLens, the Caltech CUB-200-2011 dataset and the ResNet 18 neural network architecture. The solution includes automatic image uploads to a Hugo Easy Gallery on S3. The project is still a bit in the scrappy MVP state but read on for the high level build flow. Check out the Bird Brain Gallery on my Hugo site....
When you deliver web content through a CDN such as CloudFront, a best practice is to prevent viewer requests from bypassing the CDN and accessing your origin content directly. In this blog post, you’ll see how to use CloudFront custom headers, AWS WAF, and AWS Secrets Manager to restrict viewer requests from accessing your CloudFront origin resources directly. read more...
In this blog post, you’ll learn to implement automated security response mechanisms within your AWS environments. This post will include common patterns, implementation considerations, and an example solution. Security response automation is a broad topic that spans many areas. The goal of this blog post is to introduce you to core concepts and help you get started. read more...
In this blog post, we’ll show you how to use Amazon GuardDuty to automatically update the AWS Web Application Firewall to automatically block suspicious hosts Web Access Control Lists (WebACLs) and VPC Network Access Control Lists (NACLs) in response to GuardDuty findings. After GuardDuty detects a suspicious activity, the solution updates these resources to block communication from the suspicious host while you perform additional investigation and remediation. Once communication has been blocked, further occurrences of a finding are reduced, allowing security and operations teams to focus more on higher priority tasks....