In this blog post, we’ll show you how to use AWS Network Firewall to automatically respond to potential security events within your Amazon Web Services (AWS) environment that are detected by Amazon GuardDuty. The goal is to rapidly contain the impact of security events, while providing additional time for follow-up investigation.
By coding the response steps using services like AWS Lambda and AWS Step Functions, your response time can be reduced down to minutes or even seconds....
When you deliver web content through a CDN such as CloudFront, a best practice is to prevent viewer requests from bypassing the CDN and accessing your origin content directly. In this blog post, you’ll see how to use CloudFront custom headers, AWS WAF, and AWS Secrets Manager to restrict viewer requests from accessing your CloudFront origin resources directly. read more...
In this blog post, you’ll learn to implement automated security response mechanisms within your AWS environments. This post will include common patterns, implementation considerations, and an example solution. Security response automation is a broad topic that spans many areas. The goal of this blog post is to introduce you to core concepts and help you get started. read more...
Your mission in this workshop is to use AWS WAF, Amazon Inspector, and Systems Manager to build an effective set of controls around your AWS workloads. Learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and cross-site scripting. Additionally, learn how to use Amazon Inspector and Systems Manager to automate security assessments and operational tasks such as patching and configuration management across your Amazon EC2 fleet....
In this blog post, we’ll show you how to use Amazon GuardDuty to automatically update the AWS Web Application Firewall to automatically block suspicious hosts Web Access Control Lists (WebACLs) and VPC Network Access Control Lists (NACLs) in response to GuardDuty findings. After GuardDuty detects a suspicious activity, the solution updates these resources to block communication from the suspicious host while you perform additional investigation and remediation. Once communication has been blocked, further occurrences of a finding are reduced, allowing security and operations teams to focus more on higher priority tasks....