Nytro Posted March 20, 2022 Report Share Posted March 20, 2022 Recently, Amazon Web Services (AWS) cloud environment has reached more than 200 services, which presents both possibilities of business expansion and new concerns, such as an uncontrolled cloud environment, known as cloud sprawl. The more difficult it is to defend a network, the more likely it is that security incidents will occur. Moreover, the current security tools are either expensive or require large amounts of configuration. This research aims to find an automated IR solution that requires minimal configuration and can be used in any AWS environment. The solution is mapped against the first two steps of the NIST IR Life Cycle, namely Preparation and Detection & Analysis. It analyses the feasibility of two potential tools using Python, Lambda and AWS CLI, in a test environment with the ten most common services. Furthermore, AWS services for security logging and alerting are investigated, both premium and non-premium, with the goal to see what data can be extracted from them. The results indicate that the non-premium environment offers extensive data, while the premium ones provide alerts and additional logs that can easily pinpoint malicious activity. Based on the given performance, AWS CLI was considered to be the best alternative. Unlike AWS Lambda, it has no constraints (such as execution times and memory limits) and adds minimal overhead to the environment. Quote Link to comment Share on other sites More sharing options...
