web analytics

AWS Launches New Incident Response Service – Source: www.darkreading.com

Rate this post

Source: www.darkreading.com – Author: Dark Reading Staff

a person in a suit looking at a screen of indicators and icons showing threats and networks

Source: Leo Wolfert via Adobe Stock Photo

Amazon Web Services launched a new incident response service that helps security teams respond to threats faster and reduce the time it takes for organizations to recover from attacks.

AWS Security Incident Response, unveiled ahead of the company’s re:Invent 2024 conference in Las Vegas this week, relies on machine learning to automatically triage and analyze security signals from Amazon GuardDuty and other supported third-party threat detection tools available through the AWS Security Hub cloud security posture management service.

To simplify incident response, the new service will help security teams investigate incidents, coordinate responses across multiple stakeholders, manage permissions across environments, and document actions taken and decisions made. The automated triage feature filters security alerts based on customer-specific information to identify incidents that require immediate attention.

“Security teams often face an overwhelming number of daily alerts, leading to potential misplaced priorities of resources and reduced effectiveness,” Betty Zheng, senior developer advocate at AWS, wrote in a blog post announcing AWS Security Incident Response. “Manual investigation of findings strains resources and may cause customers to overlook critical security alerts.”

The service offers preconfigured notification rules and permission settings. It can also be configured to execute containment actions, leading to faster incident response times and potentially reduced impact of security incidents, AWS’s Zheng wrote. The service will create security cases for alerts that cannot be automatically resolved. For high-priority threats, the service connects to the AWS Customer Incident Response Team (CIRT), which provides support 24 hours a day, seven days a week.

The service provides self-service investigation tools as well as capabilities such as secure data transfer (to share logs and other forensics data), messaging and video conference scheduling (to communicate with key stakeholders and investigators), and automated case history tracking and reporting. Security teams can either handle incidents independently or to collaborate with third-party security vendors, based on their needs and requirements.

Security teams can monitor, measure, and improve their incident response performance over time via a service dashboard displaying metrics such as mean-time-to-resolution (MTTR), number of cases addressed within a specific time period, number of triaged findings, and others.

AWS Security Incident Response is now available in 12 AWS Regions globally: US East (N. Virginia, Ohio), US West (Oregon), Asia Pacific (Seoul, Singapore, Sydney, Tokyo), Canada (Central), and Europe (Frankfurt, Ireland, London, Stockholm). Interested organizations can enable it via the AWS management console and service-specific APIs. For the service to be able to monitor and analyze security alerts, administrators need to enable the proactive response feature to create service-level permissions. Once done, the alerts are automatically sorted and remediated using service automation and customer-specific data, including common IP addresses, AWS Identity and Access Management (IAM) principals, and other relevant attributes. 

“To experience the full service, we recommend activating Amazon GuardDuty and AWS Security Hub as well,” AWS said in its post.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Original Post URL: https://www.darkreading.com/threat-intelligence/aws-launches-new-incident-response-service

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post