AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment. The whitepaper reviews how to prepare your organization for detecting and responding to security incidents, explores the controls and capabilities at your disposal, provides topical examples, and outlines remediation methods that leverage automation to improve response speed.
All AWS users within an organization should have a basic understanding of security incident response processes, and security staff must deeply understand how to react to security issues. While education and preparation are key components to this, we encourage customers to practice these skills through simulations in order to iterate and improve their processes. The foundation of a successful incident response program in the cloud is to educate, prepare, simulate, and iterate:
- Educate your security operations and incident response staff about cloud technologies and how your organization intends to use them.
- Prepare your incident response team to detect and respond to incidents in the cloud by enabling detective capabilities and by ensuring appropriate access to the necessary tools and cloud services. Additionally, prepare the necessary runbooks, both manual and automated, to ensure reliable and consistent responses. Work with other teams to establish expected baseline operations, and use that knowledge to identify deviations from normal operations.
- Simulate both expected and unexpected security events within your cloud environment to understand the effectiveness of your preparation.
- Iterate on the outcome of your simulation to increase the scale of your response posture, reduce delays, and further reduce risk.
The whitepaper dives deep into each of these considerations, helping you prepare or improve your security response capabilities during your journey to the cloud. If you’d like additional information about cloud security at AWS, please contact us.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.