Friday, 20 June 2025

AWS Security Services – Detailed with Compliance & Summary

 

✅ 1. AWS Config

🔧 What It Does:

  • Monitors and records configuration changes of AWS resources.

  • Evaluates those configurations against managed or custom rules (e.g., “S3 buckets must be encrypted”).

  • Maintains historical state of configurations.

  • Triggers notifications or automated remediation (via Lambda or Systems Manager).

🔐 Security Role:

  • Enforces governance and compliance at the infrastructure level.

  • Detects misconfigurations, drift, and non-compliant resources.

  • Helps prove compliance with industry standards.

📊 Supported Compliance Frameworks:

  • ✅ CIS AWS Foundations Benchmark v1.2.0

  • ✅ PCI DSS v3.2.1

  • ✅ NIST SP 800-53 Rev 5

  • ✅ HIPAA Security Rule

  • ✅ GDPR, ISO 27001 (via custom rules)

🔎 Summary:

AWS Config is your continuous compliance engine, ensuring all AWS resources stay within approved security baselines and triggering remediation when they drift.

✅ 2. Amazon GuardDuty

🔧 What It Does:

  • Uses machine learning and threat intelligence to detect threats in:

    • CloudTrail logs

    • DNS queries

    • VPC Flow Logs

  • Identifies anomalies, such as credential theft, port scanning, and communication with known malicious IPs/domains.

🔐 Security Role:

  • Acts as a threat detection engine.

  • Monitors for signs of compromise or misuse.

  • Triggers alerts for SOC teams or SOAR tools to take action.

  • Real-time detection without agents.

📊 Supported Compliance Use:

While not a compliance framework tool per se, it helps satisfy:

  • ✅ PCI DSS Req. 10.6 (monitoring logs for anomalies)

  • ✅ NIST 800-53 (IR, AU controls)

  • ✅ ISO/IEC 27001 A.12.4 (logging and monitoring)

🔎 Summary:

GuardDuty is your eyes and ears for detecting threats, enabling quick identification of malicious behavior in AWS environments.

✅ 3. Amazon Inspector

🔧 What It Does:

  • Automatically scans EC2 instances, container images (ECR), and Lambda functions.

  • Detects:

    • OS and package vulnerabilities (CVEs)

    • Software misconfigurations

    • Network exposure issues

  • Assigns CVSS scores and prioritizes findings.

🔐 Security Role:

  • A key component of vulnerability management in cloud workloads.

  • Enables continuous scanning and actionable remediation insights.

  • Part of proactive risk reduction and patching strategy.

📊 Supported Compliance Frameworks:

  • ✅ PCI DSS (vulnerability scan control 11.2)

  • ✅ SOC 2

  • ✅ NIST SP 800-53 (System Security & Vulnerability Management)

  • ✅ FedRAMP

  • ✅ CIS Benchmarks (by inspecting config issues)

🔎 Summary:

Amazon Inspector provides continuous CVE scanning and vulnerability exposure visibility to help maintain a secure cloud footprint.

✅ 4. AWS Audit Manager

🔧 What It Does:

  • Automates collection of audit evidence from AWS accounts and services.

  • Maps collected data to controls from industry compliance frameworks.

  • Generates audit-ready reports for regulators and auditors.

🔐 Security Role:

  • Supports audit readiness and compliance governance.

  • Reduces manual effort and error in evidence collection.

  • Enables security engineers and compliance teams to track gaps in real time.

📊 Supported Compliance Frameworks:

  • 30+ frameworks, including:

    • PCI DSS

    • HIPAA

    • ISO 27001

    • NIST SP 800-53

    • SOC 2

    • GDPR

    • FedRAMP

    • HITRUST

    • CIS AWS Foundations

🔎 Summary:

Audit Manager helps your org stay audit-ready 24/7 by automating evidence collection across services and mapping them to standard frameworks.

✅ 5. AWS Security Hub

🔧 What It Does:

  • Aggregates and correlates findings from:

    • GuardDuty

    • Inspector

    • Config

    • Macie

    • IAM Access Analyzer

    • Third-party integrations (e.g., Palo Alto, CrowdStrike)

  • Normalizes findings and assigns severity levels.

  • Displays compliance status using standards-based dashboards.

🔐 Security Role:

  • Acts as a central console for all security and compliance findings.

  • Helps teams prioritize remediation and take action via EventBridge, Lambda, or SOAR platforms.

  • Supports multi-account visibility.

📊 Supported Compliance Frameworks:

  • ✅ CIS AWS Foundations Benchmark v1.2.0

  • ✅ PCI DSS v3.2.1

  • ✅ NIST 800-53 Rev 5

  • ✅ ISO/IEC 27001

  • ✅ AWS Foundational Security Best Practices (AFSBP)

🔎 Summary:

Security Hub is the single pane of glass for AWS security operations, combining threat detection and compliance visibility into a unified dashboard.

✅ Final Table: Summary by Service

ServiceSummary
AWS ConfigMonitors resource configurations for compliance; enforces rules and auto-remediation
Amazon GuardDutyDetects anomalies and threats using AWS logs and ML
Amazon InspectorScans workloads for CVEs and misconfigurations; enables vulnerability management
AWS Audit ManagerAutomates compliance audit evidence collection and maps to over 30 frameworks
AWS Security HubAggregates findings from AWS and third-party tools; tracks compliance status
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)