In order for your organization to be prepared before a security event occurs, there are unique security visibility, and automation controls that AWS provides. Incident response does not only have to be reactive. With the cloud, your ability to proactively detect, react, and recover can be easier, faster, cheaper, and more effective.
What is an incident?
An incident is an unplanned interruption to an IT service or reduction in the quality of an IT service. Through tools such as AWS CloudTrail, Amazon CloudWatch, AWS Config, and AWS Config Rules, we track, monitor, analyze, and audit events. If these tools identify an event, which is analyzed and qualified as an incident, that “qualifying event” will raise an incident and trigger the incident management process and any appropriate response actions necessary to mitigate the incident.
Setup your AWS environment to prevent a security event
We will walk you through a hypothetical incident response (IR) managed on AWS with the Johns Hopkins University Applied Physics Laboratory (APL).
APL’s scientists, engineers, and analysts serve as trusted advisors and technical experts to the government, ensuring the reliability of complex technologies that safeguard our nation’s security and advance the frontiers of space. APL’s mission requires reliable and elastic infrastructure with agility, while maintaining security, governance, and compliance. APL’s IT cloud team works closely with APL mission areas to provide cloud computing services and infrastructure, and they create the structure for security and incident response monitoring.
Whether it is an IR-4 “Incident Handling” or IR-9 “Information Spillage Response,” the below incident response approach from APL applies to all types of IR.
Watch the Incident Response in the Cloud session from the AWS Public Sector Summit in Washington, DC here for a more detailed discussion with Conrad Fernandes, Cloud Cyber Security Lead, Johns Hopkins University Applied Physics Lab (JHU APL).