• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   AWS   »   Cloud Security: You can’t protect what you can’t see

Cloud Security: You can’t protect what you can’t see

  • Posted on:September 4, 2015
  • Posted in:AWS, Cloud, Cloud Security, Security
  • Posted by:
    Justin Foster
0

Last time we discussed how the shared responsibility model works to enhance your overall security. Using the shared responsibility model, your workloads can be more secure in the cloud than the data center, a concept further confirmed by the new IDC paper from Amazon Web Services this week.

Once you narrow down to the aspects of your responsibility, this is where visibility becomes very important.

First there is visibility ‘outside’ of your workloads. AWS CloudTrail, for instance, allows you to record all accesses to the AWS APIs. Activities like new instances being created, or virtual network configurations being changed. This gives you an important record of change that can be used for auditing, change control and diagnosing unintended misconfigurations.

AWS also provides AWS CloudWatch, an excellent service to monitor your overall system health. By setting alarms with thresholds, you can detect abnormal network activity, outages, or indicators of attacks like DDoS. Periods of intense usage may indicate heavy user demand or it could be in indicator of an attack under way. CloudWatch also allows you to set alarms to monitor for conditions out of the norm.

To achieve the next level of visibility you need to put a microscope on your instances with host-based security controls like Deep Security. Monitoring OS, application, and security logs can provide a lot of value in detecting man-in-the-middle SSL attacks, spoofing, scanning, intrusion attempts and other threats.

File Integrity Monitoring (FIM) can add further value by detecting unauthorized changes on your systems such as alteration of critical system files, or changes to your application as these may be symptoms of intrusions or unplanned activity. In many cases your applications are reading and writing data from S3, Glacier, RDS or other sources and the contents of the EBS volume should not change at all. Employing FIM allows you to detect any alteration to that secure AMI you so carefully built!

And finally all of your relevant AWS events are extracted and centralized to a tool for review. This ensures that you get a broad perspective of all of your resources which could help you troubleshoot problems across different regions and availability zones.

At the end of the day, it is important for a human to be involved in the ongoing monitoring of your workload security. Hardened preventative security has value, but to really elevate your game you need to keep an eye on the ball.

Interested in learning other best practices for securing AWS workloads? Read the Gartner paper, on best practices for securing AWS workloads.

If you have questions or comments, please post them below or follow me on Twitter: @justin_foster.

Related posts:

  1. Cloud Security: Secure from Development to Deployment
  2. Security in the cloud is a shared responsibility
  3. Cloud Security: Responsibility is best when it is shared
  4. Protect Your Net: How the Cloud is Changing Your Security Game

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.