Dec. 2 (Portaltic/EP) –
amazon has presented its new service Security Incident Responsea solution designed for help organizations and companies manage cybersecurity incidents, offering tools that work together and automated to prevent, respond to, and recover from cyberattacks such as account takeovers, data breaches, and ransomware.
In a scenario where malicious attacks are becoming more frequent, organizations’ security teams are often “facing an overwhelming number of daily alerts.” Taking this into account, Amazon has pointed out that a Manual investigation of security incidents leads to lower effectivenesssince it “overloads resources and can cause ignore critical security alerts.
In this sense, the cloud services company Amazon Web Services (AWS) aims to offer companies a “more comprehensive” support across all phases of the security incident response cyclefrom preparation, to attack detection, analysis and recovery.
To do this, Amazon has presented its new service AWS Security Incident Responsewhich is designed to help organizations face various security events, from the account theft, to data breaches or ransomware attacks.
As the technology company has detailed in a statement on their websitewith Security Incident Response organizations will have assistance against cyber attacks the 24 hours a day, 7 days a weekwith the possibility of accessing security experts from the AWS Customer Incident Response Team (CIRT).
Likewise, Amazon has stressed that this service has some main capabilities. On the one hand, helps identify “high priority” incidents that require more immediate attentionthrough automatic classification of security system findings Amazon Guard Duty and supported third-party tools through AWS Security Hub.
In this case, the automation and customer informationfor example, the common IP addresses of the service, to, based on this, filter and suppress security findings. This helps teams “focus on critical security alerts.”
However, if the findings cannot be resolved automatically, the service will create an isolated security case and notify interested parties within the organization.
On the other hand, it also has the ability to simplify incident response, by offering “pre-configured notification rules” and permission settings that can even be extended to third-party security providers. That is, as explained, companies can access a centralized interface in which they have messaging functions, secure data transfer and video conference schedulingall through the service API or the AWS management console.
Finally, in addition to the 24-hour support service, it also allows companies handle your incidents independently or interact with external third-party security providers.
However, the company has stressed that organizations will achieve better containment capabilities against security incidents, by achieving faster response times and “potentially” minimize the impact of security events in accounts and resources.
In addition to all this, Amazon has indicated that customers will be able to use a services control panel, in which they will have information and metrics that will help them measure, monitor and “improve performance” of their response to security incidents.
For example, metrics such as average resolution time (MTTR), the number of active cases and closed that have been identified in a specific period of time or the amount of classified security findings. This allows you to easily monitor cyber threats, without the need to create reports.
The technology company has also detailed that AWS Security Incident Response is integrate with AWS Organizationsso it can offer comprehensive security coverage for all accounts in an organization. To access this service, simply select a central account for the organization in question and enable the new security service. AWS Security Incident Response is currently available in select regions in the United States, Asia, Canada, and Europe, including Ireland, London and Stockholm.
Add Comment