Amazon Web Services (AWS) has launched Security Incident Response, a platform aimed at helping organisations manage cybersecurity incidents more efficiently. The service seeks to address challenges in handling complex security events by automating processes, centralising communications, and providing 24/7 access to AWS’ customer incident response team (CIRT).
AWS Security Incident Response integrates with Amazon GuardDuty and third-party security tools through AWS Security Hub. This setup automates the triage and prioritisation of security findings, reducing non-critical alerts and enabling teams to focus on high-priority threats. AWS stated that automation reduces manual workloads for security teams, allowing them to focus on strategic objectives.
The service uses customer-specific data, such as known IP addresses and identity attributes, to refine alert filtering and prioritisation. Organisations can configure the service to execute containment actions automatically, expediting resolution processes while adhering to predefined policies.
According to AWS, the service’s dashboard, accessible via the AWS Management Console, aggregates incident data, communications, and actions into one interface. Organisations can use the dashboard to monitor active cases, review resolved incidents, and track metrics such as the mean time to resolution (MTTR) and the number of triaged events.
“By accessing the service through a single, centralised dashboard in the AWS Management Console, you can monitor active cases, review resolved security incident cases, and track key metrics, such as the number of triaged events and mean time to resolution, in real-time,” the Amazon subsidiary stated.
Security Incident Response also includes tools for collaboration, such as in-console messaging and video conferencing. Preconfigured workflows, including notification rules and role-based permissions, aim to streamline coordination.
Security missteps among AWS customers
Customers can escalate incidents to AWS CIRT for round-the-clock assistance. This team is equipped to manage complex scenarios, including ransomware attacks, data breaches, and account takeovers.
The Amazon subsidiary has described onboarding as straightforward, integrating seamlessly with existing tools. Organisations begin by selecting a central account to manage all active and historical security events. Customers can enable permissions for automated monitoring and categorisation of findings. The service is currently available in 12 AWS Regions, including locations in the US, Europe, Asia Pacific, and Canada.
The launch of this service follows high-profile incidents that have exposed gaps in AWS’ security posture on the customer side. In 2017, a misconfigured AWS S3 bucket led to the exposure of customer data at Verizon. In 2019, another breach at Capital One resulted in the compromise of over 100 million individuals’ personal information due to misconfigured AWS storage.
Read more: AWS launches free access to Trainium chips to boost AI research
