Amazon Web Services (AWS) has launched Security Incident Response, a platform aimed at helping organisations manage cybersecurity incidents more efficiently. The service seeks to address challenges in handling complex security events by automating processes, centralising communications, and providing 24/7 access to AWS’ customer incident response team (CIRT).
AWS Security Incident Response integrates with Amazon GuardDuty and third-party security tools through AWS Security Hub. This setup automates the triage and prioritisation of security findings, reducing non-critical alerts and enabling teams to focus on high-priority threats. AWS stated that automation reduces manual workloads for security teams, allowing them to focus on strategic objectives.
The service uses customer-specific data, such as known IP addresses and identity attributes, to refine alert filtering and prioritisation. Organisations can configure the service to execute containment actions automatically, expediting resolution processes while adhering to predefined policies.
According to AWS, the service’s dashboard, accessible via the AWS Management Console, aggregates incident data, communications, and actions into one interface. Organisations can use the dashboard to monitor active cases, review resolved incidents, and track metrics such as the mean time to resolution (MTTR) and the number of triaged events.
“By accessing the service through a single, centralised dashboard in the AWS Management Console, you can monitor active cases, review resolved security incident cases, and track key metrics, such as the number of triaged events and mean time to resolution, in real-time,” the Amazon subsidiary stated.
Security Incident Response also includes tools for collaboration, such as in-console messaging and video conferencing. Preconfigured workflows, including notification rules and role-based permissions, aim to streamline coordination.
Customers can escalate incidents to AWS CIRT for round-the-clock assistance. This team is equipped to manage complex scenarios, including ransomware attacks, data breaches, and account takeovers.
The Amazon subsidiary has described onboarding as straightforward, integrating seamlessly with existing tools. Organisations begin by selecting a central account to manage all active and historical security events. Customers can enable permissions for automated monitoring and categorisation of findings. The service is currently available in 12 AWS Regions, including locations in the US, Europe, Asia Pacific, and Canada.
A response to AWS’ history of security missteps?
The launch of this service follows high-profile incidents that have exposed gaps in AWS’ security posture. In 2017, a misconfigured AWS S3 bucket led to the exposure of customer data at Verizon. In 2019, another breach at Capital One resulted in the compromise of over 100 million individuals’ personal information due to misconfigured AWS storage.
AWS aims to address these challenges with features such as automated triage and 24/7 expert support. However, the root causes of these incidents, including user misconfigurations, raise questions about whether automation alone can fully mitigate such risks. Additionally, reliance on AWS for incident response could attract scepticism regarding cloud vendors’ responsibilities in securing shared environments.
Read more: AWS launches free access to Trainium chips to boost AI research
