Securing AWS Workloads in the Cloud
Introduction
Over the years security incidents have become a prominent challenge for any company hosting data or running internet workloads. Many tools exist to combat security weaknesses and vulnerabilities that the question is which tools should be used. Once a suite of tools has been decided on, the next big challenge remains to ensure everything is configured as it should be.
As common threats continue to be used and new threats emerge, Amazon GuardDuty easily and in real-time processes large volumes of log files to discover and present the malicious/ suspicious signals that require action to harden and safeguard your applications. Amazon GuardDuty is an invaluable resource to ensure cloud workloads are secure. By utilizing machine learning algorithms and years of AWS best practice knowledge Amazon GuardDuty can ensure applications are being monitored and are configured securely. Amazon GuardDuty’s Amazon Elastic Kubernetes Service (EKS) monitoring has now made major advancements to not only protect your system at runtime, but also ensure that configurations follow best practices. This can range from simple port configurations and permissions to more advanced features such as ensuring the workload instance is free of malware.
Overview and Benefits of Amazon GuardDuty
Overview
Amazon GuardDuty enables out of the box functionality to monitor and secure many things across multiple AWS accounts. Amazon GuardDuty, once enabled, ensures the security of the workloads can be monitored quickly and easily.
Benefits
Account level detection
AWS account is monitored at a whole, meaning strange behavior or actions that suggest a bad actor trying to circumvent detection will trigger a finding. This monitoring can be done across multiple AWS accounts, enabling the ability to get a continuous and complete picture of every account in an organization.
Threat Detection
Threat detection detection happens on multiple levels but is continually improved by AWS to always have up-to-date algorithms. Reconnaissance detection will detect behavior suggesting unauthorized parties may be already have access to an AWS account. Instance level detection can ensure everything from unauthorized crypto mining to malware detection triggers a finding. To ensure an account has not been compromised unusual logins from atypical geolocations will also be detected.
Threat severity levels
Amazon GuardDuty’s advanced feature set ensures a range of activity can be detected. These various triggered findings are each assigned a severity level. This not only ensures a security team is able to prioritize findings, but also enables efficient and effective responses to be planned.
Automate responses and remediations
Alerting necessary people to various findings is one way to ensure an effective response can be put into action. Utilizing anything from HTTPS, AWS CLI, to CloudWatch Events reactions can be automated in every way that may seem fit for the event type.
Highly available threat detection
No matter the scale of the workloads in an AWS account, Amazon GuardDuty will automatically monitor activity levels on workloads to stored data.
Amazon EKS monitoring
Monitoring can be activated to ensure security ranging from the control plane activity, Amazon Elastic Block Storage (EBS) malware scanning of Amazon Elastic Compute Cloud (EC2) instances and Amazon Relational Database Service (RDS) protection to mitigate any threats stored in AWS databases. Runtime monitoring can be provided through an automatically managed agent, which creates a Virtual Private Cloud (VPC) endpoint to securely deliver data, or a more controlled manual agent which can be configured. Once audit log and runtime monitoring is enabled on a workload Amazon GuardDuty can ensure monitoring from the control plane to individual pods or the container operating system.
Deep Dive into Amazon EKS Protection
Now that an overview has been established of all the benefits that Amazon GuardDuty can provide, let us look at the specifics of the new Amazon EKS protections. Below we can see an overview of the Amazon EKS monitoring.
Audit Logs Monitoring
Amazon GuardDuty can aid in identifying unexpected, potentially unauthorized, and malicious activity within an Amazon EKS workload. This is done by having an agentless monitoring on Amazon EKS audit logs analysis, intelligent threat detection and continuous monitoring, and detailed security findings.
Amazon EKS Runtime Monitoring
The challenge here is to monitor operating system-level events to detect compromised containers and attempts to escalate privileges to the underlying Amazon EC2 host. To overcome this challenge the Amazon GuardDuty fully managed add-on adds visibility into individual Kubernetes container runtime activities. This add-on enables a continuous monitoring of vital system events of each container across you organization.
Here we have an overview of how the Amazon EKS add-on security agent works. AS can be seen the add-on agent must be deployed on the Amazon EKS node in the Amazon EKS cluster. This allows all runtime system events to be monitored, such as file access, process execution, and network connections. The agent can be deployed and managed fully automatically by AWS or manually.
Why choose AWS Partner like MHP Managment- und IT-Beratung GmbH?
Expertise and Experience
Security remains an immensely important aspect to any workload, no matter where it is hosted. MHP’s proven track record and satisfied clients are a testament to our commitment to providing excellence and delivering results that matter. Security is ensured through MHP’s extensive industry experience. Amazon GuardDuty is recognized to be one of many important tools to ensure every aspect of an AWS account is monitored for security and best practices.
On-going Support
Securing client workloads is a continuous process which MHP has built up experience with diverse clients. Configuring workloads to be monitored is half of the battle, ensuring the necessary know-how to be able to intelligently react to any incidents is a continuous process. Playbooks and other best practices are utilized to
AWS-Partnership
MHP is an experienced partner of AWS, having successfully worked together. In May 2022, MHP and AWS expanded their partnership by signing a strategic collaboration agreement. With over 500 certifications, MHP has a large internal community of AWS enthusiasts to help you take your solutions to the next level.
Through years of experience MHP has shown its ability and expertise in ensuring secure use of AWS. Amazon GuardDuty remains an important service in ensuring security workflows are monitored and necessary steps can be taken to mitigate issues. Through constant innovations at AWS, MHP can utilize the necessary services in a way to mitigate security issues. Through our close partnership MHP is perfectly positioned to take advantage of any new features or services to continue to reliably provide the security expertise customers have come to expect.
