Category: Technical How-to

The betting and gaming industry has grown into a data-rich landscape that presents an enticing target for sophisticated bots. The sensitive personally identifiable information (PII) that is collected and the financial data involved in betting and in-game economies is especially valuable. Microtransactions and in-game purchases are frequently  targeted, making them an ideal case for safeguarding […]

AWS Transfer Family is a secure transfer service that lets you transfer files directly into and out of Amazon Web Services (AWS) storage services using popular protocols such as AS2, SFTP, FTPS, and FTP. When you launch a Transfer Family server, there are multiple options that you can choose depending on what you need to […]

As a security team lead, your goal is to manage security for your organization at scale and ensure that your team follows AWS Identity and Access Management (IAM) security best practices, such as the principle of least privilege. As your developers build on AWS, you need visibility across your organization to make sure that teams […]

January 31, 2025: This post was revised to update several paragraphs in the section Scenario 1: Automated investigations. Uncovering  AWS Identity and Access Management (IAM) users and roles potentially involved in a security event can be a challenging task, requiring security analysts to gather and analyze data from various sources, and determine the full scope […]

In this blog post, I take you on a deep dive into Amazon GuardDuty Runtime Monitoring for EC2 instances and key capabilities that are part of the feature. Throughout the post, I provide insights around deployment strategies for Runtime Monitoring and detail how it can deliver security value by detecting threats against your Amazon Elastic […]

September 10, 2025: We’ve updated this post to reflect changes in suggested mitigation approaches. December 16, 2024: We’ve updated this post to reflect changes in suggested mitigation approaches. If you have a customer facing application, you might want to enable self-service sign-up, which allows potential customers on the internet to create an account and gain […]

In this blog post, I dive into a cross-Region replication (CRR) solution for card payment keys, with a specific focus on the powerful capabilities of AWS Payment Cryptography, showing how your card payment keys can be securely transported and stored. In today’s digital landscape, where online transactions have become an integral part of our daily […]

On November 1, 2023, the New York State Department of Financial Services (NYDFS) issued its Second Amendment (the Amendment) to its Cybersecurity Requirements for Financial Services Companies adopted in 2017, published within Section 500 of 23 NYCRR 500 (the Cybersecurity Requirements; the Cybersecurity Requirements as amended by the Amendment, the Amended Cybersecurity Requirements). In the introduction […]

Amazon Web Services (AWS) customers operating in a regulated industry, such as the financial services industry (FSI) or healthcare, are required to meet their regulatory and compliance obligations, such as the Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPPA). AWS offers regulated customers tools, guidance and third-party audit reports […]

November 20, 2025: We updated this post to include a new queuing component in the solution that accommodates ingestion of large objects into the malware-protected S3 bucket. May 28, 2025: In the section Extend the solution, we fixed a typo in the code related to deleting source objects. Amazon Simple Storage Service (Amazon S3) is […]