AWS Security Incident Response
Automated security incident response with AWS expert guidance
What is Security Incident Response?
AWS Security Incident Response helps you prepare for, respond to, and recover from security events faster and more effectively. Through automated monitoring, triage, and containment capabilities, the service streamlines every step of the security incident response lifecycle. When specialized expertise is required, Security Incident Response gives you direct 24/7 access to the AWS Customer Incident Response Team (CIRT), with experts responding to your request within minutes. This powerful combination of automation and expertise enables you to confidently scale your security operations, so you can focus on innovation and growth.
Benefits
Focus on critical security events
Surface critical events through automated security workflows. Security Incident Response continuously monitors and triages security findings from Amazon GuardDuty and third-party detection tools through AWS Security Hub. The service filters findings based on expected behavior, reducing alert volume and helping you focus on critical security events.
Respond to and recover from security events faster
Accelerate security incident response by centralizing communication, coordination, and remediation in one place. Reduce mean time to resolve (MTTR) a security event by automating operational tasks and containment actions.
Continuously improve your security response outcomes
Strengthen your organizational incident response. Security Incident Response adapts to your unique AWS environment, continually refining how potential security events are prioritized, investigated, and escalated over time. This enables your team to confidently respond while minimizing business disruption.
Access AWS security experts for specialized assistance
Get 24/7 direct access to the AWS CIRT, with experts responding to your requests within minutes. Drawing from extensive frontline experience, the AWS CIRT has built deep institutional knowledge helping customers respond to and recover from security events. They work directly with specialized partners, so you get the combined expertise of multiple security providers in one coordinated response, if desired.
Use cases
Turn security alerts into manageable actionable insights
Security Incident Response handles alert review for you, so you can spend more time responding to the ones that matter. With automated monitoring and triage, the service continuously reviews high volumes of security alerts and surfaces the most critical alerts, providing actionable insights so your team can respond to security events with confidence.
Respond to an active security event
Respond to a security event in a way that best suits your organization's needs. You can have Security Incident Response proactively generate a case by enabling the proactive response and alert triaging workflows in the service, or create your own case to receive support from the AWS CIRT.
Scale your security operations center (SOC)
Keep pace with business growth by automating security workflows and extending your SOC team’s capabilities with access to AWS security expertise when you need it.