This Guidance uses EventBridge and its integrations with other native AWS services to automatically respond to security events through custom actions. This alleviates the need for human intervention in response to every security finding. Systems Manager automatically collects logs and system-level metrics from your on-premises servers and stores them in CloudWatch for viewing, providing you with insights into server activity and performance.

This Guidance uses Site-to-Site VPN to provide a strong, secure connection between your on-premises data center and your AWS resources by using an internet protocol security (IPSec) tunnel private session. Site-to-Site VPN works with CloudWatch to give you further visibility and insights into local and remote network health and help you monitor the reliability and performance of your VPN connections. AWS Identity and Access Management (IAM) lets you use fine-grain access policies and understand the accessibility of your resources. IAM Access Analyzer validates your policies against best practices, identifies resources shared externally, and generates policies based off historical AWS CloudTrail logs. AWS Config and Security Hub perform automated security checks for your AWS-hosted and on-premises workloads to verify security and compliance controls are in place.

This Guidance increases the reliability of on-premises servers by installing Systems Manager, storing server logs in CloudWatch, and reducing the time to detect and resolve operational issues. It overlaps security and compliance checks by using other native AWS security services like Security Hub, Audit Manager, and AWS Config to capture the maximum number of vulnerabilities, reducing downtime. The use of AWS managed services alleviates manual efforts.

This Guidance closely guards access and permissions to reduce negative impacts on performance. It uses IAM Access Analyzer to reduce the number of incidents of undesirable behavior, such as accidental deletions and unnecessary resource creation. CloudFormation works with CloudWatch to monitor on-premises and AWS resource performance and provide insights. Security Hub aggregates third-party security findings into a centralized repository for an organization-wide simple monitoring solution.

This Guidance uses Security Hub, AWS Config, and Audit Manager in tandem to help you secure your environment and maintain FFIEC compliance. This helps you boost reliability and reduce downtime, ultimately reducing the cost of outages and helping prevent the additional costs of incident management and response. Additionally, these services perform automatic security checks and audit evidence collection, reducing manual costs.

This Guidance uses predefined AWS Config conformance packs, helping your developers and engineers minimize unnecessary resource provisioning and redirect their attention to more critical areas, boosting organizational efficiency and reducing waste. AWS Config and Systems Manager scale to meet requirements, minimizing the wasted consumption of electricity and other resources.