What are Cybersecurity Solutions?

Cybersecurity solutions help organizations operate more securely, with more confidence in the case of events. These solutions provide greater insight into internal and external threats. A modern cybersecurity solutions stack with continuous improvement supports modern challenges in cybersecurity.

Each organization has a unique environment, which means there is no one-size-fits-all approach to cybersecurity solutions. For instance, financial institutions and government agencies must follow explicit compliance regulations. These compliance regulations may require specific cyber solutions, controls, or architectures.

Organizations choose their cybersecurity solutions set based on modern best-practice cybersecurity strategies and frameworks. Digital domains change and grow, and cybersecurity threats evolve. This means that the way organizations treat cybersecurity must also grow and change.

For example, the identify, protect, detect, respond, recover, and govern stages of cybersecurity come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The following strategies help organizations develop a comprehensive approach to their cybersecurity practices.

Layered security

Previously, organizations protected assets and domains with a network-security-centric approach. This approach involves securing the perimeter of the network with endpoint security solutions such as firewalls and gateways, perimeter zones, password protection, and virtual private network (VPN) connectivity. The boundary of an organization's private network was protected by a layered approach, known as defense in depth.

However, using this network-security-centric approach has limitations. This approach does not address threats existing within a modern organizational environment. With modern, distributed, hybrid, and remote-access-based systems, the fixed internal private network no longer exists. Beyond endpoint security, the network perimeter is far more complex. Cloud environments make this approach even more complex.

While layered defense remains an essential component of a cybersecurity program, new strategic paradigms address modern cyber concerns.

Zero trust architecture

Zero trust architecture (ZTA) assumes that every device, app, service, connection, and user on the network should not be trusted by default. Instead, zero trust asks for continuous authentication and authorization before completing operations.

The zero trust architecture focuses on authentication and authorization at all stages of system access, making access the new security perimeter. This identity-first strategy means the borders of the business extend across all assets, networks, and devices.

Key technologies and strategies

• Multi-factor authentication
• Strict identity and access management solutions
• Policy and role-based solutions
• Access patterns telemetry to identify and predict suspicious activity
• Resource and asset classification
• Network microsegmentation and network access control
• Device security
• Encryption on all assets and networks

Assume compromise

The assume compromise strategy takes the approach that the internal environment has already been compromised. By assuming compromise, organizations can implement solutions to identify and resolve issues before they have a business impact.

By focusing on assumed compromise, organizations concentrate heavily on their security processes for what happens during and after an event.

Key technologies and strategies

• Automated incident response processes and playbooks
• Business continuity for critical services, including recovery time objectives\
• Backup and recovery
• Network, application, and workload monitoring systems
• Tools such as endpoint detection and response (EDR), intrusion prevention systems (IPS), and security information and event management (SIEM)
• Incident communication and management strategies
• Network microsegmentation

At AWS, security is our top priority. AWS is designed to provide a secure global cloud infrastructure on which to build, migrate, and manage applications and workloads. As part of our security focus, AWS offers a range of cybersecurity solutions across all stages of the security event lifecycle to help provide comprehensive protection. You can combine these solutions with AWS Marketplace vendors and third-party solutions.

Below is a list of AWS services, grouped by purpose, that allow you to create a modern cybersecurity solutions stack on AWS.

Unified security management

For unified cloud security management, AWS Security Hub provides a singular console to manage your cybersecurity, with dashboards for the following areas:

• Threats
• Vulnerabilities
• Posture management
• Sensitive data
• Findings
• Resources
• Integrations
• Automations

AWS Security Hub integrates AWS and third-party cybersecurity services to offer increased correlation, contextualization, and visualization capabilities in one place.

AWS Security Hub surfaces active security risks through unified signals across multiple services, centralized management, and standardized controls. AWS Security Hub is designed to reduce complexity in your cloud security operations.

Identify

Amazon GuardDuty protects your AWS accounts, workloads, and data with intelligent threat detection. Amazon GuardDuty offers scalable and fully managed threat detection, continuous monitoring, AI/ML-powered threat detection, faster response to threats, and end-to-end visibility into AWS compute workloads.

Amazon CloudWatch gives visibility into system-wide performance across resources and applications on AWS. Amazon CloudWatch allows users to set alarms, automatically react to changes, and gain a unified view of operational health.

Protect

Data management

Amazon Macie discovers sensitive data in Amazon S3 environments using machine learning and pattern matching. Amazon Macie provides visibility into data security risks and enables automated protection against those risks.

AWS Key Management Service (KMS) allows you to create and control keys used to encrypt or digitally sign your data. AWS KMS encrypts data within your applications and securely generates hash-based message authentication codes (HMACs) that ensure message integrity and authenticity.

AWS Certificate Manager provisions and manages public SSL/TLS certificates for use with AWS, hybrid, and multicloud workloads.

AWS Private Certificate Authority securely issues and manages private certificates for your connected resources in one place.

AWS Payment Cryptography simplifies cryptography operations in your cloud-hosted payment applications to meet strict compliance requirements.

AWS Secrets Manager to centrally store and manage the lifecycle of secrets, including credentials, API keys, and other secrets.

Identity management

AWS Identity and Access Management (IAM) allows you to manage identities and access to AWS services and resources securely. Within AWS IAM, you can set permission guardrails and fine-grained access, manage identities across accounts, use temporary security credentials, and analyze and validate policies.

AWS IAM Identity Center allows you to connect your existing workforce identity source and centrally manage access to AWS.

Amazon Cognito is a cloud access security broker that offers customer access management, with the ability to add user sign-up, sign-in, and access control to your web and mobile applications.

Network and device management

AWS IoT Device Defender offers security management across your IoT devices and fleets, with auditing, monitoring, and alerting. AWS IoT Device Defender offers built-in actions such as updating a device certificate, quarantining a group of devices, or replacing default policies.

AWS Firewall Manager allows you to centrally configure and manage firewall rules across your AWS accounts. AWS Firewall Manager can automatically enforce policies for existing and new resources, and centrally deploy rules to protect virtual private clouds (VPCs).

AWS Shield protects networks and applications by identifying network security configuration issues and defending applications against active web exploitation and distributed denial of service (DDoS) events

AWS WAF protects your web applications from common exploits by using managed rules, such as filtering web traffic, monitoring, blocking, or rate-limiting bots. AWS WAF can also block common attack patterns such as SQL injection or cross-site scripting (XSS).

Detect

Amazon Inspector automatically discovers workloads, such as Amazon Elastic Compute Cloud (Amazon EC2) instances, container images, and AWS Lambda functions, as well as code repositories. Amazon Inspector then scans them for software vulnerabilities and unintended network exposures.

Amazon Detective analyzes and visualizes security data to investigate potential security issues. Amazon Detective helps you determine potential security issues through a unified view of user and resource interactions.

AWS CloudTrail tracks user activity and API usage on AWS and in hybrid and multicloud environments.

Respond

AWS Security Incident Response helps you prepare for, respond to, and receive guidance to help recover from security incidents. AWS Security Incident Response includes incidents like account takeovers, data breaches, and ransomware attacks. AWS Security Incident Response combines the power of automated monitoring and investigation, and accelerated communication and coordination. AWS Security Incident Response offers direct 24/7 access to the AWS Customer Incident Response Team (CIRT).

Recover

AWS Elastic Disaster Recovery (DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications. AWS DRS uses affordable storage, minimal compute, and point-in-time recovery.

Govern

AWS Security Hub CSPM performs security best practice checks and ingests security findings from AWS security services and partners. It combines these results with findings from other services and partner security tools, offering automated checks against your AWS resources to help identify misconfigurations and evaluate your security posture.

AWS Artifact provides on-demand access to AWS and independent software vendor (ISV) security and compliance reports in a self-service portal.

AWS Audit Manager continually audits your AWS usage to simplify risk and compliance assessment. AWS Audit Manager automates evidence collection and reduces manual effort in collecting, organizing, and uploading evidence for compliance and risk assessment activities.