Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

AWS Launches Incident Response Service

AWS has launched Security Incident Response, a new service for quick and efficient security event management.

AWS security

AWS on Sunday announced a new service that provides organizations with quick and effective security incident management capabilities.

The new Security Incident Response, AWS says, relies on automation to triage and analyze security signals from Amazon GuardDuty and integrated third-party detection solutions through the AWS Security Hub cloud security posture management service.

With Security Incident Response, customers receive comprehensive support across the incident response lifecycle, benefiting from communication and coordination, and continuous assistance from the AWS Customer Incident Response Team (CIRT).

“The service is purpose-built to help customers prepare for, respond to, and recover from various security events, including account takeovers, data breaches, and ransomware attacks,” AWS explains.

The new service, AWS says, automatically triages security findings and filters them based on customer-specific information to identify incidents that require immediate attention and deliver critical alerts to security teams.

To simplify incident response, it provides preconfigured notification rules and permission settings and offers access to a central console with integrated features accessible through the service APIs or the AWS Management Console.

Capabilities include secure data transfer, messaging, video conference scheduling, and automated case history tracking and reporting.

In addition to 24/7 support from the AWS CIRT, the service provides customers with self-service investigation tools and enables them to handle incidents independently or to collaborate with third-party security vendors, based on their needs and requirements.

Advertisement. Scroll to continue reading.

Additionally, customers can monitor, measure, and improve their security incident response performance over time through access to a service dashboard with metrics such as mean time to resolution (MTTR), number of cases within a specific period, number of triaged findings, and other indicators.

The service integrates with AWS Organizations and customers can get onboard “by selecting a central account within their organization, where all active and historical security events can be created and managed,” AWS says.

To allow the service to monitor and analyze security findings, customers need to enable the proactive response feature to create service-level permissions. The service will automatically analyze and remediate findings based on customer-specific data, and will create security cases for findings that cannot be automatically resolved.

The service can also be configured to execute containment actions, leading to faster incident response times and potentially reduced impact of security incidents, AWS says.

Related: Internet Archive Hacked Again During Service Restoration Efforts

Related: Red Hat Announces General Availability of Malware Detection Service

Related: GuidePoint Security Launches ICS/OT Security Services

Related: Amazon’s Shuttering of Alexa Ranking Service Hits Cybersecurity Industry

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.