Detective Controls

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
19 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture, we're going to be talking about
00:00
detective controls within AWS.
00:00
Learning objectives are going to be to
00:00
introduce three different services,
00:00
which is Amazon Inspector,
00:00
GuardDuty, and Amazon Macie.
00:00
Amazon Inspector.
00:00
This is going to help in assisting you
00:00
with any security and compliance requirements you have.
00:00
It's going to run security assessments
00:00
against your EC2 instances.
00:00
Remember EC2, and it's going to check
00:00
against unwanted network accessibility.
00:00
When we say it's going to assist
00:00
in the security and compliance,
00:00
what it's going to do is it's going to analyze
00:00
your EC2 instances and check for
00:00
hardening and check for compliance
00:00
against certain regulation that
00:00
you might be dealing with.
00:00
This could be GDPR,
00:00
could be HIPAA, could be FedRAMP, anything like that.
00:00
You can leverage it for those types of situations.
00:00
GuardDuty is going to be
00:00
an intelligent threat detection service.
00:00
What does that mean?
00:00
Well, it continuously monitors for
00:00
malicious and bad or unauthorized behavior.
00:00
It does this using machine-learning so
00:00
it has a pattern that it can recognize off of.
00:00
If anything seems out of the norm,
00:00
it's gonna go ahead and use
00:00
its smart machine-learning skills to notify
00:00
you and it'll go ahead and
00:00
stop that activity and its tracks.
00:00
It's going to protect your AWS account, your workloads,
00:00
and any storage, any data that is being put in S3.
00:00
You can leverage the input data,
00:00
which includes API calls,
00:00
VPC Flow Logs, and DNS.
00:00
You can use all of these different sources
00:00
as ingestion sources to
00:00
analyze and to help GuardDuty do its job,
00:00
which is to be a threat detection for you.
00:00
Amazon Macie is
00:00
a fully managed data security and privacy service.
00:00
It's going to continuously monitor for pattern-matching.
00:00
Also using machine-learning.
00:00
It's going to look for PII,
00:00
Personally Identifiable Information,
00:00
PHI, which is personally or Personal Health Information,
00:00
and any secrets and passwords.
00:00
Any type of sensitive information that
00:00
might be inside of the data,
00:00
it's going to notify you and make sure
00:00
that it's contained before you can
00:00
or you can go and take care of it
00:00
before it could potentially
00:00
get leaked in the wrong place.
00:00
It will alert you when something gets
00:00
uploaded to the Cloud that shouldn't be so
00:00
you can always leverage that to
00:00
ensure that you are being protected.
00:00
All right, and that wraps up this lecture.
00:00
In this lecture, we covered Amazon Inspector,
00:00
GuardDuty, and Macie
00:00
and we talked about the differences there.
00:00
You don't need to know these services in depth.
00:00
You don't really need to know about how they work.
00:00
You just need to understand
00:00
the differences because you may see
00:00
a question or two on the exam that
00:00
may include some details on this.
00:00
Be on the lookout. I'll see you in the next lecture.
Up Next