DEV Community

Cover image for Cyber resilience in applications on AWS-Using AWS Security Hub.
Gbemisola Esho for AWS Community Builders

Posted on • Edited on

Cyber resilience in applications on AWS-Using AWS Security Hub.

With the rise of digital, the interconnectivity of the world is unquestionable and cyberspace is the world that was born, making the saying “The world is now a village” My words are “The world is now an interconnected village”.

As we are in the era of “digital everything” the need for cyber resilience has increased, paving the way to sustainable development and growth in the cybersecurity landscape.

A synergy between public and private sector stakeholders will help to find solutions. The late UN scribe Mr Kofi Annan said “There is no development with security and no security without development”

Solutions to problems of increase in cybertheft and data breaches lead only to the place of capacity building so cyber professionals are well equipped to identify, contain, and stop attacks that occur in cyberspace.

What is Cyber resilience?
This is the ability of an organisation to prevent withstand and recover from cyber-attacks.

Cyber resilience goes beyond preventing cyber attacks and has a proactive approach to cybersecurity. It anticipates that it still needs to detect and respond with minimal damage occurring as it recovers from attacks.

Components of Cyber resilience
Risk Assessment: It is important to take stock of the assets of your organisation, their value, and the potential vulnerability to know the cyber threat severity and impact

Image description

Prevention: Best security practices will be without fail help with prevention some examples include setting up firewalls, anti-virus, and security awareness training.

Image description

Detection: Intrusion detection systems, security information, event management systems, and monitoring tools should be addressed.

Image description

Response: A well-defined and drafted plan should always be in place and ready to be activated.

Image description

Recovery: The ability of an organisation to recover from a breach or an attack and return to normalcy as quickly as possible is very important to be resilient.

Image description

Adaptability: The ability to adjust to the fast pace of cyberspace and changing threats

Image description

Ensuring your applications are cyber-resilient is a continuous process you achieve this by ensuring best practices are followed and the right security posture.

Security Posture in Cyber Resilience

Image description

The security posture of an organisation is the organisation's overall cyber security readiness.
In AWS cloud security posture is managed by the AWS Security Hub

What is the AWS Security Hub?
The AWS security hub is an AWS resource that has the following function

  • Automates Security best practices: Security best practices in AWS are linked to a Well-Architected Framework which helps in making decisions on how to deploy our workload bearing in mind the need for secure deployments in the Cloud.

  • Aggregate security alerts into a single place and format

  • Helps in understanding your overall security posture across all of your AWS accounts.

Security Best Practises in AWS

The security pillar in the Well-Architected Framework emphasizes the advantage of cloud technologies by describing how to protect data, systems, and assets in a way that can improve your security posture.

There are several principles associated with this like
Implement a strong identity foundation: This requires implementing the principle of least privilege and enforcing separation of duties with appropriate authorization for each interaction with your AWS resources.

Maintain traceability: Logging and monitoring are key factors in maintaining traceability. The need for alerts and audits is critical as well.

Apply security at all layers: Defense-in-depth approach is applied with multiple security controls. Applied to all layers from networking, load balancing, operating systems, and application layers.

Automate security best practices: To securely scale more rapidly and cost-effectively, using automated software-based security mechanisms enhances your ability.

Protect data in transit and at rest: Encryption and classification of data into sensitivity levels is a best practice as well as the use of tokenization, and access control as well.

Data Restriction and Control: Reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of mishandling or modification and human error when handling sensitive data.

_Security events readiness: Incident readiness is a priority with the robust incident management and investigation policy and processes that align with your organizational requirements.

The security Hub centrally manages security alerts

How it works

Image description

The security Hub Centre is a central security tool that is used to manage the security across several AWS accounts and automate security checks.

It has an integrated dashboard that displays the security and compliance status that helps in decision-making and taking action.

The AWS Security Hub aggregates alerts across different services like AWS Config, AWS GuardDuty, AWS Macie, IAM Aces Analyzer, AWS Systems Manager, AWS Firewall, AWS Health

AWS Config service is enabled for the Security Hub to work, looking at the diagram we can see that the Security Hub can cover multiple accounts at a time taking the findings from the AWS services mentioned finding out the potential issues and findings, and visualizing it on the dashboard.

EventBridge generates an event and Amazon Dectective investigates the source of the threat.

And finally, to investigate the source of these issues you can use Amazon Detective.

To know more about AWS Security Hub like this link

Top comments (0)