Five Prominent AWS Security Services and Their Use Cases

In this modern era, organizations running on Cloud can face severe threats from hackers at any time. Data breaches happen daily, and business has a responsibility to their customers to protect their data. They must protect against data theft or security breaches. Businesses are facing many challenges related to security like:

Data Privacy
Integrity, Non-authentication and Non-Repudiation
Online attacks like phishing, man-in-the-middle attack, DDoS, SQL injection, Phlashing, etc.

That is why, it is crucial for businesses to protect their Cloud infrastructure before it gets hacked. So, there should be a safe and complete system dedicated to securing the Cloud infrastructure. In this post, we will focus on the AWS services that help businesses to protect their AWS infrastructure and their relevant use-cases.

1. AWS WAF

What is WAF?
AWS WAF is a Web Application Firewall that monitors web request which is forwarded to Application Load Balancer (ALB), Amazon API Gateway or CloudFront. AWS WAF can also allow or block any web request as per your rules and conditions. That means your WAF sits above CloudFront or ALB so, if you don’t have these services on your infrastructure then you cannot use AWS WAF.

When to choose WAF?
AWS WAF can allow or block only the web request so, if you want to block the web request, WAF is the right choice for you. AWS WAF works with rules and conditions for the web request.

For example:
If you want your CloudFront or load balancer to serve content for public requests, but also want to block requests from attackers then WAF can help you. Sometimes you see some of the web requests with one IP’s continuously hit the website, in this case, you can use WAF to block those IPs.

WAF’s another feature is it allows you to count the requests that match the properties you specify. So, if you want to allow or block any of the requests based on new properties on the web request, you can use AWS WAF. WAF helps to count the request based on those properties and once you become confident then you can allow or block those requests. This helps you to avoid accidental blocking of traffic to the website.

Fig: WAF

2. AWS SHIELD

What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. There are two tiers of AWS Shield – Standard and Advanced.

You can use AWS Shield-standard with no additional cost. AWS Shield standard defends against the most common DDoS attack that targets your website or applications.

When to choose AWS Shield and its types?
You can use AWS WAF to help minimize the effect of DDoS attack so when to use AWS Shield? AWS Shield standard is automatically included with no extra cost but if you need extended protection against DDoS attack for your Amazon Elastic Compute Cloud instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, Amazon Route 53 hosted zones, and your AWS Global Accelerator accelerators than you can use AWS Shield Advanced.

If you have the technical expertise and want full control over monitoring for and mitigating layer 7 attacks, AWS Shield Standard is likely the appropriate choice. But if your business or industry is a likely target of DDoS attacks, or if you prefer to let AWS handle most of the DDoS protection and mitigation responsibilities for layer 3, layer 4, and layer 7 attacks, AWS Shield Advanced might be the best choice.

3. AWS INSPECTOR

What is AWS Inspector?
Amazon Inspector is an automated security assessment service that helps to make better security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities and deviations for best practices and provides a list of security issues. Amazon Inspector Assessment is done on each EC2 instance to verify the security best practices. AWS Inspector is tag based and the agent-based security assessment service. The Assessment template looks for EC2 instances with specific tags to identify Assessment targets.

When to choose AWS Inspector?
AWS inspector is an IDS (Intrusion Detection System) which helps you to detect the vulnerabilities

in your application. It only detects and provides you with the assessment report and the prevention should be done by yourself. It provides you the report on how vulnerable is your application. If you feel there is some memory leakage in your application, then AWS Inspector can help to find out for you. If you find there is no encryption happening when data in transit, you can use this service to find out the cause. Also, if you want to analyze the network configuration to find the accessibility of EC2 instances, then AWS Inspector is the best service for you.

4. Amazon GuardDuty

What is GuardDuty?
Amazon GuardDuty is an intrusion detection service that monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and Machine Learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.

When to choose Amazon GuardDuty?
As an intrusion detection service, Amazon GuardDuty helps in issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. If you want to detect compromised EC2 instances serving malware or mining bitcoin, unauthorized infrastructure deployments like instances deployed in a region that has never been used, password policy change, unusual API calls, etc. Amazon GuardDuty is the best service to be used.

Amazon GuardDuty can be enabled with no software or hardware to deploy and maintain.

5. AWS Key Management Service (KMS)

What is KMS?
AWS Key Management Service (KMS) makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. AWS KMS is integrated with AWS CloudTrail to record all API requests, including key management actions and usage of your keys. AWS KMS is integrated with AWS services to simplify using your keys to encrypt data across your AWS workloads.

When to choose KMS?
KMS is a fully managed service that makes it easy to create and control encryption keys in AWS.

KMS utilizes symmetric encryption which means that the same key is used for encryption and decryption. If you want an extra layer of security while Data at Rest, then KMS is the best option for you. Amazon KMS is integrated with almost all the AWS services.

When you encrypt your data, your data is protected, but you must protect your encryption key. AWS KMS also helps to encrypt your plain text data with data key and encrypt the data key with another key. This is called as Envelope Encryption.