Amazon Web Services (AWS) has recently introduced a new service called AWS Security Incident Response (SIR) to assist organizations in handling and recovering from security incidents such as ransomware attacks, data breaches, and account takeovers. According to Betty Zheng, Senior Developer Advocate at AWS, the increasing complexity of security events coupled with a lack of internal resources has made incident response more challenging for customers.
To enable Security Incident Response across AWS Organizations, customers can activate the service through their management or delegated administrator account. It is recommended to also activate Amazon GuardDuty and AWS Security Hub for enhanced threat detection capabilities. Once Security Incident Response is granted the necessary permissions, it monitors and triages findings from these services, notifying the organization’s incident responders if any action is required. The service can also automate certain containment actions to expedite incident response.
AWS SIR provides a centralized console with integrated features for communication and collaboration, including messaging, secure data transfer, and video conference scheduling. Additionally, the service offers automated case history tracking and reporting to help security teams focus on remediation and recovery efforts. Customers can benefit from preconfigured notification rules and permission settings that can be extended to internal and external stakeholders, including third-party security providers.
Furthermore, the service includes access to security investigation tools, playbooks, and AWS’ Cyber Incident Response Team (CIRT) experts. Organizations can choose to utilize these resources independently or in conjunction, with a guaranteed response time of 15 minutes for the latter option. Once the security event is resolved, users can review a case history of all incident-related activities to assess their response and identify areas for improvement. SIR can also be used for simulating security events to train security teams in incident response protocols.
In conclusion, AWS Security Incident Response (SIR) is a comprehensive service designed to streamline incident response processes and enhance security posture for organizations facing cybersecurity challenges. By leveraging the capabilities of SIR, customers can effectively prepare for and recover from security incidents with the support of AWS’ advanced threat detection technologies and expert resources.