In this section we will cover the controls and recommendations that allow us to manage security in an efficient way.
Security governance | Design your secure architecture Use infrastructure as code Tagging strategy |
Security assurance | Create your compliance reports |
Identity and access management | Least Privilege Review Customer IAM: security of your customers |
Threat detection | Custom Threat Detection capabilities (SecLake / SIEM) |
Vulnerability management | Security Champions Program DevSecOps: Security in the Pipeline |
Infrastructure protection | Image Generation Pipeline Anti-Malware / EDR / Runtime Protection Outbound Traffic Control |
Data protection | Encryption in transit |
Application security | Perform threat modeling WAF with custom rules Advanced DDoS Mitigation (L7) |
Incident response | Run TableTop Exercises - Simulations Automate Critical Playbooks Security Investigations - Root cause analysis |
Resiliency | Disaster Recovery Plan |