• - Introduction
    • Security Challenges
    • Shared Responsibility
    • Security of the cloud
    • Security Services in AWS
    • AWS Security Frameworks
    • How to prioritize
    • Evolutive Path
  • 1. Quick Wins
    • Assign security contacts
    • Select the regions & block the rest
    • Evaluate Cloud Security Posture
    • Multi-Factor Authentication
    • Root Protection
    • Identity Federation
    • Cleanup unintended access
    • Detect Common Threats
    • Audit API calls
    • Billing alarms
    • Cleanup risky open admin ports
    • Block Public Access
    • Analyze data security posture
    • Act on Critical Findings
    • WAF with managed rules
    • Evaluate Resilience
  • 2. Foundational
    • Sec & Regulatory requirements
    • Cloud Security Training Plan
    • Inventory & Config Monitoring
    • GuardRails - Org policies SCPs/RCPs
    • Use Temporary Credentials
    • IMDS v2
    • Advanced Threat Detection
    • Infrastructure vulnerabilities
    • Application Vulnerabilities
    • Limit Network Access
    • Secure EC2 Instances Management
    • Network segmentation (VPCs)
    • Multi-account management
    • Data Encryption at rest
    • Data Backups
    • Discover sensitive data
    • Security in Development
    • No secrets in code
    • Define incident response playbooks
    • Use multiple Availability Zones
  • 3. Efficient
    • Design your secure architecture
    • Use infrastructure as code
    • Tagging Strategy
    • Create your compliance reports
    • Least Privilege Review
    • CIAM: security of your customers
    • Custom Threat Detection - SIEM/Lake
    • Security Champions Program
    • DevSecOps: Security in the Pipeline
    • Golden Image Pipeline
    • Anti-Malware / EDR / RP
    • Outbound Traffic Control
    • Encryption in transit
    • Threat Modeling
    • Adv. WAF with Custom Rules
    • DDoS Mitigation (Layer 7)
    • Run TableTop exercises
    • Automate critical playbooks
    • Investigations - Root cause analysis
    • Disaster Recovery Plan
  • 4. Optimized
    • Sharing security tasks (RACI)
    • Automate evidence gathering
    • IAM Data Perimeters
    • IAM Pipeline
    • Temporary Elevated Access
    • Threat Intelligence
    • VPC Flow Logs Analysis
    • Vulnerability Management Team
    • Zero Trust Access
    • Using abstract services
    • GenAI Data protection
    • Red Team
    • Blue Team
    • Advanced Automations
    • Security Orchestration & Ticketing
    • Automate deviation correction
    • Disaster Recovery Automation
    • Chaos Engineering
  • -- Maturity Model
  • - Events calendar
  • - Webinars
  • - Assessment Tools
  • - Whitepapers, FAQ, others
    • Frequently Asked Questions
    • AWS Security Documentation
    • AWS Security Whitepapers
    • Free security services
  • - Contact
  • - Financial Services
    • Amazon Fraud Detector
    • PCI Compliance
    • Payment Cryptography
  • - Survey

  • Clear History

© 2024 Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Home > Efficient

3.- Efficient

In this section we will cover the controls and recommendations that allow us to manage security in an efficient way.

Security governance Design your secure architecture Use infrastructure as code Tagging strategy
Security assurance Create your compliance reports
Identity and access management Least Privilege Review Customer IAM: security of your customers
Threat detection Custom Threat Detection capabilities (SecLake / SIEM)
Vulnerability management Security Champions Program DevSecOps: Security in the Pipeline
Infrastructure protection Image Generation Pipeline Anti-Malware / EDR / Runtime Protection Outbound Traffic Control
Data protection Encryption in transit
Application security Perform threat modeling WAF with custom rules Advanced DDoS Mitigation (L7)
Incident response Run TableTop Exercises - Simulations Automate Critical Playbooks Security Investigations - Root cause analysis
Resiliency Disaster Recovery Plan