• - Introduction
    • Security Challenges
    • Shared Responsibility
    • Security of the cloud
    • Security Services in AWS
    • AWS Security Frameworks
    • How to prioritize
    • Evolutive Path
  • 1. Quick Wins
    • Assign security contacts
    • Select the regions & block the rest
    • Evaluate Cloud Security Posture
    • Multi-Factor Authentication
    • Root Protection
    • Identity Federation
    • Cleanup unintended access
    • Detect Common Threats
    • Audit API calls
    • Billing alarms
    • Cleanup risky open admin ports
    • Block Public Access
    • Analyze data security posture
    • Act on Critical Findings
    • WAF with managed rules
    • Evaluate Resilience
  • 2. Foundational
    • Sec & Regulatory requirements
    • Cloud Security Training Plan
    • Inventory & Config Monitoring
    • GuardRails - Org policies SCPs/RCPs
    • Use Temporary Credentials
    • IMDS v2
    • Advanced Threat Detection
    • Infrastructure vulnerabilities
    • Application Vulnerabilities
    • Limit Network Access
    • Secure EC2 Instances Management
    • Network segmentation (VPCs)
    • Multi-account management
    • Data Encryption at rest
    • Data Backups
    • Discover sensitive data
    • Security in Development
    • No secrets in code
    • Define incident response playbooks
    • Use multiple Availability Zones
  • 3. Efficient
    • Design your secure architecture
    • Use infrastructure as code
    • Tagging Strategy
    • Create your compliance reports
    • Least Privilege Review
    • CIAM: security of your customers
    • Custom Threat Detection - SIEM/Lake
    • Security Champions Program
    • DevSecOps: Security in the Pipeline
    • Golden Image Pipeline
    • Anti-Malware / EDR / RP
    • Outbound Traffic Control
    • Encryption in transit
    • Threat Modeling
    • Adv. WAF with Custom Rules
    • DDoS Mitigation (Layer 7)
    • Run TableTop exercises
    • Automate critical playbooks
    • Investigations - Root cause analysis
    • Disaster Recovery Plan
  • 4. Optimized
    • Sharing security tasks (RACI)
    • Automate evidence gathering
    • IAM Data Perimeters
    • IAM Pipeline
    • Temporary Elevated Access
    • Threat Intelligence
    • VPC Flow Logs Analysis
    • Vulnerability Management Team
    • Zero Trust Access
    • Using abstract services
    • GenAI Data protection
    • Red Team
    • Blue Team
    • Advanced Automations
    • Security Orchestration & Ticketing
    • Automate deviation correction
    • Disaster Recovery Automation
    • Chaos Engineering
  • -- Maturity Model
  • - Events calendar
  • - Webinars
  • - Assessment Tools
  • - Whitepapers, FAQ, others
    • Frequently Asked Questions
    • AWS Security Documentation
    • AWS Security Whitepapers
    • Free security services
  • - Contact
  • - Financial Services
    • Amazon Fraud Detector
    • PCI Compliance
    • Payment Cryptography
  • - Survey
  • Clear History

© 2024 Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Home > Optimized

4.- Optimized

Security governance Sharing security work and responsibility
Security assurance Automate Evidence Gathering
Identity and access management IAM Data Perimeters IAM Policy Generation Pipeline Temporary Elevated Access
Threat detection Threat Intelligence Network Flows analysis (VPC Flow Logs)
Vulnerability management Vulnerability Management Team
Infrastructure protection Zero Trust Access Use abstract services
Data protection GenAI Data protection
Application security Forming a Red Team (Attacker's Point of View)
Incident response Forming a Blue Team (Incident Response) Advanced security automations Security Orchestration & Ticketing Automate deviation correction in configurations
Resiliency Multi-region Disaster Recovery Automation Chaos Engineering