AWS Inspector

• Automated vulnerability management service that continually scans EC2 and container workloads for software vulnerabilities and unintended network exposure

• AWS Inspector is specific to EC2 and Container workloads

  • Provides Automated Security Assessments for EC2 instances.

  • Requires agent installation on EC2 for Host (vulnerability assessment/best practices) OR can do NW Assessment for EC2 without installing agent

AWS GaurdDuty

• Threat detection service that continuously monitors your AWS accounts and workloads for malicious activity

• It uses Machine Learning, anomaly detection

• Can protect against Crypto Currency attacks

• Aim is to analyze logs:

  • CloudTrail Logs: unusual API calls, unauthorized deployments

  • VPC Flow Logs: unusual internal traffic, unusual IP address

  • DNS Logs: compromised EC2 instances sending encoded data within DNS queries

AWS Macie

• Macie helps identify and alert you to sensitive data, such as personally identifiable information (PII).

• AWS Macie is specific to S3

AWS Shield

• Avoid DDoS Attacks