If you had to architect a multi-account security logging strategy, where should you start? This blog, part of the “Continuous Visibility into Ephemeral Cloud Environments” series, will describe a design for a state of the art multi-account security-related logging platform in AWS. By Marco Lancini.
One of the usual requirements for Security teams is to improve the visibility over (production) environments. In this regard, it is often necessary to design and rollout a strategy around security-related logging. This entails defining the scope for logging (resources, frequency, etc.), as well as providing an integration with existing monitoring and alerting systems.
The article then goes extensively over:
- Which Services Can We Leverage?
- CloudTrail
- CloudWatch
- GuardDuty
- Config
- Access Logs State of the Art Security Logging Platform in AWS
- Collection
- Delivery
- Long-Term Storage and Audit Trail
- Monitoring and Alerting
AWS offers multiple services around logging and monitoring. For example, you have almost certainly heard of CloudTrail and CloudWatch, but they are just the tip of the iceberg. A dedicated and highly restricted AWS account should also be created for each project/customer for long term (immutable) storage of the logs. Goood read!
[Read More]