| | JULY 20229CIOReviewanalytics and use cases to alert you to potential attacks and misconfigurations as well. This service provided by Amazon allows threat detection across the environment both network and user anomaly based on a continuous basis. The caveat is that it will not look back, meaning that this is not a historical service you can use post incident, making it critical to be one of the fundamental security analytics services you must set up within your AWS tenant. Using the well architected framework to further analyze your environment and misconfigurations are an additional security analytics tool for customers to check their workloads against AWS security best practices before deploying them into production. As far as proactive controls to have, all organizations should have a vulnerability management program. This is one of the most critical programs to have analytics around a whole program. A vulnerability scanner should be set up to ensure that your applications and infrastructure allow reportable key risk indicators, KRI's, of any vulnerable operating systems and software running in your environment. The key here is to stay on top of patching but from a security analytics you should be tracking key risk indicators as part of this which adds the next layer of security analytics needed in any environment. What this security analytics provides is the trend of the organization's vulnerability and patching program. This is important along with others because what it provides is executive management a high level of what the company's security posture is and an early indication of the security program needs given the trends detailed within this KRI's. Of course, this is only one KRI but depending on the organization and the needs from the executive board there are many others that can provide a good overall insight into your security program and its maturity. As you can see security analytics can be quite a broad spectrum of relational items but in the end, they provide the facts behind the story you are telling. Whether your story is to tell the proactiveness of your program through security analytics from your SIEM eventing and trending through standard deviations or the story to tell is regarding misconfigurations or user behaviors that through the analytics are showing the potential malicious actors, security analytics takes operational elements to the next level by applying the knowledge of how a hacker thinks to be proactive in the analysis behind these operational elements that would not be indicative of anything without the perspectives that security leaders put into it which is what makes it security analytics. Setting up requires time and patience, and frankly some trial and error to get the proper feedback and security analytics in place, but more and more regulatory and governing bodies are requiring that this be proofed out and provided as well as executive boards be provided high level visibility into security postures of the organization using the aforementioned security analytics. Security analytics takes operational elements to the next level by applying the knowledge of how a hacker thinks to be proactive in the analysis
<
Page 8 |
Page 10 >