Professional Documents
Culture Documents
Benefits of WAF, ASG, GuardDuty
Benefits of WAF, ASG, GuardDuty
Increased protection against web attacks: You get protection for your web
applications through AWS WAF. It will filter the web traffic based on the access
control lists and rules that you can configure for most common web exploits, such as
blocking specific IP addresses or blocking matching query strings containing
malicious web traffic, and so on.
Improved web traffic visibility: You can set up metrics and dashboards for all your
web application requests that are evaluated against your WAF rules in Amazon
Cloudwatch. You can monitor these metrics in near real-time and gauge the health
of your web traffic. You can also use this metrics information to modify the existing
WAF rules or create new ones.
Cost effective web application development: AWS WAF prevents you from creating,
managing, and deploying your own custom web monitoring and firewall solution. It
allows you to save development costs for your custom web application firewall
solution. AWS WAF, like other AWS services, allows you to pay only for what you
use without any upfront commitment or a minimum fee. It has a flexible pricing
model depending on the number of rules deployed and traffic received by your web
application in terms of HTTP and HTTPS requests.
Benefits of GuardDuty
With no upfront cost and no need to install software or security infrastructure, Amazon
GuardDuty provides the following benefits:
Near real-time, intelligent threat monitoring, based on the analysis of two input
streams:
o Billions of events from AWS CloudTrail (AWS user and API activity), Amazon
VPC Flow logs (network traffic data), and DNS Logs (name query patterns).
o Threat intelligence, such as lists of known malicious IP addresses from AWS
Security and third-party threat intelligence partners such as CrowdStrike and
ProofPoint.
Centralized threat detection and management across all AWS accounts, giving
your security team the single-pane visibility necessary to better manage, prioritize
and respond to anomalous account and network activities. The two examples that
AWS gives of anomalous activities are remote API calls from a known malicious IP
address, and an Amazon EC2 instance sending encoded data within DNS queries.
Automated threat response via remediation scripts or AWS Lambda functions that
are triggered based on GuardDuty security findings, which include details about the
affected resource(s) (such as tags, security groups, credentials) as well as
information on the attacker (such as IP address and geo-location). In the example
provided by AWS, GuardDuty will alert you if an instance is suspected of having data
stolen, in response to which you can automatically restrict outbound access for that
instance.
Benefits of AutoScaling