Intrusion Detection System for AWS VPC - Best Implementation Options

Ideal Implementation for Intrusion Detection System in AWS VPC

Prev Question Next Question

Question

A company wants to have an Intrusion detection system available for their VPC in AWS.

They want to have complete control over the system.

Which of the following would be ideal for implementing?

Answers

A. Use AWS WAF to detect & prevent intrusions occurring in the VP.

B. Use a custom solution available from AWS Marketplace.

C. Use VPC Flow logs to detect the issues and flag them accordingly.

D. Use AWS Cloudwatch to monitor all traffic.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: B.

Option B is CORRECT because AWS recommends using a custom solution in place for monitoring intrusions into their systems.

Options A, C and D are incorrect because they cannot be used as an appropriate intrusion detection solution on AWS.

For more information on using custom security solutions, please visit the below URLs.

https://d1.awsstatic.com/Marketplace/security/AWSMP_Security_Solution%20Overview.pdf https://aws.amazon.com/marketplace/solutions/infrastructure-software/ids-ips

Deep Security Manager Nodes with
Co-located Deep Security Relay

&

0

i
1
1 | Account A
1
Vy ple eee penne eee-
tao top 1
1 ! 1 Region1 1 1 Region 2 '
to 1
tu ry '
rbot roy 1
——— [tg] gy.
| eal
7 7
mo ry '
ro my 1
' 1 Instances |! Instances |
it in i
1

Deep Security Instances

Manager Database

Data Center

| Non-Virtualized Workloads

i
1

' ooo ooo ooo ooo

i ooo ooo ooo ooo

' ooo ooo ooo ooo

; g L_—9
| Windows Hosts Sun Solaris HP-UX Hosts AIX Hosts

' Hosts

E's)
oO

AWS Direct
Connect

Deep Security
Relay 2

Deep Security
Relay 1

Region 1

Instances

Virtualized Workloads

Ee

Windows VM

The ideal solution for implementing an intrusion detection system for a VPC in AWS would be to use a custom solution available from AWS Marketplace. This would allow the company to have complete control over the system and tailor it to their specific needs.

AWS Marketplace offers a wide range of security solutions, including intrusion detection systems (IDS), which can be easily deployed and integrated with a VPC. These IDS solutions provide real-time monitoring and detection of potential security threats, such as unauthorized access or data breaches, and alert the company's security team.

While AWS WAF (Web Application Firewall) can detect and prevent intrusions occurring in the VPC, it is primarily designed to protect web applications from common web exploits and attacks. It may not be suitable for more complex intrusion detection needs.

VPC Flow logs can also be used to detect issues and flag them accordingly, but they do not offer real-time monitoring and may not be able to detect all types of intrusions.

AWS Cloudwatch can monitor all traffic, but it is primarily designed for monitoring system and application metrics. It may not be suitable for intrusion detection needs.

In summary, a custom solution available from AWS Marketplace would be the best option for implementing an intrusion detection system for a VPC in AWS, as it offers flexibility, control, and tailored features to meet the specific security needs of the company.

Prev Question Next Question