AWS Threat Detection Services for Enhanced Security in Banking Applications

Implementing Threat Detection Service for Enhanced Security in Banking Applications

Question

Project team enhancing the security features of a banking application, requires implementing a threat detection service that continuously monitors malicious activities and unauthorized behaviors to protect AWS accounts, workloads, and data stored in Amazon S3

Which AWS services should the project team select?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: C.

Option A is INCORRECT.

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

Option B is INCORRECT.

AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization.

Option C is CORRECT.

Amazon GuardDuty is a threat detection service that continuously monitors malicious activities and unauthorized behaviors to protect your AWS accounts, workloads, and data stored in Amazon S3.

Option D is INCORRECT.

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Reference:

https://aws.amazon.com/guardduty/ https://aws.amazon.com/firewall-manager/ https://aws.amazon.com/shield/ https://aws.amazon.com/inspector/

The project team wants to implement a threat detection service that continuously monitors malicious activities and unauthorized behaviors to protect AWS accounts, workloads, and data stored in Amazon S3. To achieve this goal, the team should consider using Amazon GuardDuty.

Amazon GuardDuty is a threat detection service that continuously monitors the AWS accounts and workloads for malicious activity and unauthorized behavior. It analyzes data from multiple sources, such as VPC flow logs, AWS CloudTrail, and DNS logs, to identify potential security threats. Once a threat is detected, GuardDuty generates an alert with detailed information about the threat and provides recommendations for remediation.

AWS Shield is a managed DDoS protection service that safeguards web applications running on AWS. It provides protection against network and application layer attacks by automatically detecting and mitigating DDoS attacks. However, it does not provide continuous monitoring of malicious activities and unauthorized behaviors, which is the requirement of the project team.

AWS Firewall Manager is a security management service that centralizes the management of AWS WAF rules across multiple accounts and resources. It allows administrators to apply WAF rules across multiple accounts and resources from a single location. However, it does not provide continuous monitoring of malicious activities and unauthorized behaviors, which is the requirement of the project team.

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It analyzes the configuration of applications and their underlying infrastructure to identify potential security issues. However, it does not provide continuous monitoring of malicious activities and unauthorized behaviors, which is the requirement of the project team.

Therefore, Amazon GuardDuty is the most appropriate service for the project team to select to continuously monitor malicious activities and unauthorized behaviors to protect AWS accounts, workloads, and data stored in Amazon S3.