The rapidly evolving threat landscape continuously poses enormous security challenges for organizations operating cloud infrastructure. Overcoming these challenges requires innovative approaches that empower cloud security teams with speed, agility, and precision. This presentation provides practical insights on overcoming these challenges by leveraging the several security services offered on AWS.

AWS offers several security services, such as Cloudtrail, Detective, Security Lake, SecurityHub, and GuardDuty, for enterprises to prevent, detect, and recover from security events. However, most security operations teams must implement customized approaches that leverage these security services to detect and respond to malicious threats effectively.

This talk shows how to leverage Amazon Security Lake as a centralized security events management system that builds on top of SQL-based queries via AWS Athena. Furthermore, we demonstrate how Jupyter notebooks can be used to fast-track threat detection and security incident response. We show how security teams can use cloud adversary emulation to run security incident response exercises based on runbooks in the Jupyter notebooks. The adversary emulation allows teams to realistically enhance people, processes, and technological aspects of threat detection and incident response.

Our audience will also see how they can adopt threat-informed defense strategies by enriching defenses with cyber threat intelligence to overcome alert fatigue while adding specific environmental context to security operations.