Strive for IT Excellence

Adapting Your SIEM Process to the Cloud

While cloud providers like Amazon Web Services (AWS) keep the cloud secure, you are still responsible for the security of your applications and data. This means it's important that you gather the same kinds of information you collect for applications in your own data center and incorporate it into your Security, Information, and Event Management (SIEM) process. The logs Amazon creates provide detailed information you can analyze to identify any potential security incidents.

SIEM Can Be Complicated By the Cloud

Your SIEM process may need to adapt to the cloud, and not just by incorporating logs from AWS. The computing model in the cloud is different from that in traditional data centers:

Cloud applications are microservice oriented and accessed by APIs, resulting in a very large number of processing requests generated by even a simple transaction. Every interface needs its own security controls. This means there is a large volume of logging data and a complex system of access privileges to be aggregated and monitored.

Cloud environments are very dynamic. Unlike traditional data centers, where new infrastructure and new application instances are brought online in a slow, controlled fashion, cloud is very dynamic. Application deployment is rapid, and new instances and virtual machines can often by started and stopped by end users. This means the environment to be monitored is constantly changing, making it difficult for rule-based systems to properly understand the environment's events.

Responding to incidents in the cloud can be confusing. Existing incident response plans typically work well for on-premises infrastructure, where you control the entire environment. Responding to incidents in the cloud may not be as straightforward. You need to determine whether the responsibility for the problem belongs to you or to the cloud provider, and work through the provider's processes to get their support.

Logging Solutions in Amazon Web Services

Fortunately, AWS provides logs that contain all the information you need to effectively monitor your cloud environment.

Use AWS Config to cope with the dynamic aspect of the cloud. This service tracks changes to your configuration and monitor resource settings.

To monitor usage of your Amazon resources, one of the most important logging services is CloudTrail, which records all the API calls made to them. The records include when the call was made, who made it, where the call was made from, and both the request parameters and the response. Usage of your resources can also be monitored via access logs, which are created by services like S3 and CloudFront.

You can use Amazon CloudWatch to monitor all your Amazon log files, including CloudTrail, EC2 instance logs, and others. You can then send metrics to dashboards and APIs for further analysis.

Concerned about how you can effectively keep an eye on your AWS infrastructure? Managed Amazon Web Services from dcVAST provide 24x7 support services to ensure your environment is up, stable, and secure. Our team's expertise in AWS tools makes sure your Amazon cloud resources meet your business needs. Contact us to learn more about building, maintaining, and monitoring an AWS cloud.