Downloads: 6 | Views: 127 | Weekly Hits: ⮙1 | Monthly Hits: ⮙6
Analysis Study Research Paper | Information Technology | India | Volume 13 Issue 9, September 2024 | Popularity: 5.1 / 10
Designing a Scalable Incident Management Solution for AWS: Addressing Log Volume, Cost, and Security Through Threat Modelling
Kavinmuhil Kanagaraj
Abstract: Managing security alerts across a large - scale AWS environment with over 400 accounts poses significant challenges related to log volume, cost, and security. AWS Guard Duty, enabled across all accounts, generates a substantial number of alerts, overwhelming the operations team and complicating the configuration of log ingestion into Microsoft Sentinel for the Security Operations Centre (SOC). The existing setup suffers from inefficiencies in log management, leading to increased operational costs and security concerns. This paper proposes a comprehensive solution to address these issues through a structured approach involving threat modelling assessment and secure log management practices. The solution begins with a threat modelling assessment based on Guard Duty use cases to identify high - frequency alerts and their associated accounts. This analysis helps to design a targeted log management strategy by focusing on critical alerts and reducing unnecessary log volume. A key component of the proposed solution is the creation of a sandbox environment to simulate and analyse security issues. This environment enables the evaluation of various log configurations and their effectiveness in capturing necessary security events. Additionally, a dedicated subnet is used to simulate false access requests and verify whether these actions generate the required logs. The solution includes filtering relevant logs from a central storage bucket and transferring these filtered logs to Microsoft Sentinel. Emphasis is placed on secure log configurations to protect data integrity and confidentiality. By implementing this approach, the solution aims to streamline incident management, reduce costs, and address security issues effectively across the AWS environment.
Keywords: Security alerts, AWS environment, Guard Duty, Microsoft Sentinel, Security Operations Centre, SOC, Log ingestion, Log management, Operational costs, Threat modelling, High - frequency alerts, Log volume, Sandbox environment, security events, Subnet, False access requests, Central storage bucket, Log filtering, Data integrity, Incident management
Edition: Volume 13 Issue 9, September 2024
Pages: 601 - 611
DOI: https://www.doi.org/10.21275/SR24909154518
Make Sure to Disable the Pop-Up Blocker of Web Browser
Similar Articles
Downloads: 0
Research Paper, Information Technology, India, Volume 9 Issue 9, September 2020
Pages: 1656 - 1664Latency Optimization for Cross-Region Data Replication in EKS
Babulal Shaik
Downloads: 1 | Weekly Hits: ⮙1 | Monthly Hits: ⮙1
Informative Article, Information Technology, India, Volume 11 Issue 6, June 2022
Pages: 2020 - 2023The Future of Banking: Cloud - Native Banking Solutions
Goutham Sabbani
Downloads: 1 | Weekly Hits: ⮙1 | Monthly Hits: ⮙1
Research Paper, Information Technology, India, Volume 8 Issue 3, March 2019
Pages: 1981 - 1987Data Center Optimization for Telecom: Implementing Cost-Effective Strategies to Optimize Data Center Operations in Telecom, Focusing on Efficiency Improvements and Cost Reduction Initiatives, Aligned with Your Data Center Optimization Expertise
Jeevan Manda
Downloads: 1 | Weekly Hits: ⮙1 | Monthly Hits: ⮙1
Research Paper, Information Technology, United States of America, Volume 13 Issue 12, December 2024
Pages: 1348 - 1357Autonomous Claims Processing: Building Self-Driving Workflows with Gen AI and ML in Guidewire
Sateesh Reddy Adavelli
Downloads: 2 | Weekly Hits: ⮙1 | Monthly Hits: ⮙1
Research Paper, Information Technology, India, Volume 12 Issue 12, December 2023
Pages: 2135 - 2149AI-Driven Cloud Cost Management - AI Tools For Optimizing Cloud Resource Allocation and Costs
Sandeep Chinamanagonda