What should a solutions architect do next to protect against threats?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company’s web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC.An Amazon RDS for MySQL DB instance contains the data.The company needs the ability to automatically detect and respond to suspicious or unexpected behavior in its AWS environment.The company already has added AWS WAF to its architecture.

What should a solutions architect do next to protect against threats?

Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge to filter for GuardDuty findings and to invoke an AWS Lambda function to adjust the AWS WAF rules.

Use AWS Firewall Manager to perform threat detection. Configure Amazon EventBridge to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL.

Use Amazon Inspector to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.

Use Amazon Macie to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.

Explanations:

Amazon GuardDuty provides threat detection by continuously monitoring for malicious activity and unauthorized behavior. Integrating it with Amazon EventBridge allows for automated responses to GuardDuty findings. By invoking a Lambda function to adjust AWS WAF rules based on these findings, the architecture can effectively respond to threats in real-time.

AWS Firewall Manager is primarily a management service for WAF rules and security policies across accounts and does not perform direct threat detection. While it helps in maintaining security standards, it does not directly analyze or respond to suspicious behavior like GuardDuty does. Therefore, using it for threat detection is not appropriate.

Amazon Inspector is a security assessment service designed to identify vulnerabilities and deviations from best practices in applications deployed on Amazon EC2, but it does not perform real-time threat detection or respond to threats. Also, network ACLs and WAF rules serve different purposes and should not be updated based solely on Inspector findings.

Amazon Macie is focused on data security and privacy by providing visibility into sensitive data in AWS and does not perform threat detection in the context of application security. Additionally, it does not integrate with WAF in a way that would allow automatic updates based on threat findings, making it less suitable for the task at hand.

Leave a Reply

Your email address will not be published. Required fields are marked *

five + 13 =