What should a solutions architect do next to protect against threats?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A company’s web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC.An Amazon RDS for MySQL DB instance contains the data.The company needs the ability to automatically detect and respond to suspicious or unexpected behavior in its AWS environment.The company already has added AWS WAF to its architecture.

What should a solutions architect do next to protect against threats?

Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for GuardDuty findings and to invoke an AWS Lambda function to adjust the AWS WAF rules.

Use AWS Firewall Manager to perform threat detection. Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL.

Use Amazon Inspector to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.

Use Amazon Macie to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.

Explanations:

Amazon GuardDuty provides threat detection for AWS environments by continuously monitoring for malicious or unauthorized behavior. By using EventBridge to filter findings and trigger a Lambda function, it can dynamically adjust WAF rules in response to detected threats, enhancing the security posture.

AWS Firewall Manager is primarily used for managing AWS WAF rules across multiple accounts and not specifically for threat detection. While it can help in managing WAF rules, it does not provide the real-time threat detection capabilities that GuardDuty does. EventBridge can be used, but the integration focuses on policy management rather than detection.

Amazon Inspector is designed for assessing the security of applications and does not directly perform real-time threat detection like GuardDuty. While it can help identify vulnerabilities, it does not update WAF rules or react to threats dynamically. A VPC network ACL can enhance security but does not address real-time threat response.

Amazon Macie is a data security and privacy service that primarily focuses on protecting sensitive data rather than providing broad threat detection capabilities. Like Inspector, it does not dynamically update WAF rules. A VPC network ACL can limit access but does not respond to threats in real-time.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty + 17 =