AWS Cloud Operations Blog
Category: Amazon GuardDuty
Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations
With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]
How BBVA automated responses through event management at scale
In this blog post, we describe how BBVA USA, a financial institution that ranks among the top 25 largest commercial banks, used AWS services to implement event management at scale and centralize its event response. Generally speaking, security compliance in a monolithic environment is easier to monitor and enforce when a small number of hands […]
Enabling Amazon GuardDuty in AWS Control Tower using Delegated Administrator
My customers have asked how to monitor their AWS environments for potential malicious activity. Many have standardized on using AWS Control Tower to implement a multi-account framework that is governed and based on known AWS best practices. They are also interested in enabling Amazon GuardDuty to supplement this with effective monitoring capabilities. This post shows […]
How BBVA USA delivered security and governance at scale using management tools
As BBVA USA began its digital transformation journey, the security operations team had to improve its processes around provisioning and baselining of AWS accounts. The demand for new AWS accounts continued to increase from multiple application teams within the bank. In an effort to standardize new accounts within the enterprise, BBVA USA built an automated […]
How to optimize assessment of cloud services
As my colleague Ilya Epshteyn introduced in his blog titled “How financial institutions can approve AWS services for highly confidential data,” common across the financial services industry is a formal assessment process for cloud services. These assessment processes vary in depth and breadth, striving to determine which cloud services will be best suited to fulfill […]
AWS CloudFormation: Signed, sealed, and deployed
State Street Corporation is a global bank that is responsible for managing over 10% of the world’s wealth. It also focuses on engineering better outcomes for its investors and customers, striving to bring innovative solutions to market and enhance customer value. To manage complexity and provide a stable agile platform, State Street uses Infrastructure as […]