AWS configuration includes Amazon GuardDuty (Managed threat detection), Amazon Inspector (automated security assessment service), AWS CloudTrail (Tracks user activity and API usage), AWS Shield (DDOS protection) and AWS Secret Manager.
AWS GuardDuty, a continuous security monitoring service, uses threat intelligence feeds, lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized activity. This can include issues such as escalations of privileges, uses of exposed credentials, or communication with malicious IP addresses, or domains.
AWS Shield Standard implemented via application load balancers (ALB). Provides protection from common DDoS attacks (SYN floods, ACK floods, UDP floods, Reflection attacks).
AWS and other related credential are stored using AWS Secret Manager.
All resources (instances/databases) are within a single virtual private cloud (VPC). Inbound and outbound initiated connections are controlled by security groups which act as a virtual firewall.
Fortinet is a layer seven web application firewall enabled to protect the Application Load Balancers (ALB). Fortinet’s WAF rulesets are based on the FortiWeb web application firewall security service signatures and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The Complete OWASP Top 10 Ruleset provides a comprehensive package for web application protection offered by Fortinet to help cover the entire list of OWASP Top 10 web application threats. Includes protection for SQL Injection, Cross Site Scripting, General and Known Exploits, Malicious Bots and Common Vulnerabilities and Exposures (CVE). Fortinet is offered to a Clients as a subscription based Firewall protection service, jointly configured with managed rules tailored for the Clients API requirements.
