AWS Digital Forensics Automation at Goldman Sachs [AWS Online Tech Talks]

During a security issue, answers are needed quickly. This often starts with evidence collection and log correlation. Companies generally have runbooks and standard operating procedures to respond to security issues, but this process tends to be manual, time consuming, and prone to human error. Goldman Sachs has automated an event-driven cloud response solution that uses AWS native services to successfully collect disk and memory evidence from Amazon EC2 instances. The solution uses AWS security services Amazon GuardDuty and AWS Security Hub. It also leverages a variety of services such as AWS Lambda, AWS Step Functions, and AWS Systems Manager (SSM).

In this Tech Talk, we will provide an overview of Goldman Sachs' environment and a deep dive on how we built automation for digital forensics using AWS native services.

AWS Security Hub: Introduction to Foundational Security Best Practices Standard

In this demo you will learn about the AWS Foundational Security Best Practices v1.0.0. standard in AWS Secu...

AWS Executive Insights on Data-Driven Insights

Leaders of data-driven can organizations maximize the value of their data by developing and sustaining a st...

Welcome to our Hub

AWS Digital Forensics Automation at Goldman Sachs [AWS Online Tech Talks]

Previous Article

Next Article

AWS Digital Forensics Automation at Goldman Sachs [AWS Online Tech Talks]

Previous Article

Next Article

Most Recent Articles

Discover how to use automation with AWS SDK for Python (Boto3) to build custom frameworks at scale with examples from customer use cases.

Learn about the AWS Nitro System and how it provides confidential computing and an isolated execution environment with AWS Nitro Enclaves.

Amazon Macie is a fully managed data security and privacy service that uses machine learning and pattern matching to help you protect your sensitive data on AWS.

We share a mental model for how to get to least privilege in your AWS environment.

In this stream, you’ll learn about different ways to secure your APIs in API Gateway.

With AWS Systems Manager Patch Manager you can automate patching across multiple types of operating systems (OSs), development environments, and software packages.

Uncover services that operationalize your analysts’ ability to correlate large amounts of data across multiple AWS security domains.

Gain expert knowledge into AWS Security Hub custom insights and Amazon GuardDuty filters based on threat intelligence data.

Learn how to extend AWS SSO functionality to fit in with common enterprise identity access and governance use cases within AWS Organizations.

The following procedures show you how to designate a delegated administrator for your AWS organization and add member accounts. Select Console or API and follow the provided steps.

The Security Hub administrator account then enables organization accounts as member accounts. They can also invite other accounts to be member accounts.

With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied.

Each of the following policies is an example of a deny list policy strategy. Deny list policies must be attached along with other policies that allow the approved actions in the affected accounts.

AWS Security Hub can aggregate security finding data from several AWS services and from supported AWS Partner Network (APN) security solutions.

A service-linked role is a unique type of IAM role that is linked to AWS Config. A service-linked role makes setting up AWS Config easier because you don’t have to manually add necessary permissions.

This workshop guides you through the features and functions of Security Hub. It will show you how to use Security Hub to import and analyze findings from different data sources to improve security.

Two techniques used to write least privilege AWS Identity and Access Management (IAM) policies.

IAM Access Analyzer generates policies for you. You can now use IAM Access Analyzer to generate fine-grained policies, based on your access activity in your AWS CloudTrail logs.

You can now automatically create and update issues in Atlassian JSM from AWS Security Hub findings. Updates to those issues in Atlassian JSM will be synced with the findings in AWS Security Hub.

AWS Security Hub now allows you to designate an aggregation Region and link some or all Regions to that aggregation Region.