AWS Digital Forensics Automation at Goldman Sachs [AWS Online Tech Talks]

During a security issue, answers are needed quickly. This often starts with evidence collection and log correlation. Companies generally have runbooks and standard operating procedures to respond to security issues, but this process tends to be manual, time consuming, and prone to human error. Goldman Sachs has automated an event-driven cloud response solution that uses AWS native services to successfully collect disk and memory evidence from Amazon EC2 instances. The solution uses AWS security services Amazon GuardDuty and AWS Security Hub. It also leverages a variety of services such as AWS Lambda, AWS Step Functions, and AWS Systems Manager (SSM).

In this Tech Talk, we will provide an overview of Goldman Sachs' environment and a deep dive on how we built automation for digital forensics using AWS native services.

AWS Digital Forensics Automation at Goldman Sachs [AWS Online Tech Talks]

Building custom frameworks with AWS Audit Manager

Confidential Computing on AWS: the AWS Nitro System and AWS Nitro Enclaves

Automation workflows with Amazon Macie

The journey to least privilege on AWS

Secure your APIs in API Gateway

Builders patching at scale: It doesn't have to be hard

Security coffee: Keep your analysts on top of their game

Detecting ransomware with AWS security services

Scaling access management for enterprise customers

Designating a GuardDuty Delegated Administrator

Designating a Security Hub Administrator Account

How AWS Security Hub works with IAM

Example Service Control Policies

Product Integrations in AWS Security Hub

Using Service-Linked Roles for AWS Config

Security Hub Workshop

Techniques for Writing Least Privilege IAM Policies

IAM Access Analyzer Makes it Easier to Implement Least Privilege Permissions

AWS Security Hub Supports Bidirectional Integration with Atlassian Jira Service Management

AWS Security Hub Adds Support for Cross-Region Aggregation of Findings