Additional Security Services

Encryption

1. Encryption at Rest:

   • Data stored in AWS services is encrypted using AES-256.

2. Encryption in Transit:

   • Data transmitted between clients and AWS services is encrypted using TLS 1.2+.

3. AWS Key Management System (KMS):

   • A managed service to create, manage, and control cryptographic keys for encryption.

---

AWS Security Services

1. AWS Inspector:

   • Security Scans: Continuously scans workloads for vulnerabilities.

   • VA Scanner: Identifies application and OS vulnerabilities.

   • Network Configuration: Analyzes network setups for insecure configurations.

   • Amazon Agent: Gathers security insights from EC2 instances.

   • Security Agent Service: Performs vulnerability assessments and compliance checks.

2. AWS GuardDuty:

   • Log Analysis: Monitors VPC flow logs, DNS logs, and CloudTrail logs.

   • Threat Intelligence: Detects malicious activities using curated intelligence.

   • Anomaly Detection: Flags unusual activity patterns in workloads.

   • Abuse IP & IP Reputation: Alerts on interactions with suspicious or malicious IPs.

3. AWS WAF (Web Application Firewall):

   • Protects web applications from common threats like SQL injection and cross-site scripting.

   • Customizable rules for filtering unwanted traffic based on patterns.

   • Integrated with AWS services like CloudFront and API Gateway.

4. Amazon Macie

   A security service that uses machine learning to automatically discover, classify, and protect sensitive data in Amazon S3. It identifies data like PII and alerts you to risks, helping ensure data privacy and compliance.

5. Amazon Cognito

   A user authentication, authorization, and management service for web and mobile apps. It supports secure user sign-in, integrates with social and enterprise identity providers, and complies with standards like OAuth and OpenID Connect.