AWS Security Incident Response

Allow AWS Security Incident Response to access service-level permissions, enabling it to read security findings from Amazon GuardDuty and third-party detection tools through AWS Security Hub. This service uses automation and customer-specific data to filter and suppress security findings based on expected behavior, helping your team prioritize critical security alerts and free up resources.

Streamline security management by centralizing communication, coordination, and remediation in one place. Use service automation to handle routine administrative tasks, allowing your security teams to concentrate on responding to and recovering from security events.

Get 24/7 direct access to the AWS Customer Incident Response Team (CIRT). This dedicated group of security experts has specialized knowledge to help customers respond to and recover from security incidents.

Use the service to centralize the tracking, storage, and management of current and past security events. This provides your team with valuable insights, enables learning from historical data, and facilitates improvements to enhance your overall security posture.

Utilize this service to prepare and equip your security teams for success. Conduct tabletop exercises and simulations to replicate potential scenarios, enhancing your team's ability to respond rapidly and recover effectively. By practicing your procedures, you can identify gaps, improve coordination, and ensure your team is ready to act decisively when a security event occurs.

When a security event occurs, you can use the service to respond in a way that best suits your organization's needs. The service offers multiple response options, including: internal response by your own security team, engagement of third-party security providers, or support from the AWS Customer Incident Response Team (CIRT). These options allow your organization to effectively manage and recover from security event.

Get a detailed report for any AWS-supported security case. These reports offer a complete summary of case activities, suggested remediation actions to improve your security posture, and key metrics about the security event.