Threat Detection¶
Security services and tools for identifying, monitoring, and responding to potential threats and malicious activities in cloud environments.
| Name | Description | Link |
|---|---|---|
| AWS GuardDuty | Threat detection service that continuously monitors for malicious activity and unauthorized behavior. | AWS GuardDuty |
| Azure Defender | Advanced threat protection for workloads in Azure, now part of Microsoft Defender for Cloud. | Azure Defender |
| Chronicle Security (Google) | Google Cloud's threat detection and response platform. | Chronicle Security |
Threat Detection Fundamentals¶
Types of Threats¶
- External threats - Attacks from outside the organization
- Internal threats - Malicious or negligent insiders
- Advanced persistent threats (APTs) - Sophisticated, long-term attacks
- Zero-day exploits - Attacks using unknown vulnerabilities
- Supply chain attacks - Compromised third-party components
Cloud-Specific Threat Signals¶
- Anomalous API activity - Unusual or unexpected API calls
- Credential misuse - Use of leaked or compromised credentials
- Privilege escalation - Sudden increase in permissions
- Unusual network traffic - Unexpected egress or lateral movement
- Resource abuse - Crypto mining or abnormal compute usage
Have any suggestions, additions, best-practices or references? Please contribute to help others learn!