Designing a Scalable Incident Management Solution for AWS: Addressing Log Volume, Cost, and Security Through Threat Modelling
International Journal of Science and Research (IJSR)

International Journal of Science and Research (IJSR)
Call for Papers | Fully Refereed | Open Access | Double Blind Peer Reviewed

ISSN: 2319-7064


Downloads: 6 | Views: 156 | Weekly Hits: ⮙1 | Monthly Hits: ⮙6

Analysis Study Research Paper | Information Technology | India | Volume 13 Issue 9, September 2024 | Popularity: 5.1 / 10


     

Designing a Scalable Incident Management Solution for AWS: Addressing Log Volume, Cost, and Security Through Threat Modelling

Kavinmuhil Kanagaraj


Abstract: Managing security alerts across a large - scale AWS environment with over 400 accounts poses significant challenges related to log volume, cost, and security. AWS Guard Duty, enabled across all accounts, generates a substantial number of alerts, overwhelming the operations team and complicating the configuration of log ingestion into Microsoft Sentinel for the Security Operations Centre (SOC). The existing setup suffers from inefficiencies in log management, leading to increased operational costs and security concerns. This paper proposes a comprehensive solution to address these issues through a structured approach involving threat modelling assessment and secure log management practices. The solution begins with a threat modelling assessment based on Guard Duty use cases to identify high - frequency alerts and their associated accounts. This analysis helps to design a targeted log management strategy by focusing on critical alerts and reducing unnecessary log volume. A key component of the proposed solution is the creation of a sandbox environment to simulate and analyse security issues. This environment enables the evaluation of various log configurations and their effectiveness in capturing necessary security events. Additionally, a dedicated subnet is used to simulate false access requests and verify whether these actions generate the required logs. The solution includes filtering relevant logs from a central storage bucket and transferring these filtered logs to Microsoft Sentinel. Emphasis is placed on secure log configurations to protect data integrity and confidentiality. By implementing this approach, the solution aims to streamline incident management, reduce costs, and address security issues effectively across the AWS environment.


Keywords: Security alerts, AWS environment, Guard Duty, Microsoft Sentinel, Security Operations Centre, SOC, Log ingestion, Log management, Operational costs, Threat modelling, High - frequency alerts, Log volume, Sandbox environment, security events, Subnet, False access requests, Central storage bucket, Log filtering, Data integrity, Incident management


Edition: Volume 13 Issue 9, September 2024


Pages: 601 - 611


DOI: https://www.doi.org/10.21275/SR24909154518



Make Sure to Disable the Pop-Up Blocker of Web Browser

Text copied to Clipboard!
Kavinmuhil Kanagaraj, "Designing a Scalable Incident Management Solution for AWS: Addressing Log Volume, Cost, and Security Through Threat Modelling", International Journal of Science and Research (IJSR), Volume 13 Issue 9, September 2024, pp. 601-611, https://www.ijsr.net/getabstract.php?paperid=SR24909154518, DOI: https://www.doi.org/10.21275/SR24909154518