All news with #cloud detection and response tag

🔍 This webinar examines how modern cloud forensics replaces slow, manual log stitching with automated, context-aware investigation across transient infrastructure. You’ll learn why traditional incident response fails when compromised instances, rotating identities, and expiring logs erase evidence, and why three capabilities — host-level visibility, context mapping, and automated evidence capture — are essential. The session demonstrates real investigations where correlated signals rebuild full attack timelines in minutes, enabling faster scoping, clearer attribution, and more confident remediation.

🔔 AWS Config now supports 21 additional AWS resource types across services such as Amazon EC2, Amazon SageMaker, and Amazon S3 Tables, enabling broader visibility into resource state and drift. If you have recording enabled for all resource types, these additions are tracked automatically and are available to use in Config rules and Config aggregators. The change helps teams discover, assess, and remediate resources more comprehensively.

🚨 CrowdStrike announced new cloud detection and response capabilities aimed at reducing mean time to respond (MTTR) and improving protection across hybrid and multi-cloud environments. The release highlights two headline features: Real‑Time Cloud Detections in Falcon Cloud Security and Automated Cloud Response Actions. CrowdStrike says streaming detections, an expanded library of real‑time IOAs and Falcon Fusion SOAR workflows — augmented by its agentic AI Charlotte AI — enable faster, cross‑domain triage and control‑plane remediation.

🔍 Amazon CloudWatch Database Insights now supports cross-account and cross-region monitoring, enabling teams to observe and manage database fleets across multiple AWS accounts and regions from a single console. The feature centralizes performance metrics and troubleshooting workflows so teams can correlate incidents across distributed environments. It is intended to reduce operational overhead and improve mean time to resolution by enforcing consistent monitoring standards.

🔍 Amazon CloudWatch Application Map now detects and visualizes services that are not instrumented with Application Signals, providing out-of-the-box observability coverage across distributed environments. It also offers cross-account, unified views and retains a history of recent changes so teams can correlate configuration modifications with performance shifts. These enhancements aim to reduce MTTR and are available at no additional cost in most AWS commercial regions.

🔁 AWS Health now sends events simultaneously to the impacted AWS Region and US West (Oregon), enabling customers to create multi-region, redundant Amazon EventBridge rules or a simplified single-rule path that captures all commercial-partition Health events. US West (Oregon) serves as the backup for all commercial regions, with US East (N. Virginia) as the backup for US West. In China and AWS GovCloud the service delivers events to their respective paired regions. The update is available in all AWS regions.

🔔 Amazon CloudWatch now lets teams create threshold-based composite alarms that trigger only when a specified subset of monitored resources meet a condition. Using the new AT_LEAST function, you can define fixed counts or percentages — for example, at least two of four volumes low on capacity or 50% of hosts with high CPU — to reduce alert noise. The capability is available in all commercial AWS regions, AWS GovCloud (US), and China Regions; composite alarms pricing applies.

🔍 Network Detection and Response (NDR) can reveal dark web activity that hides within routine enterprise traffic by identifying anonymization protocols, unusual ports, and anomalous behavioral patterns. The article outlines four practical steps: identify dark web gateways (Tor, I2P, Freenet), understand NDR capabilities, deploy sensors across core, edge and internal segments, and run detection and hunting workflows including baselining, Tor/I2P/P2P monitoring, DNS and VPN checks. It emphasizes automated alerts for characteristic Tor ports and signatures, lateral-movement detection, C2 beaconing analysis, and enrichment with threat intelligence, and highlights Corelight’s Open NDR Platform as a vendor solution.

🔍 Unit 42 outlines a structured approach to investigating and responding to cloud incidents, noting that 29% of 2024 incident investigations involved cloud or SaaS environments. The guidance emphasizes a shift from endpoint-centric forensics to focus on identities, misconfigurations and service interactions. It recommends enabling and centralizing logs, retaining them for at least 90 days, and preparing for rapid evidence collection and VM/container imaging. The article stresses identity forensics, behavioral baselining and surgical containment to avoid alerting adversaries.

🔐 Amazon GuardDuty centralizes continuous threat detection across AWS using AI/ML and integrated threat intelligence. It offers optional protection plans—S3, EKS, Runtime Monitoring, Malware Protection for EC2 and S3, RDS, and Lambda—that extend detections to service-specific telemetry and runtime behaviors. Built-in Extended Threat Detection correlates signals into high-confidence attack sequences and maps findings to MITRE ATT&CK, providing prioritized remediation guidance.

🔍 Amazon CloudWatch Synthetics now supports Firefox in addition to Chrome, enabling cross-browser canary tests. You can run the same canary script across Chrome and Firefox for Playwright-based and Puppeteer-based canaries. CloudWatch Synthetics collects browser-specific performance metrics, success rates, and visual monitoring while maintaining an aggregate health view to help teams detect and resolve browser compatibility issues. Multi-browser support is available in all commercial AWS Regions.