SEC05-BP03 Automate network protection
Automate protection mechanisms to provide a self-defending network based on threat
intelligence and anomaly detection. For example, intrusion detection and prevention tools
that can adapt to current threats and reduce their impact. A web application firewall is an
example of where you can automate network protection, for example, by using the
AWS WAF Security Automations solution (https://github.com/awslabs/aws-waf-security-automations
Level of risk exposed if this best practice is not established: Medium
Implementation guidance
-
Automate protection for web-based traffic: AWS offers a solution that uses AWS CloudFormation to automatically deploy a set of AWS WAF rules designed to filter common web-based attacks. Users can select from preconfigured protective features that define the rules included in an AWS WAF web access control list (web ACL).
-
Consider AWS Partner solutions: AWS Partners offer hundreds of industry-leading products that are equivalent, identical to, or integrate with existing controls in your on-premises environments. These products complement the existing AWS services to allow you to deploy a comprehensive security architecture and a more seamless experience across your cloud and on-premises environments.
Resources
Related documents:
Related videos:
Related examples: