AWS recently released the Ransomware Risk Management on AWS Utilizing the NIST Cyber Security Framework (CSF) whitepaper . This whitepaper aligns the National Institute of Standards and Technology (NIST) tips for security controls which are linked to ransomware risk management, for workloads built on AWS. The whitepaper maps the technical capabilities to AWS services and implementation guidance. While this whitepaper is targeted on managing the risks connected with ransomware primarily, the security AWS and controls services outlined are in keeping with general security guidelines.

The National Cybersecurity Center of Excellence (NCCoE) at NIST has published Practice Guides (NIST 1800-11, 1800-25, and 1800-26) to show how organizations can form and implement security controls to combat the info integrity challenges posed by ransomware along with other destructive events. Each one of the Practice Guides add a detailed group of goals that can help organizations establish the capability to identify, protect, detect, respond, and get over ransomware events.

The Ransomware Risk Management on AWS Utilizing the NIST Cyber Security Framework (CSF) whitepaper helps AWS customers confidently meet up with the goals of the Practice Guides the next categories:

Protect&lt and identify;/h3>

• Identify systems, users, data, applications, and entities on the network.
• Identify vulnerabilities in enterprise clients and components.
• Develop a baseline for the experience and integrity of enterprise systems in preparation for an urgent event.
• Create backups of enterprise data before an urgent event.
• Protect these backups along with other important data against alteration potentially.
• Manage enterprise health by assessing machine posture.

Respond&lt and detect;/h3>

• Detect suspicious and malicious activity generated on the network by users, or from applications which could indicate a data integrity event.
• Mitigate and support the effects of events that may cause a lack of data integrity.
• Monitor the integrity of the enterprise for detection of after-the-fact and events analysis.
• Use logging and reporting features to speed response time for data integrity events.
• Analyze data integrity events for the scope of these effect on the network, enterprise devices, and enterprise data.
• Analyze data integrity events to see and enhance the enterprise’s defenses against future attacks.

Recover

• Restore data to its last known good configuration.
• Identify the right backup version (free from malicious code and data for data restoration).
• Identify altered data, along with the time and date of alteration.
• Determine the identity/identities of these who altered data.

To attain the above goals, the Practice Guides outline a couple of technical capabilities that needs to be established, and offer a mapping between your generic application term and the security controls that the ability provides.

AWS ongoing services could be mapped to theses technical capabilities as outlined in the Ransomware Risk Management on AWS Utilizing the NIST Cyber Security Framework (CSF) whitepaper. AWS supplies a comprehensive group of services that customers can implement to determine the required technical capabilities to control the risks connected with ransomware. By following mapping in the whitepaper, AWS customers can identify which services, features, and functionality can identify help their organization, protect, detect, respond, and from ransomware events. If you’d like more information about cloud security at AWS, please contact us.

When you have feedback concerning this post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and show announcements? Follow us on Twitter.