Diferentiating Security Services

AWS Shield/Shield Advanced

• AWS Shield is layer-4 protection, defending you from DDOS attacks like SYN flood, UDP floods or other reflection attacks. It does that by setting static thresholds and implementing Inline attack mitigation.
• AWS Shield Advanced adds more advanced detection and mitigation mechanisms, together with access to AWS Shield Response Team.
• documentation for Shield/WAF/FW-Manager

AWS WAF

• AWS WAF is a layer-7 firewall, monitoring HTTP and HTTPS
• It can protect your services by inspecting the source IP addresses of users, and other parameters that are part of the HTTP requests.
• If request is denied, WAF will respond with HTTP 403 response.

AWS Firewall Manager

• AWS Firewall Manager is a service that can be used to centrally manage firewall rules across accounts.

Amazon GuardDuty

• Amazon GuardDuty is a service that uses machine learning to to threat detection.
• It looks at CloudTrail logging/VPC Flow Logs/DNS Logs, looking for unusual API calls, known malicious IP addresses, failed loggins, port scanning etc.
• GuardDuty documentation

AWS Macie

• Amazon Macie is an AI assisted service that scans S3 for personal information that does not comply with HIPAA/GDPR (names, credit-card IDs, social security number etc.)
• Macie documentation

Amazon Inspector

• Inspector is used to protect Operating Systems, by inspecting our networks and ec2 instances
• Networking assessments: It does configuration analysis on security groups to see if there are open ports left open
• Host assessments: You'll have to install an agent, and it will look for CVEs, and will try to find places where you can harden your system based on CIS benchmarks.
• Amazon Inspector
• Amazon Inspector documentation