Companies often struggle with responding to cybersecurity incidents. A recent poll found that only three out of five organizations have an incident response plan in place, and one-third regularly train to maintain the effectiveness of their plan. It's just a matter of degree.
The consequences of poor incident response can be costly. The International Monetary Fund estimates that the global cost of cyberattacks will rise from approximately $8.4 trillion in 2022 to more than $23 trillion by 2027.
It is against this backdrop that Amazon saw an opportunity. Today, Amazon Web Services (AWS), the company's cloud computing division, launched AWS Security Incident Response, a service aimed at helping businesses recover faster from cyberattacks.
Hart Rothman, vice president of global services security at AWS, told TechCrunch that the new service is designed to help security teams defend against account takeovers, breaches, ransomware attacks, and other corporate intrusions.
“We have heard feedback from our customers that implementing an effective security incident response program is difficult because they rely on a variety of tools, services, and people that are difficult to scale as their organization and business needs evolve. ” he said. “AWS Security Incident Response […] A single source of truth for security incident response. ”
AWS Security Incident Response automatically prioritizes detections from Amazon GuardDuty, Amazon's threat detection services, and supported third-party cybersecurity tools. From a dashboard with integrated messaging and data transfer modules, customers can adjust alert settings and account permissions, and view active incidents, historical data, and metrics such as average time to resolve incidents.
An AWS blog post about the service further states:
Customers may enable proactive incident response features. This creates service-level permissions that allow Security Incident Response to monitor and investigate findings. These findings are automatically sorted and remediated using a combination of automated services and customer-specific data, including common IP addresses. If we find a result that cannot be remediated, our Security Incident Response department will create a security case and notify the appropriate parties within your organization.
In this respect, AWS Security Incident Response is not that different from the products offered by countless incident response startups. FireHydrant, Rootly, and the even more unique Incident.io, which works almost entirely within Slack, to name a few.
So what makes AWS tools different? Rossman says one of them includes support from AWS's dedicated customer incident response team. (However, customers can choose to handle incidents themselves or interoperate with third-party vendors and partners.) AWS Security Incident Response is also available for businesses that already rely on other AWS security solutions. There's also the fact that it may simply be the most convenient option for you.
“AWS Security Incident Response works with all AWS detection and response services by continuously identifying and prioritizing security issues,” said Rossman.
AWS Security Incident Response is currently generally available through the AWS Management Console and service-specific APIs. Amazon says its customers, including the PGA Tour, have already implemented it.
If Amazon turns a profit on AWS Security Incident Response, it could mean significant profits for the tech giant. The global incident response market could grow from $21.61 billion last year to $89.09 billion by 2030, according to market analysis firm Verified Market Research.