Companies often struggle with how to respond to cybersecurity incidents. According to one recent poll, only three out of five organizations have an incident response plan in place, and only around a third do regular drills to ensure that their plans remain effective.
The consequences of poor incident response are costly. The International Monetary Fund estimates that cyberattacks will cost the world more than $23 trillion by 2027, up from roughly $8.4 trillion in 2022.
It’s against this backdrop that Amazon sensed an opportunity. Today, Amazon Web Services (AWS), the company’s cloud computing division, launched AWS Security Incident Response, a service that aims to reduce the time it takes for a business to recover from a cyberattack .
Hart Rossman, VP of global services security at AWS, told TechCrunch that the new service is designed to help security teams combat account takeovers, breaches, ransomware attacks, and other corporate intrusions along these lines.
“We’ve received feedback from customers that implementing effective security incident response programs is challenging due to a reliance on various tools, services, and people that are difficult to scale as organizations and business needs evolve,” he said. “AWS Security Incident Response can now be used as a […] single source of truth for security incident response.”
AWS Security Incident Response automatically triages findings from Amazon GuardDuty, Amazon’s threat detection service, and supported third-party cybersecurity tools. From a dashboard with integrated messaging and data transfer modules, customers can adjust the alert settings and account permissioning, and review active incidents, historical data, and metrics like the average time it takes to resolve an incident.
AWS’ blog post on the service has more:
Customers can enable the proactive incident response feature, which creates service-level permissions allowing Security Incident Response to monitor and investigate findings … These findings are automatically sorted and remediated using a combination of automated services and customer-specific data, including common IP addresses … For any findings that cannot be remediated, Security Incident Response will create a security case which will notify the appropriate stakeholders within the customer’s organization.
In this respect, AWS Security Incident Response isn’t all that different from the products countless incident response startups have on offer. To name a few, there’s FireHydrant, Rootly, and the more unique Incident.io, which functions almost entirely within Slack.
So what differentiates AWS’ tool? Well, Rossman says, for one, it includes support from AWS’ dedicated customer incident response team. (Customers can choose to handle incidents themselves or interoperate with third-party vendors and partners, however.) There’s also the fact that AWS Security Incident Response may simply be the most convenient option for companies already relying on other AWS security solutions.
“AWS Security Incident Response works with all AWS detection and response services,” Rossman said, “by continuously identifying and prioritizing security issues.”
AWS Security Incident Response is generally available today via the AWS management console and service-specific APIs. Amazon says that customers including the PGA Tour have already deployed it.
Should Amazon make a dent with AWS Security Incident Response, it could be quite lucrative for the tech giant. According to market analytics firm Verified Market Research, the global incident response market could grow from $21.61 billion last year to $89.09 billion by 2030.
