EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
cloud-securityAWSGuardDutySecurity-Hub

AWS Security Services — Detection, Identity, Protection & Governance

A practitioner map of the AWS security service ecosystem — from GuardDuty threat detection to IAM identity controls to Shield DDoS protection — with cross-provider equivalents for Azure and GCP.

Ashish Revar3 July 202613 min read1 views

Sign in to mark this article as read and track your progress.

Related to this topic

Continue learning

Reference material

eBook
Cloud Security — eBook
v2026
Open resource
Cheatsheet
Cloud Security — Cheatsheet
v2026
Open resource
MCQ Bank
Cloud Security — MCQ Bank
v2026
Open resource
Question Bank
Cloud Security — Question Bank
v2026
Open resource

External references

AWS GuardDuty Finding Types

Complete reference of all GuardDuty finding types with descriptions and recommended responses.

blog
AWS GuardDuty Finding Types

Complete reference of all GuardDuty finding types with descriptions and recommended responses.

blog
AWS Security Reference Architecture

AWS prescriptive guidance for a comprehensive multi-account security architecture.

blog
AWS Security Reference Architecture

AWS prescriptive guidance for a comprehensive multi-account security architecture.

blog
Azure Defender for Cloud Documentation

Microsoft Defender for Cloud — Azure equivalent of AWS Security Hub with CSPM and workload protection.

blog
Azure Defender for Cloud Documentation

Microsoft Defender for Cloud — Azure equivalent of AWS Security Hub with CSPM and workload protection.

blog
GCP Security Command Center Overview

Google Cloud Security Command Center as the GCP equivalent of AWS Security Hub and GuardDuty.

blog
GCP Security Command Center Overview

Google Cloud Security Command Center as the GCP equivalent of AWS Security Hub and GuardDuty.

blog
More articlesTest your knowledge

Five AWS Security Services to Enable Before Deploying Any Workload

Before any workload goes live on AWS, these five services must be active:

  1. CloudTrail — all-region trail, S3 Object Lock on log bucket
  2. GuardDuty — threat detection from CloudTrail, DNS, and VPC Flow Logs
  3. AWS Config — continuous compliance posture monitoring
  4. IAM Access Analyzer — identifies external access to your resources
  5. Security Hub — aggregates all findings with a unified compliance score

These five together provide the minimum viable security baseline. Everything else builds on top of them.

AWS Identity Services

ServicePurposeKey Use Case
IAMManage users, roles, groups, and policiesFine-grained access control to all AWS services
AWS STSIssue temporary security credentialsAssume roles; federated access; cross-account access
AWS Organizations + SCPsCentralised account governancePrevent member accounts from disabling GuardDuty or CloudTrail
IAM Identity Center (SSO)Single sign-on across accountsFederated access with SAML/OIDC; JIT privilege elevation
Amazon CognitoUser identity for applicationsCustomer-facing auth with MFA and social login

Detection and Response Services

ServiceWhat It DetectsInput Sources
GuardDutyThreats and malicious behaviourCloudTrail, VPC Flow Logs, DNS logs, EKS audit logs
Amazon InspectorVulnerabilities in EC2 and container imagesEC2 agent, ECR image scanner
AWS MacieSensitive data (PII) in S3S3 object content classification
Security HubAggregated findings + compliance postureGuardDuty, Inspector, Macie, Config, third-party integrations
Amazon DetectiveSecurity investigation and root cause analysisGuardDuty findings, CloudTrail, VPC Flow Logs

GuardDuty Finding Types

GuardDuty generates findings with severity ratings (Low/Medium/High) across categories:

  • UnauthorizedAccess:EC2/SSHBruteForce — SSH brute force against EC2
  • Recon:IAMUser/NetworkPermissions — IAM credential used to probe network access
  • Backdoor:EC2/C&CActivity.B — EC2 communicating with known C2 server
  • CryptoCurrency:EC2/BitcoinTool.B!DNS — cryptomining activity detected
  • UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS — SSRF-to-IMDS credential theft

Network and Edge Protection

ServiceFunction
AWS WAFWeb Application Firewall; OWASP rule groups; rate limiting
AWS Shield StandardAlways-on DDoS protection for all AWS resources (free)
AWS Shield AdvancedEnhanced DDoS with 24/7 DRT, cost protection, $3,000/month
Security GroupsStateful EC2-level firewall; instance-level traffic control
Network ACLsStateless subnet-level firewall; explicit allow and deny
AWS Network FirewallManaged stateful firewall for VPC; IDS/IPS capability

Data Protection Services

ServiceFunction
AWS KMSManaged key management; AES-256; FIPS 140-2 Level 2
AWS CloudHSMDedicated HSM hardware; FIPS 140-2 Level 3
AWS Secrets ManagerSecrets storage with automatic rotation
AWS Certificate ManagerFree TLS certificates; auto-renewal for managed resources
Amazon MaciePII discovery and classification in S3

Governance Services

ServiceFunction
AWS ConfigConfiguration history and compliance rules
AWS Control TowerMulti-account AWS environment with guardrails
Service Control Policies (SCPs)Organisation-wide permission guardrails
AWS Audit ManagerContinuous audit evidence collection for frameworks
AWS CloudFormation StackSetsDeploy security baselines across all accounts

Cross-Provider Comparison

Security FunctionAWSAzureGCP
Threat detectionGuardDutyDefender for CloudSecurity Command Center
Vulnerability managementInspectorDefender for ServersSecurity Command Center
Identity governanceIAM + Identity CenterEntra ID + PIMCloud IAM + PAM
WAFAWS WAFAzure WAFCloud Armor
CSPMSecurity HubDefender for CloudSecurity Command Center
Key managementKMS + CloudHSMKey VaultCloud KMS + HSM
Secrets managementSecrets ManagerKey VaultSecret Manager
Compliance reportingSecurity HubCompliance ManagerCompliance Reports

Key Takeaway

AWS security is an ecosystem, not a single tool. GuardDuty for detection, IAM and SCPs for identity and governance, WAF and Shield for network protection, KMS and Secrets Manager for data protection, and Config and Security Hub for continuous compliance. Knowing the equivalent in Azure and GCP lets you work effectively across any environment.