Using All Amazon Security Services

Combining together all services described above allow for an architecture monitoring multiple areas of a RISE on Amazon deployment: network traffic, DNS logs, CloudTrail API activity, sensitive information extracted SAP data. Amazon GuardDuty and Amazon Security Hub are fed from multiple services and uses AIML intelligence to detect malicious activities and anomalies. Findings are passed to Amazon Detective for a deeper RCA analysis or sent to Amazon EventBridge for custom reporting and alerting.

Below is example architecture of GuardDuty, Amazon Network Firewall, Amazon Macie, Amazon Security Hub and Amazon Detective combined together to improve security posture of RISE with SAP on Amazon deployment

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Security Hub, Detective, Audit Manager and EventBridge

Integrating SAP Data Custodian KMS with Amazon KMS