AWS Security Archives

AWS Security Hub findings visual showing how security signals are centralized and normalized across AWS services

AWS Security Hub Findings: Making Sense of Security Signals

Peter Trotter / January 26, 2026

AWS Security Hub Findings: Introduction AWS Security Hub findings address the issue of fragmented security signals from multiple independent AWS […]

AWS VPC Flow Logs showing network traffic flows and data-plane telemetry

AWS Security, Cloud Networking, Cloud Observability & Monitoring

VPC Flow Logs Explained: AWS Network Traffic Visibility Demystified

Peter Trotter / January 19, 2026

Introduction To explain VPC Flow Logs, it is helpful to understand the problems they try to solve. AWS services generally

Visual comparison of AWS GuardDuty and SIEM showing threat detection signals versus log aggregation

AWS Security, Cloud Security Architecture, Security Operations & Monitoring

AWS GuardDuty vs SIEM: Clearing Up a Common Security Myth

Peter Trotter / January 12, 2026

Is AWS GuardDuty a SIEM? Why This Question Keeps Coming Up To better understand whether AWS GuardDuty is a SIEM,

AWS GuardDuty security monitoring concept illustration

AWS Security, Cloud Security Best Practices, Threat Detection & Monitoring

GuardDuty Findings Explained: Avoid These Mistakes

Peter Trotter / January 5, 2026

Introduction: GuardDuty Findings Explained Why GuardDuty Findings Are Central to AWS Threat Detection A simple explanation is that GuardDuty findings

Diagram showing GuardDuty findings flowing into S3 for retention, SIEM for correlation, and automation workflows for monitoring best practices.

AWS Security, Cloud Monitoring and Observability, Compliance & Governance

Mastering GuardDuty Findings: Monitoring Best Practices That Strengthen AWS Security

Peter Trotter / December 29, 2025

Introduction to GuardDuty Findings: Monitoring Best Practices GuardDuty findings are central to any security response workflow; therefore, best practices around

Diagram showing GuardDuty pricing sources including VPC Flow Logs, CloudTrail, DNS, findings analysis, network traffic, API activity, and add-on modules.

AWS Security, Cloud Cost Optimization, Threat Detection & Monitoring

GuardDuty Pricing: Stop Paying for Noise

Peter Trotter / December 22, 2025

Introduction: Why GuardDuty Pricing Isn’t as Straightforward as It Looks We surveyed GuardDuty best practices, but pricing is of paramount

Illustration of AWS GuardDuty threat detection with AWS services such as S3, Lambda, VPC, and CloudTrail.

AWS Security, Cloud Monitoring and Observability, Threat Detection & Incident Response

AWS GuardDuty Best Practices: Level Up Your Threat Detection

Peter Trotter / December 15, 2025

Best Practices: What Is AWS GuardDuty and Why It Matters AWS GuardDuty Best Practices takes over from AWS Logging and

AWS cloud shield illustration representing automated security incident response.

AWS Certification Insights, AWS Security, Cloud Security & Compliance

AWS Security Incident Response Guide: Protect AWS with Confidence

Peter Trotter / November 3, 2025

Introduction This guide defines a security incident in AWS as any event threatening the confidentiality, integrity, or availability of cloud

Automated incident response in AWS best practices with GuardDuty automated response

AWS Security, Cloud Automation, Incident Response

Automated Incident Response in AWS: Best Practices and Tools

Peter Trotter / October 20, 2025

Introduction to Automated Incident Response in AWS Automated Incident Response in AWS is a core best practice as introduced in

AWS incident response best practices visual with shield and cloud icons.

AWS Security, Certification Study Guides, Cloud Security Best Practices

AWS Incident Response Best Practices: A Guide for Security Engineers

Peter Trotter / October 6, 2025

Introduction to AWS Incident Response Organizations leveraging public clouds, such as AWS, must implement incident response best practices to minimize