D3FEND-AWS

Defensive Technique Matrix

AWS-native defensive techniques mapped to the AWS Threat Technique Catalog, modeled on MITRE D3FEND.

48 Defensive Techniques
51/51 Attacks Covered
20 Detect
17 Harden
11 Evict

Detect

Identify threats using AWS-native signals

20 techniques
D3FA-DT-0001
CloudTrail Management Event Analysis
Platform Monitoring
AWS CloudTrailAmazon CloudWatch Logs
7 attack techniques countered
D3FA-DT-0002
GuardDuty Threat Detection
Threat Detection
Amazon GuardDuty
6 attack techniques countered
D3FA-DT-0003
VPC Flow Log Analysis
Network Traffic Analysis
Amazon VPCAmazon CloudWatch Logs
2 attack techniques countered
D3FA-DT-0004
S3 Data Event Monitoring
Platform Monitoring
AWS CloudTrailAmazon S3
4 attack techniques countered
D3FA-DT-0005
IAM Access Analyzer
User Behavior Analysis
AWS IAM Access Analyzer
5 attack techniques countered
D3FA-DT-0006
Billing and Cost Anomaly Detection
Platform Monitoring
AWS Cost Anomaly DetectionAWS Budgets
8 attack techniques countered
D3FA-DT-0007
Route 53 DNS Query Logging
Network Traffic Analysis
Amazon Route 53Amazon CloudWatch Logs
2 attack techniques countered
D3FA-DT-0008
RDS Activity Monitoring
Platform Monitoring
Amazon RDSAWS CloudTrail
4 attack techniques countered
D3FA-DT-0009
Lambda Invocation Monitoring
Platform Monitoring
AWS LambdaAWS CloudTrail
3 attack techniques countered
D3FA-DT-0010
Organizations Event Monitoring
Platform Monitoring
AWS OrganizationsAWS CloudTrail
3 attack techniques countered
D3FA-DT-0011
Cognito User Activity Monitoring
User Behavior Analysis
Amazon Cognito
1 attack technique countered
D3FA-DT-0012
EC2 Compute Activity Monitoring
Platform Monitoring
Amazon EC2AWS CloudTrail
7 attack techniques countered
D3FA-DT-0013
SES and Messaging Service Monitoring
Platform Monitoring
Amazon SESAmazon SNSAWS CloudTrail
2 attack techniques countered
D3FA-DT-0014
Bedrock Model Invocation Monitoring
Platform Monitoring
Amazon BedrockAWS CloudTrail
1 attack technique countered
D3FA-DT-0015
Support Case Activity Monitoring
Platform Monitoring
AWS SupportAWS CloudTrail
1 attack technique countered
D3FA-DT-0016
API Gateway Access Monitoring
Platform Monitoring
Amazon API GatewayAmazon CloudWatch Logs
1 attack technique countered
D3FA-DT-0017
Account Access Change Monitoring
User Behavior Analysis
AWS IAMAWS CloudTrail
1 attack technique countered
D3FA-DT-0018
S3 Lifecycle Policy Monitoring
Platform Monitoring
Amazon S3AWS CloudTrail
1 attack technique countered
D3FA-DT-0019
Security Hub Findings Aggregation
Threat Detection
AWS Security Hub
5 attack techniques countered
D3FA-DT-0020
ECS Container Activity Monitoring
Platform Monitoring
Amazon ECSAWS CloudTrailAmazon CloudWatch Logs
1 attack technique countered

Harden

Preventive controls via AWS service configuration

17 techniques
D3FA-HD-0001
SCP Preventive Controls
Access Control
AWS Organizations
5 attack techniques countered
D3FA-HD-0002
IAM MFA Enforcement
Credential Hardening
AWS IAM
3 attack techniques countered
D3FA-HD-0003
Security Group Least Privilege
Platform Hardening
Amazon VPCAmazon EC2
2 attack techniques countered
D3FA-HD-0004
IMDSv2 Enforcement
Platform Hardening
Amazon EC2
1 attack technique countered
D3FA-HD-0005
S3 Block Public Access
Platform Hardening
Amazon S3
2 attack techniques countered
D3FA-HD-0006
Lambda Code Signing
Application Hardening
AWS LambdaAWS Signer
1 attack technique countered
D3FA-HD-0007
RDS Deletion Protection
Platform Hardening
Amazon RDS
2 attack techniques countered
D3FA-HD-0008
EBS Default Encryption
Platform Hardening
Amazon EC2AWS KMS
2 attack techniques countered
D3FA-HD-0009
S3 Object Lock
Platform Hardening
Amazon S3
3 attack techniques countered
D3FA-HD-0010
IAM Least Privilege
Access Control
AWS IAMAWS IAM Access Analyzer
4 attack techniques countered
D3FA-HD-0011
Cognito Advanced Security
Application Hardening
Amazon Cognito
1 attack technique countered
D3FA-HD-0012
Resource Control Policies
Access Control
AWS Organizations
2 attack techniques countered
D3FA-HD-0013
Route 53 Domain Protection
Platform Hardening
Amazon Route 53
2 attack techniques countered
D3FA-HD-0014
AMI and Snapshot Protection
Platform Hardening
Amazon EC2
2 attack techniques countered
D3FA-HD-0015
AWS Budgets and Spending Controls
Platform Hardening
AWS BudgetsAWS Cost Explorer
8 attack techniques countered
D3FA-HD-0016
Config Rules Compliance
Configuration Management
AWS Config
3 attack techniques countered
D3FA-HD-0017
Organizations Account Governance
Access Control
AWS Organizations
3 attack techniques countered

Evict

Contain and remove threats during incidents

11 techniques
D3FA-EV-0001
IAM Credential Revocation
Credential Eviction
AWS IAM
5 attack techniques countered
D3FA-EV-0002
EC2 Instance Isolation
Resource Eviction
Amazon EC2Amazon VPC
4 attack techniques countered
D3FA-EV-0003
IAM Role Session Revocation
Credential Eviction
AWS IAM
2 attack techniques countered
D3FA-EV-0004
Lambda Function Disable
Resource Eviction
AWS Lambda
3 attack techniques countered
D3FA-EV-0005
S3 Bucket Policy Lockdown
Resource Eviction
Amazon S3
4 attack techniques countered
D3FA-EV-0006
RDS Instance Isolation
Resource Eviction
Amazon RDSAmazon VPC
3 attack techniques countered
D3FA-EV-0007
Account Quarantine
Account Eviction
AWS Organizations
3 attack techniques countered
D3FA-EV-0008
Security Group Emergency Lockdown
Resource Eviction
Amazon VPCAmazon EC2
3 attack techniques countered
D3FA-EV-0009
Compute Resource Termination
Resource Eviction
Amazon EC2Amazon ECSAmazon WorkSpaces
6 attack techniques countered
D3FA-EV-0010
Cognito Session Invalidation
Credential Eviction
Amazon Cognito
1 attack technique countered
D3FA-EV-0011
SES Sending Suspension
Resource Eviction
Amazon SES
2 attack techniques countered