AWS Security Tools Disabled

View all detections
AWS Security Tools Disabled

Triggers

  • Credential was observed performing a set of API requests capable of disabling native AWS security measures.

Possible Root Causes

  • Attackers are attempting to disable or downgrade AWS security mechanisms to blind defenders or to enable further malicious activities without the risk of detection.
  • A security or IT service may intentionally be disabling security tools while troubleshooting problems.

Business Impact

  • Attackers who have successfully degraded, disabled, or bypassed security controls can more easily progress towards their objectives.
  • Unintentional disabling of security controls increases the potential impact of both present and future attacks against the organization.

Steps to Verify

  • Review if this configuration is expected and appropriate in light of any available compensating controls.
  • If this is a temporary configuration for troubleshooting purposes, confirm it has been reenabled once that troubleshooting is complete.