Online retail and cloud-computing giant Amazon.com has announced Amazon GuardDuty, a fully managed intelligent threat detection service that helps customers protect their AWS accounts and workloads by continuously monitoring account activity for malicious or unauthorized behavior.
Once activated, Amazon GuardDuty begins analyzing network activity to establish baseline behavior for each AWS client. It utilizes AWS CloudTrail and Amazon VPC Flow Logs and applies machine learning algorithms to identify any discrepancies or abnormal behavior; this can include an unusual instance type being deployed in a region that has never been used or an attempt to obscure user activity by disabling AWS CloudTrail logging.
When anomalies are detected, Amazon GuardDuty delivers a security alert to the AWS account owner and offers recommendations to quarantine or remove the issue. Amazon GuardDuty operates completely on the AWS infrastructure and does not require hardware or software updates or installations. It can be activated instantly via the AWS Management Console.
Amazon GuardDuty can send all findings to AWS CloudWatch Events and supports API endpoints, allowing for interoperability with third-party solutions. Amazon GuardDuty also incorporates threat intelligence feeds from CrowdStrike, Proofpoint, and the AWS Security Team to help identify and protect customers from known bad actors.
“Amazon GuardDuty intelligently identifies hard-to-detect threats that might slip through the cracks of other security products and easily scales to meet the needs of any organization, whether they have two AWS accounts or two thousand,” says Stephen Schmidt, Chief Information Security Officer for Amazon Web Services.
Latest posts by Ben Canner (see all)
- Netskope Releases February 2020 Netskope Cloud and Threat Report - February 21, 2020
- What’s Changed: 2020 Gartner Magic Quadrant for SIEM - February 20, 2020
- How SIEM Solutions Can Help Secure Financial Enterprises - February 19, 2020