Online retail and cloud-computing giant Amazon.com has announced Amazon GuardDuty, a fully managed intelligent threat detection service that helps customers protect their AWS accounts and workloads by continuously monitoring account activity for malicious or unauthorized behavior.
Once activated, Amazon GuardDuty begins analyzing network activity to establish baseline behavior for each AWS client. It utilizes AWS CloudTrail and Amazon VPC Flow Logs and applies machine learning algorithms to identify any discrepancies or abnormal behavior; this can include an unusual instance type being deployed in a region that has never been used or an attempt to obscure user activity by disabling AWS CloudTrail logging.
When anomalies are detected, Amazon GuardDuty delivers a security alert to the AWS account owner and offers recommendations to quarantine or remove the issue. Amazon GuardDuty operates completely on the AWS infrastructure and does not require hardware or software updates or installations. It can be activated instantly via the AWS Management Console.
Amazon GuardDuty can send all findings to AWS CloudWatch Events and supports API endpoints, allowing for interoperability with third-party solutions. Amazon GuardDuty also incorporates threat intelligence feeds from CrowdStrike, Proofpoint, and the AWS Security Team to help identify and protect customers from known bad actors.
“Amazon GuardDuty intelligently identifies hard-to-detect threats that might slip through the cracks of other security products and easily scales to meet the needs of any organization, whether they have two AWS accounts or two thousand,” says Stephen Schmidt, Chief Information Security Officer for Amazon Web Services.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021