Member’s Login

Forgot Password  |  Create an account

AWS Announces Amazon GuardDuty: The Threat Detection Service Analyzes Trillions of Events Per Day

Posted By - DynamicCISO,

At the AWS re:Invent 2017, Amazon Web Services (AWS) announced Amazon GuardDuty, a fully managed intelligent threat detection service that helps customers protect their AWS accounts and workloads by continuously monitoring account activity for malicious or unauthorized behavior.

Customers can enable Amazon GuardDuty with a few clicks in the AWS Management Console and immediately begin analyzing API calls and network activity across their accounts to establish a baseline of “normal” account activity. Then, Amazon GuardDuty continuously applies machine learning to identify any events that fall outside the normal patterns. Amazon GuardDuty correlates activity using both proprietary, AWS-developed threat intelligence sources and industry-leading third-party sources. When anomalies are detected, Amazon GuardDuty delivers a detailed security alert to the AWS account owner, making alerts actionable and easy to integrate with existing event management and workflow systems. With Amazon GuardDuty, there is no hardware or software to deploy and no third-party subscription costs; customers pay only for the events analyzed. To get started with Amazon GuardDuty, visit: https://aws.amazon.com/guardduty.

As customers grow their cloud usage and increasingly deploy microservices architectures, they may have multiple AWS accounts with up to hundreds of thousands of instances. Identifying and assessing anomalous behavior across multiple accounts, networks, and instances at this scale can be like trying to find a needle in a haystack. Whether looking for attackers scanning web servers for vulnerabilities, monitoring for compromised instances being used to serve malware or mine cryptocurrency, or finding unauthorized resource provisioning, security teams have had to build or integrate multiple tools to detect anomalies.

Customers also have to collect API access and network flow logs and correlate them with threat intelligence sources, applying algorithms to identify anomalies based on known threats. And, often, as soon as the algorithms are well-tuned, the threats evolve and the algorithm requires rework. Now, with Amazon GuardDuty, customers can easily deploy intelligent threat detection that takes care of all of this undifferentiated heavy lifting. Once activated, Amazon GuardDuty immediately begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats that traditional solutions might miss, such as an unusual instance type being deployed in a region that has never been used, or an attempt to obscure user activity by disabling AWS CloudTrail logging. Amazon GuardDuty generates anomaly alerts that are tailored to each customer’s AWS use, and AWS continuously updates the threat intelligence sources Amazon GuardDuty employs. Amazon GuardDuty can be enabled instantly with no risk of negatively impacting existing application workloads.

“Customers often tell us that the best way we can help them stay secure is to give them smarter tools that make it easier to get security right,” said Stephen Schmidt, Chief Information Security Officer, Amazon Web Services. “We designed Amazon GuardDuty to be so simple and cost effective that turning it on would be an easy choice for every AWS customer, regardless of their security expertise or the existing security services they use. Amazon GuardDuty intelligently identifies hard-to-detect threats that might slip through the cracks of other security products and easily scales to meet the needs of any organization, whether they have two AWS accounts or two thousand.”

0 Comments
Share:
Related Tags - Amazon Web Services, CISO, API, Amazon GuardDuty, Threat Detection, AWS re:Invent

Subscribe to our newsletter for all the latest updates and special offers.

Click Here To view archive additions

Older Entries

Monday, April 14th, 2014 02:55:00 PM Heartbleed - Bruce Schneier, CTO
Sunday, April 27th, 2014 09:10:00 AM Heartbleed FAQs - Richard Henderson, Security Strategist FortiGuard Labs
View All