At the AWS re:Invent 2017,
Customers can enable
As customers grow their cloud usage and increasingly deploy microservices architectures, they may have multiple AWS accounts with up to hundreds of thousands of instances. Identifying and assessing anomalous behavior across multiple accounts, networks, and instances at this scale can be like trying to find a needle in a haystack. Whether looking for attackers scanning web servers for vulnerabilities, monitoring for compromised instances being used to serve malware or mine cryptocurrency, or finding unauthorized resource provisioning, security teams have had to build or integrate multiple tools to detect anomalies.
Customers also have to collect API access and network flow logs and correlate them with threat intelligence sources, applying algorithms to identify anomalies based on known threats. And, often, as soon as the algorithms are well-tuned, the threats evolve and the algorithm requires rework. Now, with Amazon GuardDuty, customers can easily deploy intelligent threat detection that takes care of all of this undifferentiated heavy lifting. Once activated, Amazon GuardDuty immediately begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats that traditional solutions might miss, such as an unusual instance type being deployed in a region that has never been used, or an attempt to obscure user activity by disabling AWS CloudTrail logging. Amazon GuardDuty generates anomaly alerts that are tailored to each customer’s AWS use, and AWS continuously updates the threat intelligence sources Amazon GuardDuty employs. Amazon GuardDuty can be enabled instantly with no risk of negatively impacting existing application workloads.
“Customers often tell us that the best way we can help them stay secure is to give them smarter tools that make it easier to get security right,” said
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions