AWS, the cloud computing division of Amazon, recently introduced a fully managed intelligent threat detection service—Amazon GuardDuty. By continuously monitoring and analyzing billions of events in pursuit of trends, patterns, and anomalies, the service helps protect AWS users from potential security threats to their IT infrastructure.
Powered by machine learning from the ground up, Amazon GuardDuty is developed with the capability to consume more than one data streams and keeps an eye on any malicious IP address and devious domain; however, importantly, it ensures the accuracy of identifying malicious or unauthorized behavior in each AWS account.
Not only probes for known vulnerabilities, but also port scans, probes, and access from unusual locations can be detected by the Amazon GuardDuty, due to the combination with different information sources, including the AWS CloudTrail Event Logs, VPC Flow Logs, and DNS logs. On the other side, AWS takes advantage of the Amazon GuardDuty to stay aware of potential malicious AWS account activities, including suspicious CloudTrail activity, unauthorized deployments, unusual access patterns to AWS API functions, as well as attempts to go beyond multiple service limits.
Amazon GuardDuty classifies an issue as low, medium or high level as soon as it detects it. At the same time, users will be offered detailed data and recommended solutions to dealing with the issue. Users can also have access to the findings with Amazon CloudWatch Events, therefore allowing them to leverage their AWS Lambda functions for remediating certain issues automatically.
Amazon makes it every easy for AWS users to enable the service. With just a single click, they can start using it, without installing or managing any other agents, sensors or network appliances. And since the entire operation is happened on AWS infrastructure, there is no need to worry about compromising the performance or reliability of users’ workloads.
Netflix, General Electric, Twilio and The Financial Industry Regulatory Authority, etc. are the first companies deploying Amazon GuardDuty. According to their feedbacks, they seem to feel excited about using a machine learning-based detection service to analyze account activity not only because of the outstanding detection accuracy but also for the reason that it makes it possible for them to respond quickly.
AWS currently announced the availability of the Amazon GuardDuty in production form in the US East (Ohio, Northern Virginia), US West (Northern California, Oregon), EU (Frankfurt, Ireland, London), Canada (Central), South America (São Paulo), Asia Pacific (Seoul, Tokyo, Singapore, Mumbai, Sydney) Regions.