Security has always been major concern for businesses that have their IT infrastructure on the public cloud. As a shared resource identity management, privacy and access control are of prime concern for most of the companies. With the introduction of Amazon GuardDuty at AWS re:Invent 2017, AWS adds a new security pillar to their cloud services.
GuardDuty works as a guard for your infrastructure, monitors possible anomalies and voids that can lead to potential threats. A machine learning backed service is well trained to get the breach findings in just minutes.
How Amazon GuardDuty works and how it is helpful?
Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It identifies suspected attackers through integrated threat intelligence feeds and uses machine learning to scale protection of your AWS accounts and workloads. It also monitors AWS account access behavior for signs of compromise, such as detecting an atypical instance type deployed by a user from an unusual geo-location.
The example below explains in detail how can Amazon GuardDuty works.
Example: You can create trusted IP lists and threat IP lists and upload it to AWS GaurdDuty. GuardDuty can instantly picks-up any unplanned or unauthorized probe in your environment.
Once you have categorised GaurdDuty findings, AWS also allows you take a recommended action on it and automate it via remediation scripts or AWS Lambda. For example if you have categorised findings say compromised EC2 and you want to terminate the compromised EC2 and launch a new EC2 whenever you detect this finding. You can automate this action via using AWS lambda functions based on AWS GuardDuty findings.
Amazon GuardDuty offers the following key features:
- Completely works on AWS Infrastructure, does not require installing any agent or network application.
- Centralised pane access for all the detected threats across your member accounts. To know more about member accounts read here.
Amazon GuardDuty can send all findings to AWS Cloudwatch Events and supports API endpoints through the AWS SDK, allowing for robust interoperability with third party solutions including Botmetric HQ. It is currently available to customers in the following regions US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), EU (Ireland), EU (Frankfurt), EU (London), South American (São Paulo), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai).
To learn more about Amazon GuardDuty, visit their website.