Introducing Amazon GuardDuty

Posted:

In case you missed it, Amazon announced Amazon GuardDuty at re:Invent. It’s managed threat detection that monitors AWS accounts for suspicious behaviour. It uses a combination of AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs to detect malicious behaviour and generate alerts if a possible compromise has been detected.

 

Image 1.png

 

It’s enabled with just a few clicks and is available on a 30-day free trial. After the trial you pay by volume of CloudWatch Events and VPC & DNS logs analysed. It’s available for Production in EU (Ireland), EU (London), US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), EU (Frankfurt), South America (São Paulo), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions.

Image 2.jpg

GuardDuty findings can be used to trigger AWS Lambda functions, so if an event is picked up you can send out a notification or automate remediation steps. For example, if an instance is suspected of being compromised you could automatically block network access to that instance.

Alert Logic Cloud Insight integrates with Amazon GuardDuty. It will consume the GuardDuty data, give more detail and visibility about the asset, recommended remediation steps and further explanations about what the threat means.

Image 3-1.png

If you want to try Alert Logic Cloud Insight ANS can offer a free of charge 2-week trial.

You can find more information on Amazon GuardDuty at https://aws.amazon.com/guardduty/

Product details for Alert Logic Cloud Insight can be found at by visiting:  https://www.alertlogic.com/solutions/aws-vulnerability-scanning-and-management/