Introducing Amazon GuardDuty
In case you missed it, Amazon announced Amazon GuardDuty at re:Invent. It’s managed threat detection that monitors AWS accounts for suspicious behaviour. It uses a combination of AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs to detect malicious behaviour and generate alerts if a possible compromise has been detected.
It’s enabled with just a few clicks and is available on a 30-day free trial. After the trial you pay by volume of CloudWatch Events and VPC & DNS logs analysed. It’s available for Production in EU (Ireland), EU (London), US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), EU (Frankfurt), South America (São Paulo), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions.
GuardDuty findings can be used to trigger AWS Lambda functions, so if an event is picked up you can send out a notification or automate remediation steps. For example, if an instance is suspected of being compromised you could automatically block network access to that instance.
Alert Logic Cloud Insight integrates with Amazon GuardDuty. It will consume the GuardDuty data, give more detail and visibility about the asset, recommended remediation steps and further explanations about what the threat means.
If you want to try Alert Logic Cloud Insight ANS can offer a free of charge 2-week trial.
You can find more information on Amazon GuardDuty at https://aws.amazon.com/guardduty/
Product details for Alert Logic Cloud Insight can be found at by visiting: https://www.alertlogic.com/solutions/aws-vulnerability-scanning-and-management/