Amazon adds security monitoring and threat defence with GuardDuty

Powered by machine learning, Amazon GuardDuty analyses public and AWS-generated events to notify users of anomalies and offer remediation advice.
Written by Asha Barbaschow, Contributor
Image: AWS

Amazon has launched GuardDuty, a new intelligence-driven threat detection service that uses machine learning to locate anomalies and notify the user when it finds something suspect.

The new offering scans public and AWS-generated events looking for trends, patterns, and anomalies. Findings of the scans are presented to the user as one of low, medium, or high level, along with evidence and recommendations for remediation.

Announcing the new offering on Tuesday night at AWS re:Invent, Stephen Schmidt, the cloud giant's VP and CISO of security and innovation, explained that Amazon GuardDuty can be enabled with a single click, and has removed the complexity of operation previously required for threat detection.

"Continuous security monitoring is what we all strive for, but doing this at scale, without slowing down your business, is complex and expensive," Schmidt said.

"Traditionally, threat detection requires you to deploy and maintain dedicated security infrastructure, which frankly is hard to automate, doesn't scale at all, and many existing solutions were designed for on-premise environment."

GuardDuty consumes multiple data streams, including several threat intelligence feeds, staying aware of IP addresses and domains flagged as malicious, while also learning to identify malicious or unauthorised behaviour in a user's AWS account.

According to Schmidt, it finds threats with great precision.

"For example, when a compromised EC2 instance is mining bitcoin, or an attacker is scanning your infrastructure," he explained.

"It also monitors AWS account access behaviour for signs of compromise such as, 'Is somebody using your credentials to launch an unusual instance type in a geography you've never used before?'"

GuardDuty runs completely on AWS infrastructure, with no agent or sensor to install, or even a network appliance required to run it.

More than 50 customers and partners have been using the service for the last seven months, with AWS on Tuesday making it available in production, free of charge, for the first 30 days.


VMware, AWS expand their hybrid cloud service

With its second release, VMware Cloud on AWS gets new capabilities focused largely on disaster recovery and adding on-demand capacity.

Time Warner's Turner adds AWS as preferred cloud provider

Turner is looking to add more analytics and machine learning to its content as it moves to a more digital-first strategy.

How sensors enabled Eli Lilly to improve the patient experience

Combining the use of sensors and automation, the pharmaceutical giant looked into an approach that enabled independence for the patient and alleviated burden on the caregiver.

Amazon Web Services: The smart person's guide (TechRepublic)

This comprehensive guide about AWS covers the expansive cloud services offered by Amazon, common use cases and technical limitations, and what to know when adopting this technology.

Disclaimer: Asha Barbaschow travelled to AWS re:Invent as a guest of AWS.

Editorial standards