1. 程式人生 > >Amazon GuardDuty – Continuous Security Monitoring & Threat Detection

Amazon GuardDuty – Continuous Security Monitoring & Threat Detection

Threats to your IT infrastructure (AWS accounts & credentials, AWS resources, guest operating systems, and applications) come in all shapes and sizes! The online world can be a treacherous place and we want to make sure that you have the tools, knowledge, and perspective to keep your IT infrastructure safe & sound.

Amazon GuardDuty is designed to give you just that. Informed by a multitude of public and AWS-generated data feeds and powered by machine learning, GuardDuty analyzes billions of events in pursuit of trends, patterns, and anomalies that are recognizable signs that something is amiss. You can enable it with a click and see the first findings within minutes.

How it Works
GuardDuty voraciously consumes multiple data streams, including several threat intelligence feeds, staying aware of malicious IP addresses, devious domains, and more importantly, learning to accurately identify malicious or unauthorized behavior in your AWS accounts. In combination with information gleaned from your VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, this allows GuardDuty

to detect many different types of dangerous and mischievous behavior including probes for known vulnerabilities, port scans and probes, and access from unusual locations. On the AWS side, it looks for suspicious AWS account activity such as unauthorized deployments, unusual CloudTrail activity, patterns of access to AWS API functions, and attempts to exceed multiple service limits. GuardDuty will also look for compromised EC2 instances talking to malicious entities or services, data exfiltration attempts, and instances that are mining cryptocurrency.

GuardDuty operates completely on AWS infrastructure and does not affect the performance or reliability of your workloads. You do not need to install or manage any agents, sensors, or network appliances. This clean, zero-footprint model should appeal to your security team and allow them to green-light the use of GuardDuty across all of your AWS accounts.

Findings are presented to you at one of three levels (low, medium, or high), accompanied by detailed evidence and recommendations for remediation. The findings are also available as Amazon CloudWatch Events; this allows you to use your own AWS Lambda functions to automatically remediate specific types of issues. This mechanism also allows you to easily push GuardDuty findings into event management systems such as Splunk, Sumo Logic, and PagerDuty and to workflow systems like JIRA, ServiceNow, and Slack.

A Quick Tour
Let’s take a quick tour. I open up the GuardDuty Console and click on Get started:

Then I confirm that I want to enable GuardDuty. This gives it permission to set up the appropriate service-linked roles and to analyze my logs by clicking on Enable GuardDuty:

My own AWS environment isn’t all that exciting, so I visit the General Settings and click on Generate sample findings to move ahead. Now I’ve got some intriguing findings:

I can click on a finding to learn more:

The magnifying glass icons allow me to create inclusion or exclusion filters for the associated resource, action, or other value. I can filter for all of the findings related to this instance:

I can customize GuardDuty by adding lists of trusted IP addresses and lists of malicious IP addresses that are peculiar to my environment:

After I enable GuardDuty in my administrator account, I can invite my other accounts to participate:

Once the accounts decide to participate, GuardDuty will arrange for their findings to be shared with the administrator account.

I’ve barely scratched the surface of GuardDuty in the limited space and time that I have. You can try it out at no charge for 30 days; after that you pay based on the number of entries it processes from your VPC Flow, CloudTrail, and DNS logs.

Available Now
Amazon GuardDuty is available in production form in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Europe (Ireland), Europe (Frankfurt), Europe (London), South America (São Paulo), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions and you can start using it today!

Jeff;

相關推薦

Amazon GuardDutyContinuous Security Monitoring & Threat Detection

Threats to your IT infrastructure (AWS accounts & credentials, AWS resources, guest operating systems, and applications) come in all shapes an

Amazon GuardDuty – Intelligent Threat Detection

In addition to detecting threats, Amazon GuardDuty also makes it easy to automate how you respond to these threats, reducing your remediation a

Splunk宣佈與全新的Amazon Web Services Security Hub整合

整合將加快檢測、調查和響應,以幫助進一步保護AWS環境 美國拉斯維加斯 -- (美國商業資訊) -- 2018年AWS re:Invent大會 -- 致力於將資料轉化為行動和價值的 Splunk公司(NASDAQ:SPLK)今天宣佈與新推出的Amazon

Amazon GuardDuty Features

Amazon GuardDuty is an intelligent threat detection service that provides customers with an accurate and easy way to continuously monitor and pro

Questions fréquentes (FAQ) sur Amazon GuardDuty

Q : Dois-je activer les événements AWS CloudTrail, les journaux de flux VPC et les journaux DNS pour qu'Amazon GuardDuty fonctionne ?

Tarification Amazon GuardDuty

Tout nouveau compte Amazon GuardDuty bénéficie d'un essai gratuit de 30 jours. Vous avez accès à l'ensemble des fonctionnalités e

Вопросы и ответы по Amazon GuardDuty 

Вопрос: Каковы главные преимущества Amazon GuardDuty? Amazon GuardDuty упрощает осуществление непрерывного мониторинга аккаунтов A

Amazon GuardDuty Partners

Turbot delivers Software Defined Operations for the enterprise cloud with automated guardrails that ensure your cloud infrastructure is secure,

Amazon GuardDuty Pricing

Any new account to Amazon GuardDuty can try the service for 30-days at no cost. You will have access to the full feature set and

Fonctionnalités d'Amazon GuardDuty Features

Amazon GuardDuty est un service intelligent de détection des menaces qui fournit aux clients un moyen simple et précis de surveiller et protéger

Amazon GuardDuty 雲安全管理_智慧賬戶安全檢測服務

Amazon GuardDuty 可跨您的所有關聯 AWS 賬戶收集、分析和關聯來自 AWS CloudTrail、Amazon VPC 流日誌和 DNS 日誌的數十億個事件,從而實現智慧威脅檢測。GuardDuty 可整合威脅情報(如 AWS Security 和第三方威脅情報合作伙

Home Automation, Home Security & Monitoring, Home Networking

A connected home brings devices and services together for an integrated, autonomous experience that improves a consumer’s life. Connected home e

New Amazon S3 Encryption & Security Features

Back in 2006, when I announced S3, I wrote ” Further, each block is protected by an ACL (Access Control List) allowing the developer to keep the d

Amazon GuardDuty 定價

Amazon GuardDuty 的任何新賬戶都可以免費試用該服務 30 天。 免費試用期間,您可以使用所有的功能和檢測服務。GuardDuty 會針對您的賬戶顯示已處理的資料數量和估計的日均服務費用。這樣,您就可以輕鬆免費體驗 Amazon GuardDu

Amazon GuardDuty 常見問題

問:要使 Amazon GuardDuty 正常執行,必須啟用 AWS CloudTrail、VPC 流日誌和 DNS 日誌嗎? 不是。Amazon GuardDuty 可以直接從 AWS CloudTrail、VPC 流日誌和 AWS DNS 日誌中提取獨立

Amazon GuardDuty Resources

APN Partner products complement the existing AWS services to enable you to deploy a comprehensive security architecture and a more seamless experi

Wisenet SmartCam N2 review: Solid facial detection tops this security camera's list of features

Of all the AI features that put the "smarts" in smart security cameras, facial detection is undoubtedly the most complex and frustrating. Thanks to the var

British security services speak out over claims China planted tiny chips in Apple and Amazon computers

British security services have spoken out about claims that China managed to plant tiny chips in computers that made their way across the US. The bombshell

Ask HN: Is this a huge security hole in Amazon?

I just went to sellercentral.amazon.com/hz/fba/profitablilitycalculator/index and clicked on the search field for "find your product" The autocomplete disp

Continuous Delivery with Amazon EKS and Jenkins X

Amazon Elastic Container Service for Kubernetes (Amazon EKS) provides a container orchestration platform for building and deploying modern cloud a