AWS Guard Duty : 10 Minutes Guide - DevDummy

Latest

Guildes | Concepts | Techniques

Tuesday, September 18, 2018

AWS Guard Duty : 10 Minutes Guide


AWS Guard Duty : Intelligent Threat Detection Service

AWS Guard Duty is a detection & shielding service that continuously monitor and detects various kind of malicious or unauthorized behavior on your system. This service is capable of identifying suspected attackers through integrated threat intelligent based on the feeds of malicious IPs and domains reports. It also incorporates the machine learning to detect anomalies in account and workload activity.

Alerting & Monitoring

AWS Guard Duty can send alert to the Guard Duty console or trigger Cloud Watch events based on the findings making the alerts actionable and easy to integrate to the event management & workflow systems.

Ease of Use & Cost

AWS Guard Duty is an easy & cost effective service which is not required to deploy and maintain software or security infrastructure. Also it come with a 30 day free trial for new accounts. After that the charge is based on the events analysed. 

Feed for Analysis

There are 3 types of logs which need to be setup to enable Guard Duty,
  • DNS Logs
  • VPC Flow Logs
  • Cloud Trail Logs

How it works

GuardDuty_20171208

Benefits of Use


  • Intelligent Threat Detection
    • Collecting, analyzing, and correlating events from AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs
    • Made more accurate by incorporating threat intelligence
    • Detect anomalous account and network activities
  • Centralize Analysis & Monitoring
    • Centralize threat detection by enabling Amazon Guard Duty across all AWS accounts
  • Strengthens security through automation

Next Article : Enabling AWS Guard Duty - Step by Step Guide

Reference & Image Credit


No comments:

Post a Comment