AWS Guard Duty : 10 Minutes Guide

AWS Guard Duty : Intelligent Threat Detection Service

AWS Guard Duty is a detection & shielding service that continuously monitor and detects various kind of malicious or unauthorized behavior on your system. This service is capable of identifying suspected attackers through integrated threat intelligent based on the feeds of malicious IPs and domains reports. It also incorporates the machine learning to detect anomalies in account and workload activity.

Alerting & Monitoring

AWS Guard Duty can send alert to the Guard Duty console or trigger Cloud Watch events based on the findings making the alerts actionable and easy to integrate to the event management & workflow systems.

Ease of Use & Cost

AWS Guard Duty is an easy & cost effective service which is not required to deploy and maintain software or security infrastructure. Also it come with a 30 day free trial for new accounts. After that the charge is based on the events analysed. 

Feed for Analysis

There are 3 types of logs which need to be setup to enable Guard Duty,

• DNS Logs
• VPC Flow Logs
• Cloud Trail Logs

How it works

Benefits of Use

• Intelligent Threat Detection
• Collecting, analyzing, and correlating events from AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs
• Made more accurate by incorporating threat intelligence
• Detect anomalous account and network activities
• Centralize Analysis & Monitoring
• Centralize threat detection by enabling Amazon Guard Duty across all AWS accounts
• Strengthens security through automation
• Set up scripts or AWS Lambda functions to trigger based on findings

Next Article : Enabling AWS Guard Duty - Step by Step Guide

Reference & Image Credit

https://aws.amazon.com/guardduty/