Cloud

Amazon launches GuardDuty threat detection service powered by machine learning

Announced at the 2017 re:Invent conference, GuardDuty analyzes trillions of threats per day to identify trends and develop custom-tailored security for AWS workloads.

Amazon GuardDuty, a new service announced Tuesday, provides constant, intelligent threat detection for Amazon Web Services (AWS) accounts and workloads.

Unveiled at a keynote address during the firm's re:Invent conference, GuardDuty starts by ingesting data from both public and AWS-generated data feeds, a blog post said. It then uses machine learning to identify trends and other patterns that indicate something might be wrong.

Using the data it consumes, it keeps tabs on malicious IP address, bad websites, and other dangerous behaviors. Within AWS, it will take in data from VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, the post said. With this data it can look for unusual behavior such as access coming from strange locations, or probes for known vulnerabilities.

SEE: Network security policy template (Tech Pro Research)

Also within AWS, GuardDuty can look for odd account activity such as unauthorized deployments and weird patterns of attempted API access. According to the post, it will also look out for compromised EC2 instances that may be communicating with actors trying to mine cryptocurrency or exfiltrate data.

"GuardDuty operates completely on AWS infrastructure and does not affect the performance or reliability of your workloads," the post said. "You do not need to install or manage any agents, sensors, or network appliances. This clean, zero-footprint model should appeal to your security team and allow them to green-light the use of GuardDuty across all of your AWS accounts."

If GuardDuty finds anything concerning, it will present the information with a label of low, medium, or high priority. Along with this, it will provide evidence for its findings and recommendations for what should be done.

"Amazon GuardDuty intelligently identifies hard-to-detect threats that might slip through the cracks of other security products and easily scales to meet the needs of any organization, whether they have two AWS accounts or two thousand," AWS CISO Stephen Schmidt said in a press release.

Companies like GE, Netflix, Autodesk, Twilio, Webroot, and Mapbox are using Amazon GuardDuty.

Additionally, AWS also announced advanced security features for Amazon Cognito as well. Users will have access to new identification features and the ability to detect and respond to unusual sign-in activity.

A new private endpoint option for SaaS developers— AWS PrivateLink—was also unveiled at AWS re:Invent. This service allows users to access third-party SaaS applications without sharing their Virtual Private Cloud (VPC) with the public internet.

The 3 big takeaways for TechRepublic readers

  1. A new service called Amazon GuardDuty uses machine learning to find emerging threats and identify unusual activity within AWS accounts and workloads.
  2. GuardDuty can determine if there has been access coming from strange locations, weird patterns of attempted API access, or if compromised EC2 instances may be communicating with bad actors.
  3. AWS also announced new security features for Cognito in beta, and a new private endpoint option for SaaS developers called AWS PrivateLink.

Also see

lockandkeys.jpg
Image: iStockphoto/PetrBonek

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox