As Cloud Service providers are finding it tough to secure their workloads from cyber attacks, Amazon Web Services has decided to stand out of the competition by introducing a new cloud security tool called GuardDuty exclusive to its Web Services customers.
Technically speaking, Amazon GuardDuty is a threat detection and monitoring tool for customers using Amazon Web Services platform. It helps to analyze and predict events in advance which could impact services running in the AWS environments.
AWS GuardDuty does this by analyzing the behavioral patterns against both Amazon developed and 3rd party best of the breed threat intelligence data, in combination with machine learning enabled events.
According to a post of TechTarget, the threat analyzing tool is explained well with the following example. Suppose an instance which is being hosted on an AWS platform is seen conducting a cyber attack against another party, or a host is seen exchanging data with a known bad actor like a remotely hosted botnet or malware, via a suspicious command and control channel. Amazon GuardDuty helps recognize the scenarios which are suspicious, then flags the events and then alert the administrators in time.
AWS GuardDuty does this without consuming additional customer visible resources. Means, the user doesn’t have to specify the data resources which have to be configured- such as AWS Domain Name System, Amazon Virtual Private Cloud Flow Logs, and AWS CloudTrial.
Furthermore, Amazon GuardDuty can also be integrated with other tools that might already be existing in the workflow: SIEM Tools, Workflow Management Tools, Remediation Tools, etc. However, the service doesn’t enable enterprises to pen their own rules, regular expressions or other purpose-built custom analysis functionality like a dedicated on-premises solution or virtual appliance would do.
The pricing of Amazon GuardDuty depends on the information processed and can prove as a boon to an SMB along with the larger ones as it incorporates threat intelligence info.