As ever, cloud security is the number-one priority for AWS. During the Tuesday Night Live event, just hours before Andy Jassy’s keynote, AWS announced the launch of Amazon GuardDuty, now the 10th service in the AWS Security, Identity & Compliance category.
What is Amazon GuardDuty?
Amazon GuardDuty is an intelligent threat detection service. It allows users to monitor their AWS account for unusual and unexpected behavior and to analyze and monitor existing logs, such as CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It assesses data from multiple feeds with a focus on threat detection by looking for anomalies and known malicious sources such as IP addresses and URLs.
The service itself is powered by Machine Learning, which allows it to continuously evolve and understand your infrastructure. Amazon GuardDuty looks at erroneous patterns with your AWS account that could indicate potential threats to your environment. These threats could be behavioral based, where a resource has been compromised by account or credential exposure, unexpected API calls that sit outside security best practices, or even communications from suspicious sources.
Using the threat detection feeds, which can be generated from public sources or provided from within AWS itself, this service provides automatic and continuous security analysis for safeguarding your entire AWS environment.
GuardDuty analyzes a number of your logs within your account. To activate this service, the following service role permissions are automatically generated:
The service can then assume this role using the following Trust Relationship, which is also created during activation:
The service itself is very easy to enable within your account. Simply click “Enable GuardDuty” within the service dashboard in the AWS management console:
Once enabled, the service will begin analysis right away. Any findings will be displayed on the dashboard. By categorizing each as low, medium, or high, you can immediately focus on the findings that could be the source of a severe security threat. The detail contained in each finding allows you to dig deeper into the potential issue. This may include Region, resource ID, principal ID, API, the threat list name, or port, for example.
A security service that can seemingly detect and analyze huge amounts of data while learning both safe and malicious activity patterns within your infrastructure… You’re probably thinking, how much is this going to cost me?
Thankfully, AWS has provided a free trial for the service upon first activation. You’ll have 30 days and full access to the service to see if it’s a good fit for your security strategy and processes. To estimate the costs going forward, Amazon GuardDuty will generate an estimate of how much you would have spent outside your free trial.
Amazon GuardDuty pricing is based on the quantity of analysis of your AWS log data. Your VPC Flow Logs and DNS Logs will be charged per GB, per month of analysis. Your CloudTrail Event Logs are charged per 1,000,000 events, per month. For monthly information on specific charges per region, see the AWS Pricing page.
Bottom line: Amazon GuardDuty uses machine learning to optimize and analyze potential security threats within your AWS environment without impacting the performance of ANY of your existing services and workloads. In essence, this looks to be a great addition to the security and compliance service category.
I’ll be at re:Invent all week, attending sessions and working at the Venetian Expo Hall, booth 1702. Come by and say hello, or follow me on Twitter @Stuart_A_Scott for further updates.
Application Load Balancer vs. Classic Load Balancer
What is an Elastic Load Balancer? This post covers basics of what an Elastic Load Balancer is, and two of its examples: Application Load Balancers and Classic Load Balancers. For additional information — including a comparison that explains Network Load Balancers — check out our post o...
Advantages and Disadvantages of Microservices Architecture
What are microservices? Let's start our discussion by setting a foundation of what microservices are. Microservices are a way of breaking large software projects into loosely coupled modules, which communicate with each other through simple Application Programming Interfaces (APIs). ...
Kubernetes Services: AWS vs. Azure vs. Google Cloud
Kubernetes is a popular open-source container orchestration platform that allows us to deploy and manage multi-container applications at scale. Businesses are rapidly adopting this revolutionary technology to modernize their applications. Cloud service providers — such as Amazon Web Ser...
AWS Internet of Things (IoT): The 3 Services You Need to Know
The Internet of Things (IoT) embeds technology into any physical thing to enable never-before-seen levels of connectivity. IoT is revolutionizing industries and creating many new market opportunities. Cloud services play an important role in enabling deployment of IoT solutions that min...
Which Certifications Should I Get?
As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...
How to Go Serverless Like a Pro
So, no servers? Yeah, I checked and there are definitely no servers. Well...the cloud service providers do need servers to host and run the code, but we don’t have to worry about it. Which operating system to use, how and when to run the instances, the scalability, and all the arch...
AWS Security: Bastion Hosts, NAT instances and VPC Peering
Effective security requires close control over your data and resources. Bastion hosts, NAT instances, and VPC peering can help you secure your AWS infrastructure. Welcome to part four of my AWS Security overview. In part three, we looked at network security at the subnet level. This ti...
Top 13 Amazon Virtual Private Cloud (VPC) Best Practices
Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of interna...
Big Changes to the AWS Certification Exams
With AWS re:Invent 2019 just around the corner, we can expect some early announcements to trickle through with upcoming features and services. However, AWS has just announced some big changes to their certification exams. So what’s changing and what’s new? There is a brand NEW ...
New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more
At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...
AWS Security Groups: Instance Level Security
Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...
Cloud Migration Risks & Benefits
If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...