As ever, cloud security is the number-one priority for AWS. During the Tuesday Night Live event, just hours before Andy Jassy’s keynote, AWS announced the launch of Amazon GuardDuty, now the 10th service in the AWS Security, Identity & Compliance category.
What is Amazon GuardDuty?
Amazon GuardDuty is an intelligent threat detection service. It allows users to monitor their AWS account for unusual and unexpected behavior and to analyze and monitor existing logs, such as CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It assesses data from multiple feeds with a focus on threat detection by looking for anomalies and known malicious sources such as IP addresses and URLs.
The service itself is powered by Machine Learning, which allows it to continuously evolve and understand your infrastructure. Amazon GuardDuty looks at erroneous patterns with your AWS account that could indicate potential threats to your environment. These threats could be behavioral based, where a resource has been compromised by account or credential exposure, unexpected API calls that sit outside security best practices, or even communications from suspicious sources.
Using the threat detection feeds, which can be generated from public sources or provided from within AWS itself, this service provides automatic and continuous security analysis for safeguarding your entire AWS environment.
GuardDuty analyzes a number of your logs within your account. To activate this service, the following service role permissions are automatically generated:
The service can then assume this role using the following Trust Relationship, which is also created during activation:
The service itself is very easy to enable within your account. Simply click “Enable GuardDuty” within the service dashboard in the AWS management console:
Once enabled, the service will begin analysis right away. Any findings will be displayed on the dashboard. By categorizing each as low, medium, or high, you can immediately focus on the findings that could be the source of a severe security threat. The detail contained in each finding allows you to dig deeper into the potential issue. This may include Region, resource ID, principal ID, API, the threat list name, or port, for example.
A security service that can seemingly detect and analyze huge amounts of data while learning both safe and malicious activity patterns within your infrastructure… You’re probably thinking, how much is this going to cost me?
Thankfully, AWS has provided a free trial for the service upon first activation. You’ll have 30 days and full access to the service to see if it’s a good fit for your security strategy and processes. To estimate the costs going forward, Amazon GuardDuty will generate an estimate of how much you would have spent outside your free trial.
Amazon GuardDuty pricing is based on the quantity of analysis of your AWS log data. Your VPC Flow Logs and DNS Logs will be charged per GB, per month of analysis. Your CloudTrail Event Logs are charged per 1,000,000 events, per month. For monthly information on specific charges per region, see the AWS Pricing page.
Bottom line: Amazon GuardDuty uses machine learning to optimize and analyze potential security threats within your AWS environment without impacting the performance of ANY of your existing services and workloads. In essence, this looks to be a great addition to the security and compliance service category.
I’ll be at re:Invent all week, attending sessions and working at the Venetian Expo Hall, booth 1702. Come by and say hello, or follow me on Twitter @Stuart_A_Scott for further updates.
New Content: Alibaba, Azure AZ-303 and AZ-304, Site Reliability Engineering (SRE) Foundation, Python 3 Programming, 16 Hands-on Labs, and Much More
This month our Content Team did an amazing job at publishing and updating a ton of new content. Not only did our experts release the brand new AZ-303 and AZ-304 Certification Learning Paths, but they also created 16 new hands-on labs — and so much more! New content on Cloud Academy At...
Blog Digest: Which Certifications Should I Get?, The 12 Microsoft Azure Certifications, 6 Ways to Prevent a Data Breach, and More
This month, we were excited to announce that Cloud Academy was recognized in the G2 Summer 2020 reports! These reports highlight the top-rated solutions in the industry, as chosen by the source that matters most: customers. We're grateful to have been nominated as a High Performer in se...
Which Certifications Should I Get?
The old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and companies. With all that in mind, the s...
New Content: AWS, Azure, Typescript, Java, Docker, 13 New Labs, and Much More
This month, our Content Team released a whopping 13 new labs in real cloud environments! If you haven't tried out our labs, you might not understand why we think that number is so impressive. Our labs are not “simulated” experiences — they are real cloud environments using accounts on A...
Kickstart Your Tech Training With a Free Week on Cloud Academy
Are you looking to make a jump in your technical career? Want to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Kubernetes, Python, or another in-demand skill? Then you'll want to mark your calendar. Starting Monday, June 22 at 12:00 a.m. PDT (3:00 a.m. EDT), ...
New Content: AZ-500 and AZ-400 Updates, 3 Google Professional Exam Preps, Practical ML Learning Path, C# Programming, and More
This month, our Content Team released tons of new content and labs in real cloud environments. Not only that, but we introduced our very first highly interactive "Office Hours" webinar. This webinar, Acing the AWS Solutions Architect Associate Certification, started with a quick overvie...
Azure vs. AWS: Which Certification Provides the Brighter Future?
More and more companies are using cloud services, prompting more and more people to switch their current IT position to something cloud-related. The problem is most people only have that much time after work to learn new technologies, and there are plenty of cloud services that you can ...
Blog Digest: 5 Reasons to Get AWS Certified, OWASP Top 10, Getting Started with VPCs, Top 10 Soft Skills, and More
Thank you for being a valued member of our community! We recently sent out a short survey to understand what type of content you would like us to add to Cloud Academy, and we want to thank everyone who gave us their input. If you would like to complete the survey, it's not too late. It ...
New Content: Alibaba, Azure Cert Prep: AI-100, AZ-104, AZ-204 & AZ-400, Amazon Athena Playground, Google Cloud Developer Challenge, and much more
This month, our Content Team released 8 new learning paths, 4 courses, 7 labs in real cloud environments, and 4 new knowledge check assessments. Not only that, but we introduced our very first course on Alibaba Cloud, and our expert instructors are working 'round the clock to create 6 n...
Top 5 Reasons to Get AWS Certified Right Now
Cloud computing trends are on the rise and have been for some time already. Fortunately, it’s never too late to start learning cloud computing. Skills like AWS and others associated with cloud computing are in high demand because cloud technologies have become crucial for many businesse...
Introducing Our Newest Lab Environments: Lab Playgrounds
Want to train in a real cloud environment, but feel slowed down by spinning up your own deployments? When you consider security or pricing costs, it can be costly and challenging to get up to speed quickly for self-training. To solve this problem, Cloud Academy created a new suite of la...
Blog Digest: AWS Breaking News, Azure DevOps, AWS Study Guide, 8 Ways to Prevent a Ransomware Attack, and More
New articles by topic AWS Azure Data Science Google Cloud Cloud Adoption Platform Updates & New Content Security Women in Tech AWS Breaking News: All AWS Certification Exams Now Available Online As an Advanced AWS Technology Partner, C...