Understanding Amazon GuardDuty

Course Description

During AWS re:Invent 2017, AWS launched their 11th security service in the on-going drive to help its customers protect and secure their applications, environments, and accounts. This service was Amazon GuardDuty, a regionally based, intelligent, threat-detection service. This service allows users to monitor their AWS account for unusual and unexpected behavior by analyzing AWS CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It then uses the data from logs, and assesses them against multiple security and threat detection feeds, looking for anomalies and known malicious sources, such as IP addresses and URLs. This course will introduce you to this Amazon GuardDuty and explain how it works and how to configure it, allowing you to be able to enable this service within your own AWS accounts to provide automatic and continuous security analysis for safeguarding your entire AWS environment.

Learning Objectives:

By the end of this course you will be able to:

• Describe the Amazon GuardDuty service
• Manage and configure GuardDuty for single and multiple accounts
• Implement the correct permissions to both enable and manage GuardDuty
• Manage and resolve findings generated
• Explain how GuardDuty can play an important role within your organization

This course has been designed for those who are in a role of a:

• Security consultant/specialist
• Security analyst
• Security auditor
• Cloud architect
• Cloud operational support analyst

This would also be valuable to anyone looking to learn more about AWS security and threat detection within AWS.

Prerequisites

As a prerequisite to this course you should have a basic understanding of the fundamentals of AWS along with an awareness of different security measures and mechanisms that are offered by different AWS services, such as within IAM, specifically IAM policies.

Feedback

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.