The course is part of these learning paths
During AWS re:Invent 2017, AWS launched their 11th security service in the on-going drive to help its customers protect and secure their applications, environments, and accounts. This service was Amazon GuardDuty, a regionally based, intelligent, threat-detection service. This service allows users to monitor their AWS account for unusual and unexpected behavior by analyzing AWS CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It then uses the data from logs, and assesses them against multiple security and threat detection feeds, looking for anomalies and known malicious sources, such as IP addresses and URLs. This course will introduce you to this Amazon GuardDuty and explain how it works and how to configure it, allowing you to be able to enable this service within your own AWS accounts to provide automatic and continuous security analysis for safeguarding your entire AWS environment.
By the end of this course you will be able to:
- Describe the Amazon GuardDuty service
- Manage and configure GuardDuty for single and multiple accounts
- Implement the correct permissions to both enable and manage GuardDuty
- Manage and resolve findings generated
- Explain how GuardDuty can play an important role within your organization
This course has been designed for those who are in a role of a:
- Security consultant/specialist
- Security analyst
- Security auditor
- Cloud architect
- Cloud operational support analyst
This would also be valuable to anyone looking to learn more about AWS security and threat detection within AWS.
As a prerequisite to this course you should have a basic understanding of the fundamentals of AWS along with an awareness of different security measures and mechanisms that are offered by different AWS services, such as within IAM, specifically IAM policies.
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
Hello and welcome to this lecture. Well, I just want to briefly highlight some of the partner offerings that integrate with Amazon GuardDuty and how to find out more information about them.
AWS work with many approved vendors to seamlessly interact their services with existing tools and products on the market today. Many of these vendors focus on monitoring and security. And as a result, there are many partners that provide services that can interact with Amazon GuardDuty to help you get even more from the service. Many organizations will probably be familiar with some of the partners and would likely already be using some of their products within their current infrastructure and environment. I just want to highlight a few of these partners currently committed with the Amazon GuardDuty. So you are aware that there are additional benefits to be had from a security standpoint.
Starting with Alert Logic Cloud Insight Essentials for AWS. Alert Logic offer a product that allows you to gain additional insight into your Amazon GuardDuty findings. Again without any agent required on your resources. Cloud Insight Essentials is designed to help you respond to your GuardDuty findings faster by providing further intelligence about the threat, in addition to providing more information about how to remediate the issue with specific actions. It also adds a feature that allows you to produce reports to analyze trends with your AWS account from a threat detection perspective. For further information on this offering and what it can do please visit the link on the screen.
CrowdStrike is another partner of Amazon GuardDuty. However, they integrate their technology and threat intelligence feeds which are used within CrowdStrike Falcon to Amazon GuardDuty. GuardDuty can then pull data and information from CrowdStrike which uses AI and machine learning to provide protection and block against cyber security threats. For more information on CrowdStrike and CrowdStrike Falcon please visit the link on-screen.
I'll take a look at one more example. This time with Trend Micro. Trend Micro have an existing product called Deep Security which uses an agent that can be installed on EC2 or ECS deployments to help protect against an array of threats such as anti-malware and adds features such as intrusion prevention. Using automation through CloudWatch and Lambda triggers can be used to invoke deep security and engage its rich features to analyze and detect any issues that may have occurred on the resource. More information on how these two products can work together can be found here.
These were just a few of the partners from the Amazon GuardDuty partners list which can be found here.
You may find that you are already using services from these partners. If you are then you may find you already have additional security features available to you when and if you enable Amazon GuardDuty.
That brings me to the end of this lecture. Coming up next, I will be providing a summary of the key points taken from the lectures throughout this course.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date Stuart has created over 40 courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.