GuardDuty will monitor accounts for malicious activity 24/7
Amazon Web Services (AWS) has rolled out an intelligent threat detection service that aims to protect user accounts by continuously monitoring activity for malicious or unauthorized behavior.
Customers can enable the new GuardDuty service with a few clicks in the AWS management console and immediately being analyzing API calls and network activity across their accounts to establish a baseline of ‘normal’ activity.
Following the initial setup, Amazon GuardDuty applies machine learning to identify any events that fall outside normal patterns. When anomalies are detected, the solution delivers a detailed security alert to the owner.
As cloud usage continues to grow in popularity, many enterprises now have multiple AWS accounts with up to hundreds of thousands of EC2 instances. This has previously made the identification and assessment of anomalous behavior extremely difficult.
Reports have surfaced over recent years of AWS account holders who have accidentally committed their AWS keys to public repositories, leaving themselves open to attackers who immediately spin up high CPU EC2 instances and mine for cryptocurrency until they are closed down.
Those who inadvertently disclose their AWS keys are then liable for thousands of dollars of fees.
“With Amazon GuardDuty, customers can easily deploy intelligent threat detection that takes care of all of this undifferentiated heavy lifting,” said AWS. “Once activated, Amazon GuardDuty immediately begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats that traditional solutions might miss.”
Following a successful trial period, GuardDuty is already being used by General Electric, Netflix, and Autodesk, among others.
Click here for more information.