Announcing Amazon GuardDuty – Intelligent Threat Detection

Posted on: Nov 28, 2017

Amazon GuardDuty is a threat detection service that provides you with an accurate and easy way to continuously monitor and protect your AWS accounts and the applications and services running within them. With a few clicks in the AWS Management Console, GuardDuty immediately begins analyzing billions of events from AWS CloudTrail, VPC Flow Logs, and other AWS data sources.

Amazon GuardDuty uses integrated threat intelligence such as lists of known malicious IP addresses, anomaly detection, and machine learning to identify activity indicating threats, such as compromised EC2 instances mining bitcoin or an attacker scanning your web servers for known application vulnerabilities. It also monitors AWS account access behavior for signs of compromise, such as detecting an atypical instance type deployed by a user from an unusual geo-location, or an attempt to disable CloudTrail logging or to snapshot a database from a suspicious IP address. With Amazon GuardDuty, you get intelligent threat detection and actionable detections without the heavy lifting of additional security software or infrastructure to deploy and maintain.

Amazon GuardDuty is now available to customers in the US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), EU (Ireland), EU (Frankfurt), EU (London), South American (São Paulo), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai) regions.

To learn more about Amazon GuardDuty, visit Amazon GuardDuty.