Posted On: Dec 22, 2020

Amazon GuardDuty introduces three new threat detections that inform you when data residing in your Amazon Simple Storage Service (S3) buckets is accessed from an IP address associated with known malicious actors on the internet. These threat detections are available to customers that have enabled S3 protection in GuardDuty, and represent the latest in a continuously growing library of managed threat detections available for customers who enable Amazon GuardDuty in their AWS accounts.

The new threat detections are: Discovery:S3/MaliciousIPCaller, Exfiltration:S3/MaliciousIPCaller, and Impact:S3/MaliciousIPCaller. They are integrated with GuardDuty’s up-to-date threat intelligence feeds to inform you when APIs used to discover, exfiltrate, or impact data residing in your S3 buckets are invoked from IP addresses associated with known malicious actors on the internet. GuardDuty’s S3 protection now includes 19 managed threat detections tailored to help protect your data stored in S3.  

Amazon GuardDuty S3 protection broadens threat detection coverage to monitor for highly-suspicious data access and anomaly detection to help you better protect your data residing in Amazon S3. This capability adds S3 data events (LISTs/PUTs/GETs) as a new log source that GuardDuty continuously profiles to monitor data access behavior. S3 protection is on by default when you enable GuardDuty for the first time. If you are already using GuardDuty to protect your accounts and workloads, and are yet to enable this capability, you can enable S3 protection via the GuardDuty console or API. With AWS Organizations support you can enable S3 protection across your entire organization with a single click.  

Available globally, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts, access keys, and EC2 instances. GuardDuty identifies unusual or unauthorized activity, like crypto-currency mining, access to data stored in S3 from unusual locations, or infrastructure deployments in a region that has never been used. Powered by threat intelligence, machine learning, and anomaly detection techniques to detect threats, GuardDuty is continuously evolving to help you protect your AWS environment.

You can enable your 30-day free trial of Amazon GuardDuty with a single-click in the AWS Management console. To learn more, see Amazon GuardDuty Findings, and to receive programmatic updates on new Amazon GuardDuty features and threat detections, please subscribe to the Amazon GuardDuty SNS topic