Posted On: Nov 30, 2022
Amazon GuardDuty now offers threat detection for Amazon Aurora to identify potential threats to data stored in Aurora databases. Amazon GuardDuty RDS Protection profiles and monitors access activity to existing and new databases in your account, and uses tailored machine learning models to accurately detect suspicious logins to Aurora databases. Once a potential threat is detected, GuardDuty generates a security finding that includes database details and rich contextual information on the suspicious activity, is integrated with Aurora for direct access to database events without requiring you to modify your databases, and is designed to not affect database performance.
Amazon GuardDuty RDS Protection can be enabled with a single click in the GuardDuty console. Utilizing AWS Organizations for multi-account management, Amazon GuardDuty makes it easy for security teams to turn on and manage GuardDuty RDS Protection across all accounts in an organization. Once enabled, GuardDuty RDS Protection begins analyzing and profiling access to Aurora databases, and when suspicious behaviors or attempts by known malicious actors are identified, GuardDuty issues actionable security findings to the GuardDuty console, AWS Security Hub, Amazon Detective, and Amazon EventBridge, allowing for integration with existing security event management or workflow systems.
During the preview period, Amazon GuardDuty RDS Protection is available to customers in five AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Tokyo), and Europe (Ireland). Also, in the preview period, Amazon GuardDuty RDS Protection is available to customers at no additional cost. If you are not using Amazon GuardDuty already, you can enable your 30-day GuardDuty free trial with a single-click in the AWS Management console. To learn more, see Amazon GuardDuty Findings, and to receive programmatic updates on new Amazon GuardDuty features and threat detections, please subscribe to the Amazon GuardDuty SNS topic.
Amazon Aurora is designed for high performance and availability at global scale with full MySQL and PostgreSQL compatibility. It provides built-in security, continuous backups, serverless compute, up to 15 read replicas, automated multi-Region replication, and integrations with other AWS services. To get started with Amazon Aurora, take a look at our getting started page.
To get started, see the following resources: