AWS Security Blog

Tag: Amazon GuardDuty

Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty

According to the AWS Security Incident Response Guide, by using security response automation, you can increase both the scale and the effectiveness of your security operations. Automation also helps you to adopt a more proactive approach to securing your workloads on AWS. For example, rather than spending time manually reacting to security alerts, you can […]

Read More

How you can use Amazon GuardDuty to detect suspicious activity within your AWS account

Amazon GuardDuty is an automated threat detection service that continuously monitors for suspicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. In this post, I’ll share how you can use GuardDuty with its newly enhanced highly-customized machine learning model to better protect your AWS environment from potential […]

Read More

Updates to the security pillar of the AWS Well-Architected Framework

We have updated the security pillar of the AWS Well-Architected Framework, based on customer feedback and new best practices. In this post, I’ll take you through the highlights of the updates to the security information in the Security Pillar whitepaper and the AWS Well-Architected Tool, and explain the new best practices and guidance. AWS developed […]

Read More

How to perform automated incident response in a multi-account environment

How quickly you respond to security incidents is key to minimizing their impacts. Automating incident response helps you scale your capabilities, rapidly reduce the scope of compromised resources, and reduce repetitive work by security teams. But when you use automation, you also must manage exceptions to standard response procedures. In this post, I provide a […]

Read More

AWS Security Profiles: Dan Plastina, VP of Security Services

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do as the VP […]

Read More

AWS Security Profiles: Greg McConnel, Senior Manager, Security Specialists Team

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current […]

Read More

Tips for building a cloud security operating model in the financial services industry

My team helps financial services customers understand how AWS services operate so that you can incorporate AWS into your existing processes and security operations centers (SOCs). As soon as you create your first AWS account for your organization, you’re live in the cloud. So, from day one, you should be equipped with certain information: you […]

Read More

Nine AWS Security Hub best practices

July 21, 2020: The advice about enabling Security Hub in every region where you have authorized activity was updated. AWS Security Hub is a security and compliance service that became generally available on June 25, 2019. It provides you with extensive visibility into your security and compliance status across multiple AWS accounts, in a single […]

Read More

How to visualize Amazon GuardDuty findings: serverless edition

July 20, 2020:This post has been updated to reflect the new Amazon GuardDuty support for exporting findings to an S3 bucket. July 12, 2019: Due to a feature name change, we’ve updated some examples throughout the post. Note: This blog provides an alternate solution to Visualizing Amazon GuardDuty Findings, in which the authors describe how […]

Read More

Visualizing Amazon GuardDuty findings

Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help protect your AWS accounts and workloads. Enable GuardDuty and it begins monitoring for: Anomalous API activity Potentially unauthorized deployments and compromised instances Reconnaissance by attackers. GuardDuty analyzes and processes VPC flow log, AWS CloudTrail event log, and […]

Read More