AWS Security Blog

Tag: Amazon GuardDuty

How to perform automated incident response in a multi-account environment

How quickly you respond to security incidents is key to minimizing their impacts. Automating incident response helps you scale your capabilities, rapidly reduce the scope of compromised resources, and reduce repetitive work by security teams. But when you use automation, you also must manage exceptions to standard response procedures. In this post, I provide a […]

AWS Security Profiles: Dan Plastina, VP of Security Services

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do as the VP […]

AWS Security Profiles: Greg McConnel, Senior Manager, Security Specialists Team

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current […]

Tips for building a cloud security operating model in the financial services industry

My team helps financial services customers understand how AWS services operate so that you can incorporate AWS into your existing processes and security operations centers (SOCs). As soon as you create your first AWS account for your organization, you’re live in the cloud. So, from day one, you should be equipped with certain information: you […]

Nine AWS Security Hub best practices

July 21, 2020: The advice about enabling Security Hub in every region where you have authorized activity was updated. AWS Security Hub is a security and compliance service that became generally available on June 25, 2019. It provides you with extensive visibility into your security and compliance status across multiple AWS accounts, in a single […]

How to visualize Amazon GuardDuty findings: serverless edition

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. July 20, 2020:This post has been updated to reflect the new Amazon GuardDuty support for exporting findings to an S3 bucket. July 12, 2019: Due to a feature name change, we’ve updated some examples throughout the post. Note: This blog […]

Visualizing Amazon GuardDuty findings

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help protect your AWS accounts and workloads. Enable GuardDuty and it begins monitoring for: Anomalous API activity Potentially unauthorized deployments and compromised instances […]

How to automate the import of third-party threat intelligence feeds into Amazon GuardDuty

Amazon GuardDuty is an AWS threat detection service that helps protect your AWS accounts and workloads by continuously monitoring them for malicious and unauthorized behavior. You can enable Amazon GuardDuty through the AWS Management Console with one click. It analyzes billions of events across your AWS accounts and uses machine learning to detect anomalies in […]

How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts

April 25, 2023: We’ve updated this blog post to include more security learning resources. When you’re implementing security measures across your AWS resources, you should use a holistic approach that incorporates controls across multiple areas. In the Cloud Adoption Framework (CAF) Security perspective whitepaper, we define these controls across four categories. Directive controls. Establish the […]

Podcast: We developed Amazon GuardDuty to meet scaling demands, now it could assist with compliance considerations such as GDPR

It isn’t simple to meet the scaling requirements of AWS when creating a threat detection monitoring service. Our service teams have to maintain the ability to deliver at a rapid pace. That led to the question what can be done to make a security service as frictionless as possible to business demands? Core parts of […]