AWS Security Blog

Tag: threat detection

How to detect security issues in Amazon EKS clusters using Amazon GuardDuty – Part 1

In this two-part blog post, we’ll discuss how to detect and investigate security issues in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon GuardDuty and Amazon Detective. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run and scale container workloads by using Kubernetes in the AWS […]

AWS re:Inforce 2022: Threat detection and incident response track preview

Register now with discount code SALXTDVaB7y to get $150 off your full conference pass to AWS re:Inforce. For a limited time only and while supplies last. Today we’re going to highlight just some of the sessions focused on threat detection and incident response that are planned for AWS re:Inforce 2022. AWS re:Inforce is a learning […]

Introducing the Ransomware Risk Management on AWS Whitepaper

May 10, 2022: The Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper has been archived, so we have updated the link in this blog post accordingly. AWS recently released the Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper. This whitepaper aligns the National Institute of […]

How you can use Amazon GuardDuty to detect suspicious activity within your AWS account

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon GuardDuty is an automated threat detection service that continuously monitors for suspicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. In this post, I’ll share how you can use GuardDuty with […]

How Security Operation Centers can use Amazon GuardDuty to detect malicious behavior

The Security Operations Center (SOC) has a tough job. As customers modernize and shift to cloud architectures, the ability to monitor, detect, and respond to risks poses different challenges. In this post we address how Amazon GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to […]

Introducing the AWS Security Incident Response Whitepaper

AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment. The whitepaper reviews how to prepare your organization for detecting and responding to security incidents, explores the controls and capabilities at your disposal, provides topical examples, and outlines remediation methods that […]

Recovering from a rough Monday morning: An Amazon GuardDuty threat detection and remediation scenario

Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Given the many log types that Amazon GuardDuty analyzes (Amazon Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and DNS logs), you never know what it might discover in your […]

How we reduce complexity and rapidly iterate on Amazon GuardDuty: twelve new detections added

We’re relentlessly innovating on your behalf at AWS, especially when it comes to security. Last November, we launched Amazon GuardDuty, a continuous security monitoring and threat detection service that incorporates threat intelligence, anomaly detection, and machine learning to help protect your AWS resources, including your AWS accounts. Many large customers, including General Electric, Autodesk, and […]

Join Us for AWS Security Week February 20–23 in San Francisco!

Join us for AWS Security Week, February 20–23 at the AWS Pop-up Loft in San Francisco, where you can participate in four days of themed content that will help you secure your workloads on AWS. Each day will highlight a different security and compliance topic, and will include an overview session, a customer or partner speaker, […]