Accenture is a leading, global professional services company that provides an end-to-end solution to migrate to and manage operations on AWS. The Accenture AWS Business Group (AABG) combines the capabilities and services required to help accelerate your adoption of the AWS Cloud. Through the Accenture AWS Business Group, Accenture and AWS are jointly committed to help you transform organizational processes and skills, adopt a cloud-first strategy to innovate new products and services, operate securely at global scale, and quickly achieve business results. Accenture AWS Business Group provides transformational services for security in AWS, including guidance on the use and integration of Amazon GuardDuty into a broader cloud security operations strategy.
Alert Logic® Cloud Insight™ Essentials is an AWS-native security service that shows why, where and how to respond to Amazon GuardDuty findings while continuously assessing AWS configurations to find exposures and recommend actions that prevent future compromises. Customers can take action sooner with incident response support that explains GuardDuty findings, provides additional detail about which assets are impacted, recommends which actions to prioritize and provides workflow to make response more efficient. Cloud Insight Essentials can help you prevent future compromises with continuous checks for configuration mistakes in AWS account and service configurations. Alert Logic Cloud Insight Essentials can be launched immediately with minimal permissions, zero footprint in your AWS environment, and no security experience required.
Check Point CloudGuard IaaS complements native AWS controls to bring advanced, multi-layered security for protecting customer environments from even the most sophisticated threats. To keep pace with the dynamic nature of the cloud, CloudGuard for AWS consumes and leverages contextual information such as asset tags, security groups, availability zones and more to automatically update security policies in real-time. CloudGuard for AWS also now integrates with Amazon GuardDuty to collect additional threat information, such as malicious IP addresses. Dynamic security policies are then created to automatically block any activity originating from all malicious IP addresses. When Amazon GuardDuty updates the list of malicious IP addresses, CloudGuard for AWS automatically updates its security policies to reflect these changes. The integration demonstrates the value of context sharing for enhanced protection of business-critical workloads on AWS.
CrowdStrike® provides cloud-based endpoint protection that unifies next-generation antivirus, endpoint detection and response (EDR), IT hygiene, and a 24/7 managed hunting service — all delivered via a single lightweight agent. Because the CrowdStrike threat intelligence feed is seamlessly integrated with Amazon GuardDuty, customers can be confident in their security practice knowing they have CrowdStrike Falcon® providing the next layer of protection against advanced cyberattacks. Clients of Amazon GuardDuty gain the benefits of CrowdStrike's use of sophisticated signatureless artificial intelligence/machine learning and indicator of attack (IOA)-based threat prevention to stop known and unknown threats in real time.
Deloitte is one of the largest professional services firms in the world and a leader in digital transformation strategy. Through a network of more than 244,000 professionals, industry specialists, and an ecosystem of alliances, Deloitte assists clients in turning complex business issues into opportunities for growth. As AWS Premier Partner with the Security Competency, Deloitte’s Cyber Risk Services for AWS incorporate security capability areas built on our experience serving clients, industry leading practices, and applicable regulatory requirements. The services allow an organization to assess AWS capabilities, including AWS security services such as Amazon GuardDuty, to manage risks with their control responsibilities.
The Dome9 Arc SaaS platform delivers security and compliance automation as enterprises scale in the cloud. In addition to integrating with a number of AWS security and configuration services such as AWS CloudTrail, VPC Flow Logs and Amazon Inspector, Dome9 integrates Amazon GuardDuty into its security automation framework.
The Dome9 entity explorer constructs a model of the security in an AWS environment, and allows you to explore security configurations and policies at a per-asset level. The integration with Amazon GuardDuty provides contextual visibility into the findings directly from the entity explorer. This allows the user to quickly identify and correlate a resource with its configuration, networking and IAM settings, as well as host vulnerabilities and detected threats - dramatically shortening the time to prioritize and investigate alerts.
By using Amazon GuardDuty as an additional data source, the Evident Security Platform (ESP) provides DevSecOps and Compliance additional assurance that their cloud environments meet the strictest security standards and fulfill compliance requirements. Amazon GuardDuty detections will enhance the ESP risk alerts to with details about threats and the AWS resources involved.
Fortinet empowers AWS users with intelligent, seamless protection across the expanding attack surface, and the power to take on ever-increasing performance requirements of the borderless network. The Fortinet Security Fabric delivers security that is broad, integrated, and automated in AWS environments, including next-generation firewall, web application firewall, and advanced-threat sandboxing.
Fortinet complements and integrates with Amazon GuardDuty using cloud-native AWS orchestration with AWS CloudFormation and AWS Lambda. By taking threat detection from GuardDuty findings and remediating them with dynamic address objects used in FortiGate firewall rules to block traffic from malicious sources and IP’s, threat intelligence derived from AWS machine-learning and managed services is seamlessly integrated into Fortinet’s open Security Fabric architecture to automate actions and streamline incident response and recovery.
IBM Security supports Amazon GuardDuty with both managed security services and SIEM enablement for AWS environments. IBM Security delivers an integrated system of analytics, real-time defenses and proven experts to help you operate securely in the Cloud. For customers who have enabled Amazon GuardDuty, IBM Security can help you integrate security findings and events from AWS into your existing QRadar SIEM and security operations. IBM threat insight combines Global Threat Insight and Augmented Intelligence (AI) via second stage analytics for advanced event classification. AWS customers can also engage X-Force Incident Response services for response planning, preparation, and remediation.
Logicworks is an AWS Premier Consulting Partner that provides secure, compliant cloud services for companies that need to accelerate cloud adoption, strengthen governance, and achieve agility on the AWS cloud. Logicworks' proprietary automation platform is designed to provide an additional layer of protection by scanning environments and enforcing security configurations across our customers' AWS accounts, and incorporates Amazon Inspector, AWS Config, AWS CloudTrail, AWS CloudWatch, AWS Lambda, and other 3rd party security tools. The Logicworks platform incorporates Amazon GuardDuty in order to add machine learning-based analysis of suspicious traffic and API activity for customers using Logicworks on AWS.
McAfee, the device-to-cloud cybersecurity company, provides a comprehensive cloud security solution to protect both data and workloads across virtual private, public, and hybrid environments. McAfee® Cloud Workload Security automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multi-cloud management. Now, users can view Amazon GuardDuty events – such as network connections, port probes, and DNS requests – for EC2 instances directly on the Cloud Workload Security console. McAfee’s unparalleled protection makes it possible for a single, automated policy to effectively secure your workloads as they transition through hybrid environments, enabling operational excellence for your cyber security teams.
PagerDuty's digital operations management platform empowers teams to proactively mitigate issues by automatically turning any signal into the right insight and action. PagerDuty's integration with GuardDuty and 300+ security and monitoring tools helps customers identify the signal in the noise with a full stack view and automated grouping of related alerts. It rapidly and automatically engages the right experts to deliver critical security controls and learn from past breaches to deliver more secure services.
The Palo Alto Networks VM-Series next generation firewall complements AWS security groups and web application firewalls by controlling your AWS traffic based on the application identity and preventing known and unknown threats within the allowed application flows. To keep pace with the speed of the cloud, VM-Series automation and management features can be used to consume external information to dynamically update security policies. The VM-Series next generation firewall integrates with Amazon GuardDuty using a Lambda function to collect threat intelligence information such as malicious IP addresses and delivering it to the firewall as an external list source. A dynamic security policy is then created to automatically block any activity emanating from the list of malicious IP addresses. When Amazon GuardDuty updates the list of IP addresses, the prevention policy is in turn automatically updated, without administrative intervention. The integration demonstrates how threat intelligence generated by Amazon GuardDuty can be used in near real time, by the VM-Series to protect business critical workloads on AWS.
Proofpoint provides intelligence-led next generation products and solutions for security, compliance, digital risk, and response. Proofpoint’s Emerging Threats IP address and Domain reputation intelligence is based-on one of the broadest footprints of protective technologies spanning email, mobile, social, SaaS, and network environments. Proofpoint ET Intelligence helps Amazon GuardDuty detect and surface threats hidden in traffic and activity between customer AWS instances to or from malicious sites and bad actors. This provides proactive alerting for suspicious or malicious activity such as email, mobile, or social media credential or account phishing, imposter and BEC attacks, as well as malware command-and-control and related behaviors. Additionally, customers can further leverage Proofpoint’s ET Intelligence for deeper context, hunting, sample detection, and history via a subscription to Proofpoint’s ET Intelligence portal.
Rapid7 is trusted by IT and security professionals around the world to manage risk, simplify modern IT complexity, and drive innovation. Rapid7 analytics transform today’s vast amounts of security and IT data into the answers needed to securely develop and operate sophisticated IT networks and applications. Our InsightIDR product leverages attacker analytics to detect intruder activity, cutting down false positives and days’ worth of work for your security professionals. By integrating Amazon GuardDuty and InsightIDR you can hunt for actions indicative of compromised credentials, spots lateral movement across assets, detects malware, and sets traps for intruders.
Recorded Future delivers security intelligence to amplify the effectiveness of security and IT teams by informing decisions in real time with contextual, actionable intelligence. By analyzing data from open, dark, and proprietary sources, Recorded Future offers a seamless, integration-ready view of threat information to empower organizations to reveal unknown threats before they impact business, and enable teams to respond to Amazon GuardDuty findings faster. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis. Clients of Amazon GuardDuty can use Recorded Future’s intelligence to detect potential threats in the network by correlating against telemetry data for the purpose of reducing time to verdict and risk to the organization.
RedLock enables effective threat defense across AWS environments. With RedLock, organizations can ensure compliance, govern security, and enable security operations. In addition to AWS Config, AWS CloudTrail, VPC flow logs, and Amazon Inspector, RedLock also ingests findings from Amazon GuardDuty. This provides additional context and centralized visibility into security risks in the cloud, helping organizations gain actionable insights, identify cloud threats, reduce risk and remediate issues, without impeding DevOps.
To further transform security through an analytics-driven approach, Splunk has developed an integration for the newly available Amazon GuardDuty. The integration streamlines ingestion of GuardDuty security findings from across regions and accounts into the Splunk platform for further analysis. By aggregating and analyzing GuardDuty findings, Splunk can provide security teams additional context for early detection, rapid investigations and remediation of potential threats. The Splunk integration via the Splunk App for AWS, extends the ability of AWS customers' ability to use security analytics at each stage to accelerate detection, investigation, and response to potential threats in their AWS environments.
Sumo Logic’s cloud-native machine data analytics platform delivers comprehensive visibility into the security and compliance posture of applications running in AWS, to help organizations accelerate the transitions of workloads into the Cloud. Sumo Logic integrates with Amazon GuardDuty providing real-time actionable visibility into AWS environments to help SecOps teams rapidly detect, investigate, and remediate potential threats, and bolster the protection of cloud application and critical data.
Trend Micro Deep Security™ gives you a comprehensive set of security controls delivered from a single agent, which you can manage from a single console, API, or orchestration tool. Protect your Amazon EC2 instances and Amazon ECS deployments with intrusion prevention (IPS), application control, anti-malware, and more. Deep Security provides detection and prevention, while Amazon Guard Duty augments this with additional visibility & detection. Together, Deep Security and Amazon Guard Duty offer greater visibility, prevention and detection when securing your EC2 instances and ECS deployments.
Trustwave® helps businesses fight cybercrime, protect data, and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. Trustwave Managed Threat Detection service collects findings from Amazon GuardDuty and analyzes the events 24x7x365 using threat intelligence, automated use cases, rules, behavior analytics and machine learning in conjunction with human analysis by Trustwave SpiderLabs researchers.
Turbot delivers Software Defined Operations for the enterprise cloud with automated guardrails that ensure your cloud infrastructure is secure, compliant, scalable and cost optimized. Turbot's Guardrail policies for Amazon GuardDuty help enterprises ensure that Amazon GuardDuty is setup and configured according to defined policies for threat detection to continuously monitor for malicious or unauthorized behavior across AWS accounts and workloads.
Turbot provides point and click policy enforcements to setup and configure Amazon GuardDuty Master and Member account configurations across a multi-account model. Turbot's Guardrails can restrict use of the Amazon GuardDuty service to specific accounts, regions, users, and roles. In addition, Turbot can enforce specific detector configurations per Account per Region, enforce IP and Threat Set list configurations, send all configurations in real-time to the Turbot CMDB, and provide guidance for setting other Guardrail configurations to remediate any GuardDuty findings. This allows the user to quickly setup and scale Amazon GuardDuty across multiple AWS Accounts, while enforcing company policies and providing real-time recommendations to adjust Guardrail policies to prevent findings from occurring in the future.
Amazon GuardDuty is a threat detection service that provides you with an accurate and easy way to continuously monitor and protect your AWS accounts and workloads.
Try Amazon GuardDuty for 30 days at no cost. You will receive full access to GuardDuty features and its detection findings during the free trial.
Get started building with Amazon GuardDuty in the AWS Management Console.