What is GuardDuty?

Amazon GuardDuty is a continuous security monitoring service that identifies possible malicious activity within AWS environments. Amazon GuardDuty analyzes Amazon CloudTrail and AWS VPC Flow Log data to look for issues such as escalation of privileges, use of exposed credentials, or communication from malicious IPs, URLs, or domains.

Amazon GuardDuty helps AWS customers keep their AWS environment running with less interruption to their operations and helps ensure an organization’s compliance with security standards.

When Amazon GuardDuty detects unexpected and potentially damaging behavior in your AWS environment, it displays alerts in the Amazon GuardDuty Management Console.

GuardDuty

Threat Response Challenges

Cloud environments, such as AWS can be challenging for security monitoring services because assets can appear and disappear dynamically. Furthermore, some identifiers of assets that are pretty stable in a traditional IT environment (such as IP address) are less reliable due to their transient behavior in AWS environments.

To make the best use of the GuardDuty findings, it needs to be integrated into a workflow system. Without this step, it is more difficult to determine the nature of the threat, interpret the impact to assets, and to develop guidance to contain the attack.

 

Improve Threat Response from GuardDuty Findings

The good news is that alerts generated by Amazon GuardDuty can be sent, using an API, to a workflow system. A workflow system can help determine if the threat is an isolated event, provide more detailed actionable information and reporting, so you can explore trends and communicate security assessment progress.

Cloud Insight Essentials

Cloud Insight Essentials (CIE) is a native AWS-native cloud security service that provide agentless, API-automated controls for configuration assessment and security incident response support. Alert Logic developed Cloud Insight Essentials (CIE) to apply deeper understanding and deliver actionable intelligence based on the GuardDuty findings. It is fully-integrated with Amazon GuardDuty and provides you with the context you need to remediate and prevent exposures. You get clear threat explanations with topology visualizations of impacted resources including relevant tags and VPC (virtual private cloud) location.

CIE shows you why, where and how to respond to Amazon GuardDuty findings, while continuously discovering and assessing your AWS configurations to find exposures and provide easy to understand actions that prevent future compromises. It’s easy to get started with Alert Logic Cloud Insight Essentials.

Follow our Provisioning Cloud Insight Essentials with Amazon GuardDuty guide and log into the Alert Logic console to discover your deployment, perform configuration checks, and integrate Amazon GuardDuty data for display on the Incidents page.

Additional Resources

Schedule A Demo

Want to see Alert Logic Cloud Insight in more detail?
Call us direct at 844.816.1051, for the UK call +44 (0) 203 011 5533, or complete this form to schedule a demo. An Alert Logic representative will contact you soon.