What is Guard Duty?
Amazon GuardDuty is a continuous security monitoring service that identifies possible malicious activity within AWS environments. Amazon GuardDuty analyzes Amazon CloudTrail and AWS VPC Flow Log data to look for issues such as escalation of privileges, use of exposed credentials, or communication from malicious IPs, URLs, or domains.
Amazon GuardDuty helps AWS customers keep their AWS environment running with less interruption to their operations and helps ensure an organization’s compliance with security standards.
When Amazon GuardDuty detects unexpected and potentially damaging behavior in your AWS environment, it displays alerts in the Amazon GuardDuty Management Console.
Threat Response Challenges
Cloud environments, such as AWS can be challenging for security monitoring services because assets can appear and disappear dynamically. Furthermore, some identifiers of assets that are pretty stable in a traditional IT environment (such as IP address) are less reliable due to their transient behavior in AWS environments.
To make the best use of the GuardDuty findings, it needs to be integrated into a workflow system. Without this step, it is more difficult to determine the nature of the threat, interpret the impact to assets, and to develop guidance to contain the attack.
Improve Threat Response from GuardDuty Findings
The good news is that alerts generated by Amazon GuardDuty can be sent, using an API, to a workflow system. A workflow system can help determine if the threat is an isolated event, provide more detailed actionable information and reporting, so you can explore trends and communicate security assessment progress.
Alert Logic Essentials
Alert Logic Essentials is a native AWS-native cloud security service that provides agentless, API-automated controls for configuration assessment and security incident response support. Alert Logic developed Essentials to apply deeper understanding and deliver actionable intelligence based on the GuardDuty findings. It is fully-integrated with Amazon GuardDuty and provides you with the context you need to remediate and prevent exposures. You get clear threat explanations with topology visualizations of impacted resources including relevant tags and VPC (virtual private cloud) location.
Alert Logic Essentials shows you why, where and how to respond to Amazon GuardDuty findings, while continuously discovering and assessing your AWS configurations to find exposures and provide easy to understand actions that prevent future compromises. It’s easy to get started with Alert Logic Essentials.
Log into the Alert Logic console to discover your deployment, perform configuration checks, and integrate Amazon GuardDuty data for display on the Incidents page.
Need to Schedule A Demo?
Please fill out the form below in its entirety or call us directly at 844.816.1051, for the UK call +44 (0) 203 011 5533.