With GuardDuty, AWS Taps Machine Learning to Secure Its Cloud
A new, fully managed security solution from Amazon Web Services (AWS) aims to deliver continuous cloud infrastructure monitoring powered by machine learning.
Stephen Schmidt, AWS' chief information security officer, announced the general availability of Amazon GuardDuty during the Tuesday evening keynote of the AWS re:Invent conference, taking place in Las Vegas this week. Schmidt described GuardDuty as an "intelligent threat detection service" that uses machine learning to analyze billions of AWS events and spot potential threats.
In a subsequent blog post, AWS evangelist Jeff Barr explained that GuardDuty "consumes multiple data streams, including several threat intelligence feeds, staying aware of malicious IP addresses, devious domains, and more importantly, learning to accurately identify malicious or unauthorized behavior in your AWS accounts."
GuardDuty scans for suspicious data sourced from DNS logs, AWS CloudTrail and AWS VPC Flow logs. It also tracks suspicious user activity, including unusual access locations and unauthorized resource deployments.
"GuardDuty will also look for compromised EC2 instances talking to malicious entities or services, data exfiltration attempts, and instances that are mining cryptocurrency," Barr said.
The service then flags areas of concern, ranks them by severity and proposes corrective measures. GuardDuty results can also be funneled through CloudWatch, which means users can automate their responses to specific threat types using Lambda functions.
GuardDuty is now available out of most AWS regions. It's free to use for the first 30 days, after which users will be charged according to the volume of AWS events that it processes.
The GuardDuty release is part of a string of new security tools that AWS has rolled out in recent months, particularly aimed at protecting the beleaguered Amazon S3 service. In August, the company launched Macie, another machine learning-based security service specifically for S3. In early November, AWS implemented another handful of S3 security features.
More from AWS re:Invent 2017: