Managing Threat Detection with Amazon GuardDuty
For those unfamiliar with Amazon GuardDuty, it is a fully managed, intelligent threat-detection service, powered by machine learning, that continually provides insights into unusual and/or unexpected behavioral patterns within your account that could be considered malicious. Amazon GuardDuty can process and analyze millions of events captured through your AWS CloudTrail, DNS, and VPC Flow Logs from a single account or multiple accounts. These events are then referenced against numerous threat detection feeds, many of which contain known sources of malicious activity, including specific URLs and IP addresses.
Amazon GuardDuty is continually learning, based on the day-to-day operations within your account, to differentiate between normal behavior and what could be considered abnormal behavior, allowing it to effectively indicate a threat within your infrastructure. This behavioral-based analysis allows GuardDuty to detect potential interactions...