Detect common threats

Leverage Amazon GuardDuty for threat detection and investigate findings

It is recommended to configure alerts via SNS for critical findings.

Why GuardDuty ? How else can I detect threats in AWS Cloud

While you could use 3rd party solutions such as Security Information and Event Management (SIEM) , User and Entity Behavior Analytics (UEBA), Network Behavior Anomaly detection (NBAD), and runtime monitoring solutions to analyze the sources that GuardDuty uses, the effort and cost of deploying these solutions, integrating them, and generating VPC Flow Logs on all your VPCs would represent a much higher cost and require much more effort, therefore we recommend other solutions for custom threat detections, in a later phase. Other solutions can be “wins”, but not “QuickWins”.

GuardDuty Mindmap

https://www.xmind.net/m/K3fmSB

Workshops

Risk Mitigation

  • GuardDuty can detect adversaries early through their reconnaissance activities and identify the most common threats.
  • GuardDuty is a threat detection service, therefore, to be effective someone should be taking action on the findings (or have an automation configured to respond)

Guidance for assessments

  • Do you have AWS GuardDuty enabled in all your organization ?
  • Is your team trained to understand GuardDuty findings ?

Pricing

https://aws.amazon.com/guardduty/pricing
The service has a 30-day trial period (free trial)
You can verify current usage and estimate future usage of this service.