Amazon GuardDuty is a fully managed, simple, and affordable security monitoring and threat detection service that combines machine learning and anomaly detection to enable quick and uncomplicated identification of suspicious activities and malicious behavior across AWS cloud accounts and workloads.
Amazon Web Services, Inc. (AWS) is a multinational cloud service provider headquartered in Seattle, USA. A subsidiary of the American retail giant Amazon.com, AWS was initially formed to consolidate and standardize the computing infrastructure powering Amazon’s online business. In 2006, the AWS platform was launched officially with the vision of offering on-demand access to such an infrastructure to customers on a subscription basis, thus essentially making the company the first major player of the cloud computing market.
Over a decade later, AWS remains the largest cloud service provider both in terms of its infrastructure footprint and yearly revenue. With 61 availability zones in 20 regions around the world, the company has a massive global presence, serving millions of active customers every month. From its inception, AWS always had a strong focus on “builders” – skillful and motivated developers looking only for the necessary tools and services to start creating modern applications. For those people, the company offers more than 165 cloud services – ranging from basic infrastructure components to cloud-native development frameworks to advanced technologies like machine learning or even satellite management – at competitive prices.
As more and more businesses are striving to become cloud-native, transferring their applications and data to service providers like AWS, they are primarily thinking about the advantages of the cloud model, such as increased scalability, reduced management overhead, and lower TCO; however, many tend to overlook potential new security and compliance risks of the cloud. Although modern cloud service providers do implement sophisticated security measures to protect their infrastructure, that protection does not automatically extend to customers’ applications and data like many companies assume. AWS has a “shared responsibility model”. This means that AWS manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate; its customers are responsible for building secure and compliant applications.
Unfortunately, the growing sophistication of the modern cyber-attacks and the new harsh compliance regulations like GDPR have made high-profile data breaches even more visible and also increased the severity of the consequences for affected companies. Customers using misconfigured security settings for cloud data stores, applications, and APIs have been the reason for many of these data breaches. To help its customers meet these and many other security and compliance requirements, AWS has constantly expanded its set of encryption tools and other technical solutions over the past years.
The launch of Amazon GuardDuty in 2017 marks one of the first more business-oriented additions to the company’s security and compliance portfolio that combines managed rules, threat intelligence and machine learning to detect anomalies and recognize malicious or unauthorized behavior. Especially for enterprise customers with numerous resources spread across multiple AWS accounts, this service provides visibility into important security activities across the cloud environment, as well as the opportunity to detect cyber-threats early and automatically trigger predefined remediation actions.