Navigating Amazon GuardDuty protection plans and Extended Threat Detection

Source: AWS Security Blog

Author: Nisha Amthul

URL: https://aws.amazon.com/blogs/security/navigating-amazon-guardduty-protection-plans-and-extended-threat-detection/

https://aws.amazon.com/blogs/security/navigating-amazon-guardduty-protection-plans-and-extended-threat-detection/

ONE SENTENCE SUMMARY:

Organizations leverage Amazon GuardDuty’s AI-driven threat detection services to enhance security across AWS environments with various protection plans.

MAIN POINTS:

1. Amazon GuardDuty uses AI and ML for continuous AWS environment threat detection.
2. Protection plans extend GuardDuty’s capabilities to specific AWS services like S3 and EKS.
3. S3 Protection detects data exfiltration and unauthorized bucket changes.
4. EKS Protection analyzes Kubernetes audit logs for malicious activities.
5. Runtime Monitoring identifies threats at the operating system level on EC2 and container workloads.
6. Malware Protection scans EBS volumes and S3 objects for known threats.
7. RDS Protection analyzes login activities for potential unauthorized database access.
8. Lambda Protection monitors network activities to detect serverless function threats.
9. Enabling relevant protection plans offers cost-effective, comprehensive monitoring.
10. Extended Threat Detection leverages AI to correlate security signals and highlight active threats.

TAKEAWAYS:

1. Align protection plans with workload types for optimal threat detection.
2. Use Extended Threat Detection for enhanced security insights.
3. Protection plans are flexible, enabling customized security strategies.
4. GuardDuty maps findings to MITRE ATT&CK® for context.
5. Each plan includes a 30-day trial to evaluate security needs.