DEV Community

Jin Vincent Necesario
Jin Vincent Necesario

Posted on • Originally published at lock29down.Medium on

AWS Guard Duty

AWS GuardDuty is a security detection service that constantly watches your AWS accounts, EC2 workloads, applications, and stored data.


Photo by Tobias Tullius / Unsplash

Introduction

Suppose you’re wondering if there’s an AWS service designed to detect malicious activity and unauthorized behavior against your organization’s AWS account. You came to the right place.

In this article, we’ll discuss AWS Guard Duty, what it is, its key features, and simple steps on how to create one.

Ok, let’s get started then.

What is AWS Guard Duty?


Image Source: https://aws.amazon.com/guardduty/

It helps our organization to protect its AWS accounts and workloads by continuously monitoring for malicious activity and unauthorized behavior.

In other words, AWS Guard Duty is a threat detection service that can analyze and detect malicious activity against your organization’s AWS account and application workloads.

What are Some Of The Threats That AWS Guard Duty Can Detect?

  • Use of exposed credentials.
  • Any communication with malicious IP addresses and domains.
  • Odd activities in an AWS account.
  • Notice ECS instance compromises such as those associated with cryptocurrency mining.
  • S3 bucket compromises, like unusual S3 API activity from unauthorized access from known malicious IP addresses.

What are The Key Features of AWS Guard Duty?

In this section, let’s discuss some key points and features of AWS Guard Duty.

Threat Detection

To find potential threats and suspicious activity. AWS Guard Duty examines different data sources in your organization’s AWS environment, such as AWS CloudTrail, VPC Flow, and DNS Logs.

Anomalies and well-known attack patterns are easily pinpointed using threat intelligence and machine learning algorithms.

Intelligent Alerts

This service generates security findings and warnings when it detects a potential attack via AWS Management Console, Amazon CloudWatch Events, or Amazon Simple Notification Service (SNS).

Remember that these warnings offer comprehensive details on how the threat has been detected, including the resources that have been impacted and suggested corrective actions.

Easy Integration

Integrates efficiently with different AWS services and security tools. It only needs a few clicks to enable it; sounds easy, right?

Centralized Management

From an organization’s standpoint, they can keep an eye on many AWS accounts inside the organization using this service from a centralized master account. Furthermore, it gives the organization a comprehensive understanding of security risks affecting the entire infrastructure.

Steps on How to Create AWS Guard Duty

  • Sign in to AWS Management Console, find “GuardDuty” on the search bar, and then select. Then you’ll see the “Security, Identity & Compliance” Section and a button on the right side of the screen. Click “Get Started.”

  • After that, it will let you go to the welcome dashboard. Then click “Enable GuardDuty.”

  • After that, it will show you a message “You’ve successfully enabled GuardDuty.” And you’ll see the “GuardDuty” dashboard in the sample screenshot below.

  • Under the protection plans, you’ll be able to see if the protection plan is enabled.

  • Let’s see the sample findings below.

Summary

In this post, we have explored the AWS Guard Duty. We started by answering what it is, what threats it can detect, its key features, and the steps to create it.

Stay tuned for more. Until next time, happy programming and happy cloud computing!

Please remember to subscribe, bookmark, like, and comment. Cheers! and Thank you!

References

Top comments (0)