re:Invent 2017 – AWS Taps Machine Learning with GuardDuty to Secure Its Cloud A new fully managed security solution from Amazon Web Services is designed to provide continuous cloud infrastructure monitoring powered through machine learning. During the Tuesday evening keynote at the AWS re-Invent conference in Las Vegas, Stephen Schmidt, AWS’ chief Information Security Officer, announced the availability of Amazon GuardDuty. Schmidt described GuardDuty to be an “intelligent threats detection service” that uses machine-learning to analyze billions upon billions of AWS events and identify potential threats. AWS evangelist Jeff Barr explained in a blog post that GuardDuty “consumes multiple streams of data, including several threat intelligence feeders, staying aware on malicious IP addresses, deviousdomains, and, more importantly, learning how to accurately identify malicious or unauthorised behavior in your AWS account.” GuardDuty scans suspicious data from AWS CloudTrail, DNS logs, and AWS VPC flow logs. It also monitors suspicious user activity, such as unusual access locations or unauthorized resource deployments. Barr stated that GuardDuty will also monitor compromised EC2 instances, including instances that talk to malicious entities or services, data extraction attempts, and instances mining cryptocurrency. The service then flags potential areas of concern and assigns severity ratings. It also suggests corrective actions. CloudWatch can also funnel GuardDuty results, which allows users to automate their responses for specific threat types via Lambda functions. GuardDuty is now accessible from all AWS regions. It’s available for free for the first 30 day. After that, users will be charged according the volume of AWS events it processes. GuardDuty is one of many new security tools AWS has released in recent months. It’s especially aimed at protecting Amazon S3 service. Macie, a machine learning-based security solution specifically for S3, was launched by AWS in August. AWS added a few more S3 security features in November. More information from AWS Re:Invent 2017:

  • Sumerian: AWS Helps Developers Build VR and 3-D Apps
  • AWS Launches Cloud-Based Video Processing Service
  • VMware and AWS Announce Updates for Their Hybrid Cloud
  • AWS Launches Machine Learning Competency to Partners
  • AWS Launches a Bare-Metal EC2 hypervisor with a New I3 Instance
  • AWS Updates Aurora, DynamoDB, Unveils Neptune graph Database
  • Kubernetes Service, Hands-Free Container Deployment Available at AWS
  • AWS Partners Now Have the Opportunity to Gain Networking Competency