Intelligent Threat Detection (Amazon Guard ​Duty)

Component description

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your cloud-environment. With Amazon GuardDuty you now have an intelligent and cost-effective option for continuous threat detection in AWS. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs. Typically, we use Amazon GuardDuty for customers who require a higher level of security such as payment providers or highly frequented portals and stores.


Common use cases

Amazon GuardDuty is mainly used in environments with very high security requirements. These include environments that are operated in the context of PCI-DSS. Amazon GuardDuty classifies findings into different severity levels, which are structured as follows:

Severity level

Value range

High: A High severity level indicates that the resource in question (an EC2 instance or a set of IAM user credentials) is compromised and is actively being used for unauthorized purposes.

8.9 - 7.0

Medium: A Medium severity level indicates suspicious activity that deviates from normally observed behavior and, depending on your use case, may be indicative of a resource compromise.

6.9 - 4.0

Low: A low severity level indicates attempted suspicious activity that did not compromise your network, for example, a port scan or a failed intrusion attempt.

3.9 - 1.0

If we are alerted by Amazon GurdDuty, we will evaluate the finding and contact the customer to discuss the next steps. In any case a close cooperation is required. Depending on the severity, we will take initial steps to be able to ensure the security of the environment. This includes, for example, blocking IPs or isolating components of the environment, possibly causing disruptions to the application. We can also be asked to perform more in-depth analyses as Professional Service.

In our standard configuration, Amazon GuardDuty alerts on the severity levels Medium and High.

Requesting Intelligent Threat Detection (Amazon Guard​Duty)

If you want to request Intelligent Threat Detection (Amazon Guard​Duty), you can do so by sending an E-Mail to service@root360.de or creating a ticket in the ticket system.

Required information

Required Information

Explanation

Options

Emergency contact

A timely response is desirable for a comprehensive and rapid evaluation of the finding and solution.

E-mail address and telephone number

Pricing

For AWS pricing see https://aws.amazon.com/de/guardduty/pricing/.

For root360 Managed Services pricing please contact our Service Team.

Related tutorials