Amazon Guard Duty, a new service announced Tuesday, provides constant, intelligent threat detection for Amazon Web Services (AWS) accounts and workloads.
Unveiled at a keynote address during the firm’s re: Invent conference, Guard Duty starts by ingesting data from both public and AWS-generated data feeds, a blog post said. It then uses machine learning to identify trends and other patterns that indicate something might be wrong.
Using the data it consumes, it keeps tabs on malicious IP address, bad websites, and other dangerous behaviors. Within AWS, it will take in data from VPC Flow Logs, AWS Cloud Trail Event Logs, and DNS logs, the post said. With this data, it can look for unusual behavior such as access coming from strange locations, or probes for known vulnerabilities.
Images/text sourced from TechRepublic.com