Category: HAQM GuardDuty

Understanding risk and identifying the root cause of an issue in a timely manner is critical to businesses. HAQM Web Services (AWS) offers multiple security services that you can use together to perform more timely investigations and improve the mean time to remediate issues. In this blog post, you will learn how to integrate HAQM […]

January 31, 2025: This post was revised to update several paragraphs in the section Scenario 1: Automated investigations. Uncovering  AWS Identity and Access Management (IAM) users and roles potentially involved in a security event can be a challenging task, requiring security analysts to gather and analyze data from various sources, and determine the full scope […]

In this blog post, I take you on a deep dive into HAQM GuardDuty Runtime Monitoring for EC2 instances and key capabilities that are part of the feature. Throughout the post, I provide insights around deployment strategies for Runtime Monitoring and detail how it can deliver security value by detecting threats against your HAQM Elastic […]

HAQM Simple Storage Service (HAQM S3) is a widely used object storage service known for its scalability, availability, durability, security, and performance. When sharing data between organizations, customers need to treat incoming data as untrusted and assess it for malicious files before ingesting it into their downstream processes. This traditionally requires setting up secure staging […]

Threat intelligence that can fend off security threats before they happen requires not just smarts, but the speed and worldwide scale that only AWS can offer. Organizations around the world trust HAQM Web Services (AWS) with their most sensitive data. One of the ways we help secure data on AWS is with an industry-leading threat […]

According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In HAQM Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]

April 8, 2024: We have updated the post to revise the CloudFormation launch stack link to provision the CloudFormation template. Continually reviewing your organization’s incident response capabilities can be challenging without a mechanism to create security findings with actual HAQM Web Services (AWS) resources within your AWS estate. As prescribed within the AWS Security Incident […]

Containerization technologies such as Docker and orchestration solutions such as HAQM Elastic Container Service (HAQM ECS) are popular with customers due to their portability and scalability advantages. Container runtime monitoring is essential for customers to monitor the health, performance, and security of containers. AWS services such as HAQM GuardDuty, HAQM Inspector, and AWS Security Hub […]

HAQM GuardDuty is a threat detection service that continuously monitors your HAQM Web Services (AWS) accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. GuardDuty Malware Protection helps detect the presence of malware by performing agentless scans of the HAQM Elastic Block Store (HAQM EBS) volumes that are attached to […]

At AWS, we often hear from customers that they want expanded security coverage for the multiple services that they use on AWS. However, alert fatigue is a common challenge that customers face as we introduce new security protections. The challenge becomes how to operationalize, identify, and prioritize alerts that represent real risk. In this post, […]