Category: HAQM GuardDuty

To respond to emerging threats, you will often need to sort through large datasets rapidly to prioritize security findings. HAQM Detective recently released two new features to help you do this. New visualizations in Detective show the connections between entities related to multiple HAQM GuardDuty findings, and a new export data feature helps you use […]

In this blog post, we’ll show you how to use HAQM Route 53 Resolver DNS Firewall to automatically respond to suspicious DNS queries that are detected by HAQM GuardDuty within your HAQM Web Services (AWS) environment. The Security Pillar of the AWS Well-Architected Framework includes incident response, stating that your organization should implement mechanisms to […]

If you run container workloads that use HAQM Elastic Kubernetes Service (HAQM EKS), HAQM GuardDuty now has added support that will help you better protect these workloads from potential threats. HAQM GuardDuty EKS Protection can help detect threats related to user and application activity that is captured in Kubernetes audit logs. Newly-added Kubernetes threat detections […]

April 21, 2022: The blog post has been updated to include information on the updated version of the hotpatch. See this security advisory for more details. Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the […]

In this blog post you’ll learn about a hands-on solution you can use for automated disk collection across multiple AWS accounts. This solution will help your incident response team set up an automation workflow to capture the disk evidence they need to analyze to determine scope and impact of potential security incidents. This post includes […]

October 13, 2021: We’ve added a section on redacting and transforming personally identifiable information with HAQM S3 Object Lambda. In this post, we describe the AWS services that you can use to both detect and protect your data stored in HAQM Simple Storage Service (HAQM S3). When you analyze security in depth for your HAQM […]

According to the AWS Security Incident Response Guide, by using security response automation, you can increase both the scale and the effectiveness of your security operations. Automation also helps you to adopt a more proactive approach to securing your workloads on AWS. For example, rather than spending time manually reacting to security alerts, you can […]

September 9, 2021: HAQM Elasticsearch Service has been renamed to HAQM OpenSearch Service. See details. HAQM GuardDuty is an automated threat detection service that continuously monitors for suspicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in HAQM S3. In this post, I’ll share how you can use GuardDuty with […]

The Security Operations Center (SOC) has a tough job. As customers modernize and shift to cloud architectures, the ability to monitor, detect, and respond to risks poses different challenges. In this post we address how HAQM GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to […]

A new whitepaper is available that summarizes the results of tests by Foregenix comparing HAQM GuardDuty with network intrusion detection systems (IDS) on threat detection of network layer attacks. GuardDuty is a cloud-centric IDS service that uses HAQM Web Services (AWS) data sources to detect a broad range of threat behaviors. Security engineers need to […]