rights reserved. Amazon GuardDuty: Why is a quick win that every organization should activate? Gerardo Castro Arica Security Architect B89 L I G H T N I N G T A L K S P O N S O R E D B Y B 8 9
rights reserved. ❑ Passionate for sharing AWS knowledge ❑ Love see cybersecurity topics ❑ Co-Organizer AWS UG Peru ❑ Daddy of 3 daugther ❑ Content builder ❑ Dogs Lover About me - someone said: “Great power, carries great responsability”
Threat intelligence Anomaly detection (ML) Amazon Detective • Alert • Remediation • Send to SIEM • Solutions technology partners CloudWatch Event Type of findings • Bitcoin mining • Command & Control • Anonymous connections • Recognition Unusual Behavior Example: • Launch instances • Changes in network permissions • Anomalies in the behavior of he network • Anomalous patterns of access to the data in Amazon S3 Amazon GuardDuty Data source Detection type HIGH MEDIUM LOW AWS SecurityHub S3 DataPlane Events