Amazon GuardDuty - Lightning talk

Transcript

1. © 2020, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon GuardDuty: Why is a quick win that every organization should activate? Gerardo Castro Arica Security Architect B89 L I G H T N I N G T A L K S P O N S O R E D B Y B 8 9

2. © 2020, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. ❑ Passionate for sharing AWS knowledge ❑ Love see cybersecurity topics ❑ Co-Organizer AWS UG Peru ❑ Daddy of 3 daugther ❑ Content builder ❑ Dogs Lover About me - someone said: “Great power, carries great responsability”

3. Amazon GuardDuty VPC Flow Logs DNS Logs CloudTrail Events Findings

   Threat intelligence Anomaly detection (ML) Amazon Detective • Alert • Remediation • Send to SIEM • Solutions technology partners CloudWatch Event Type of findings • Bitcoin mining • Command & Control • Anonymous connections • Recognition Unusual Behavior Example: • Launch instances • Changes in network permissions • Anomalies in the behavior of he network • Anomalous patterns of access to the data in Amazon S3 Amazon GuardDuty Data source Detection type HIGH MEDIUM LOW AWS SecurityHub S3 DataPlane Events

4. Thank you! © 2020, Amazon Web Services, Inc. or its

   affiliates. All rights reserved. Gerardo Castro Arica Security Architect Lumen Follow me! @gerardokaztro