What AWS native service for AWS account anomaly detection and intrusion detection?

0

Hi,

Do we have any turnkey functionality enabling anomaly-based intrusion detection in AWS accounts? if yes which service offers that? It's not super-clear to me what capability is present in GuardDuty and Detective (docs say "use rule set and ML [...] and analyze data like VPC flow logs, DNS, Cloudtrail").

2 回答
2

In addition to the suggestions from the answer above, I'd recommend using the 4th session of the Well-Architected Framework - Security Pillar - which gives guidance configuring services (not only GuardDuty and CloudTrail but other services that can be used to detect threats like WAF, Config, etc) , analyze logs, prepare automation and implement actionable security events following best practices to threat detection.

https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_detect_investigate_events_app_service_logging.html

I'd suggest also to look at the AWS Security Hub service which can centralize alerts and insights from several AWS and 3rd party services not only regarded to threat detection.

https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html

AWS
已回答 2 个月前
0
已接受的回答

First I suggest to share this whitepaper with the customer https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf

Secondly: https://aws.amazon.com/blogs/security/why-we-reduce-complexity-and-rapidly-iterate-on-amazon-guardduty-twelve-new-detections-added/

AWS Guarduty combined with AWS Cloud Trail is the options available natively for now, or you could use Alert Logic a partner on the marketplace.

已回答 4 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则