AWS Launches Amazon GuardDuty for Cloud Security Threat Detection | eWeek

AWS Debuts Amazon GuardDuty for Cloud Threat Detection

Amazon GuardDuty
Nov 29, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Amazon Web Services kicked off its annual re:Invent conference on Nov. 28 announcing the new GuardDuty managed threat detection service.

The GuardDuty service is enabled via the AWS Management Console that helps cloud users to manage their deployments. The GuardDuty system analyzes API calls made to running virtual resources in a customer’s account, to help detect anomalous activity that could be indicative of a potential security risk.

“We designed Amazon GuardDuty to be so simple and cost effective that turning it on would be an easy choice for every AWS customer, regardless of their security expertise or the existing security services they use,” Stephen Schmidt, Chief Information Security Officer, Amazon Web Services wrote in a statement. “Amazon GuardDuty intelligently identifies hard-to-detect threats that might slip through the cracks of other security products and easily scales to meet the needs of any organization, whether they have two AWS accounts or two thousand.”


GuardDuty works with existing AWS services including CloudTrail, which provides activity and API usage monitoring. Data from Amazon VPC Flow Logs, which captures information from network traffic flowing from Virtual Private Cloud (VPC) instances, is also collected by GuardDuty to help detect potential threats.

“GuardDuty operates completely on AWS infrastructure and does not affect the performance or reliability of your workloads,” Jeff Barr, chief evangelist for AWS wrote in a blog post. “This clean, zero-footprint model should appeal to your security team and allow them to green-light the use of GuardDuty across all of your AWS accounts.”

Alerts generated by GuardDuty can be sent to the AWS CloudWatch service, which provides monitoring of AWS resources. There is also an API to integrate GuardDuty with multiple third party cloud security systems, including Alert Logic, Evident.io, Palo Alto Networks, Rapid7, Redlock, Splunk, Sumo Logic, and Trend Micro. Beyond just comparing cloud activity to a baseline of known good actions, GuardDuty also benefits from multiple threat intelligence feeds that come from security vendors including Proofpoint and Crowdstrike, to help further detect potential risks.

Another key integration point for GuardDuty is with the AWS Lambda serverless service. With Lambda, GuardDuty users can automate threat remediation based on alert conditions.

“With GuardDuty, when an instance is suspected of having data stolen the service will alert you to be able to automatically create an access control entry restricting outbound access for that instance,” the AWS GuardDuty service page states.

The new GuardDuty service builds on multiple efforts that AWS has already announced in 2017 to help improve cloud security. On Aug. 14, Amazon announced its Macie Machine Learning Service that can be used to automatically detect personally identifiable information in public cloud instances. On Nov. 8, Amazon announced enhanced capabilities to help protect S3 storage buckets and virtual private cloud (VPC) endpoint connections.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.