Amazon GuardDuty has launched advanced AI/ML threat detection capabilities, enhancing its ability to protect cloud environments from sophisticated security threats.
This new feature leverages AWS’s extensive cloud visibility and scale to provide improved threat detection for applications, workloads, and data.
Key Features and Benefits:-
- Extended Threat Detection
- Attack Sequence Findings
- Improved Actionability
.webp)
GuardDuty Extended Threat Detection uses sophisticated AI/ML to identify both known and previously unknown attack sequences, offering a more comprehensive and proactive approach to cloud security.
This enhancement addresses the growing complexity of modern cloud environments and simplifies threat detection and response.
.webp)
The new capabilities introduce attack sequence findings, a critical severity type of GuardDuty finding. These findings include:-
- A natural language summary of the threat’s nature and significance
- Observed activities mapped to MITRE ATT&CK framework tactics and techniques
- Prescriptive remediation recommendations based on AWS best practices
Besides this, it’s been observed that the Amazon GuardDuty now offers composite detections that span multiple data sources, time periods, and resources within an account, providing a more comprehensive understanding of sophisticated cloud attacks.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
How It Works
Console Updates
The GuardDuty console now features new widgets on the Summary page, including:
- An overview widget showing the number of attack sequences
- A widget displaying findings broken down by severity
- The ability to filter for top attack sequences
Types of Findings
Two main types of findings are highlighted:
- Data compromise: Indicates potential data compromise, possibly part of a larger ransomware attack
- Compromised credential: Detects misuse of compromised credentials in early attack stages
Detailed Information
Each finding provides extensive details, including:-
- Specific user actions
- Affected accounts and resources
- Extended time periods of activity
- Multiple signals observed over time
- Tactics and techniques mapped to the MITRE ATT&CK framework
GuardDuty Extended Threat Detection is:-
- Automatically enabled for all GuardDuty accounts in a Region
- Available at no additional cost in all commercial AWS Regions where GuardDuty is supported
- Integrated with existing GuardDuty workflows, including AWS Security Hub and Amazon EventBridge
This enhancement significantly improves cloud security by automating the analysis of complex attack sequences and providing actionable insights, helping security teams focus on addressing critical threats efficiently.
Analyse Advanced Malware & Phishing Analysis With ANY.RUN Black Friday Deals : Get up to 3 Free Licenses.