Security is a perennial concern for cloud skeptics and cloud enthusiasts alike, and Amazon Web Services hopes to stay one step ahead of threats to its customers with a new security service called Amazon GuardDuty.
Building on the work of Amazon Macie, a similar service for protecting Amazon S3 storage users announced earlier this year, GuardDuty is a “new intelligence-driven threat-detection service” that protects entire AWS accounts, said Stephen Schmidt, vice president of security engineering and chief information security officer for AWS, at the end of the opening night keynote at re:Invent 2017. It is immediately available across several, but not all, AWS regions.
GuardDuty runs on AWS’s own infrastructure, which means customers don’t have to pay for computing instances to run it, although it’s not free. The system analyzes customer log data alongside data from across AWS and other public sources to detect anomalies in traffic that are often signs of malicious activity, Schmidt said.
When it has found something, GuardDuty gives that warning a severity rating of low, medium, or high, and customers can link those alerts into existing monitoring systems like Splunk or PageDuty. GuardDuty also works with popular alerting tools like Atlassian’s JIRA, ServiceNow, and Slack.
There’s hardly a security researcher or engineer on the planet that hasn’t kicked around the idea of using machine learning to better detect security issues, and there are dozens of startups with similar products jockeying for attention. But a lot of those products drown their users in alerts that aren’t nearly as important as the system would like you to think, Schmidt said.
“Only human beings can make well-reasoned judgements about the very gray area of risk in security,” he said.