Source: aws.amazon.com
New – Using Amazon GuardDuty to Protect Your S3 BucketsCategory: Security, Data, automation
As we anticipated in this post, the anomaly and threat detection for Amazon Simple Storage Service (S3) activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your data stored in S3. This new capability enables GuardDuty to continuously monitor and profile S3 data access events (usually referred to data plane operations) and S3 configurations (control plane APIs) to detect suspicious activities such as requests coming from an unusual geo-location, disabling of preventative controls such as S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.
You can optionally deliver findings to an S3 bucket to aggregate findings from multiple regions, and to integrate with third party security analysis tools.
In this way, you don’t need to manually enable or configure S3 data event logging in AWS CloudTrail to take advantage of this new capability.
You can optionally deliver findings to an S3 bucket to aggregate findings from multiple regions, and to integrate with third party security analysis tools.
In this way, you don’t need to manually enable or configure S3 data event logging in AWS CloudTrail to take advantage of this new capability.
Related Articles
Community Partners
DevOps Careers