Updated: Aug 21
As we anticipated, the anomaly and threat detection for Amazon Simple Storage Service activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your data stored in S3.
This new capability enables GuardDuty to continuously monitor and profile S3 data access events (usually referred to data plane operations) and S3 configurations (control plane APIs) to detect suspicious activities such as requests coming from an unusual geo-location, disabling of preventative controls such as S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions. To detect possibly malicious behavior, GuardDuty uses a combination of anomaly detection, machine learning, and continuously updated threat intelligence. For your reference, here’s the full list of GuardDuty S3 threat detections.
When threats are detected, GuardDuty produces detailed security findings to the console and to Amazon EventBridge, making alerts actionable and easy to integrate into existing event management and workflow systems, or trigger automated remediation actions using AWS Lambda. You can deliver findings to an S3 bucket to aggregate findings from multiple regions, and to integrate with third party security analysis tools.
If you are not using GuardDuty yet, S3 protection will be on by default when you enable the service. If you are using GuardDuty, you can simply enable this new capability with one-click in the GuardDuty console or through the API. For simplicity, and to optimize your costs, GuardDuty has now been integrated directly with S3. In this way, you don’t need to manually enable or configure S3 data event logging in AWS CloudTrail to take advantage of this new capability. GuardDuty also intelligently processes only the data events that can be used to generate threat detections, significantly reducing the number of events processed and lowering your costs.
If you are part of a centralized security team that manages GuardDuty across your entire organization, you can manage all accounts from a single account using the integration with AWS Organizations.
How OSAM can help
As an AWS Advanced Consulting Partner, OSAM has a bold team of Architects and DevOps engineers with a hunger for challenges and thirst for coffee. Not only can we enhance your information and system security, but we also optimize your cost/performance and ensure your continuation on AWS Cloud. Here is how we do it:
Step 01: ASSESS AND ANALYZE
Assess customers’ application infrastructure
Gather customers’ specific requirements
Step 02: CONSULT
Discuss with customers to find out best-fit services
Propose migration planning of Microsoft workloads to AWS
Provide customers approved AWS credit package
Step 03: MIGRATE
Determine what data and apps can be migrated
Move Microsoft workloads to the ideal environment
Step 04: VALIDATE
Perform post-migration validation
Once validated, we go live
Step 05: OPTIMIZE
Deploy managed services for better performance, agility and efficiency
Optimize figuration to get the most value of IT investment