Using Amazon GuardDuty to Protect Your S3 Buckets

Đã cập nhật: 21 Th08 2020

As we anticipated, the anomaly and threat detection for Amazon Simple Storage Service activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your data stored in S3.

This new capability enables GuardDuty to continuously monitor and profile S3 data access events (usually referred to data plane operations) and S3 configurations (control plane APIs) to detect suspicious activities such as requests coming from an unusual geo-location, disabling of preventative controls such as S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions. To detect possibly malicious behavior, GuardDuty uses a combination of anomaly detection, machine learning, and continuously updated threat intelligence. For your reference, here’s the full list of GuardDuty S3 threat detections.

When threats are detected, GuardDuty produces detailed security findings to the console and to Amazon EventBridge, making alerts actionable and easy to integrate into existing event management and workflow systems, or trigger automated remediation actions using AWS Lambda. You can deliver findings to an S3 bucket to aggregate findings from multiple regions, and to integrate with third party security analysis tools.

If you are not using GuardDuty yet, S3 protection will be on by default when you enable the service. If you are using GuardDuty, you can simply enable this new capability with one-click in the GuardDuty console or through the API. For simplicity, and to optimize your costs, GuardDuty has now been integrated directly with S3. In this way, you don’t need to manually enable or configure S3 data event logging in AWS CloudTrail to take advantage of this new capability. GuardDuty also intelligently processes only the data events that can be used to generate threat detections, significantly reducing the number of events processed and lowering your costs.

If you are part of a centralized security team that manages GuardDuty across your entire organization, you can manage all accounts from a single account using the integration with AWS Organizations.

How OSAM can help

As an AWS Advanced Consulting Partner, OSAM has a bold team of Architects and DevOps engineers with a hunger for challenges and thirst for coffee. Not only can we enhance your information and system security, but we also optimize your cost/performance and ensure your continuation on AWS Cloud. Here is how we do it:


  • Assess customers’ application infrastructure

  • Gather customers’ specific requirements

Step 02: CONSULT

  • Discuss with customers to find out best-fit services

  • Propose migration planning of Microsoft workloads to AWS

  • Provide customers approved AWS credit package

Step 03: MIGRATE

  • Determine what data and apps can be migrated

  • Move Microsoft workloads to the ideal environment


  • Perform post-migration validation

  • Once validated, we go live


  • Deploy managed services for better performance, agility and efficiency

  • Optimize figuration to get the most value of IT investment

214 lượt xem0 bình luận

Bài đăng gần đây

Xem tất cả