• OSAM

Using Amazon GuardDuty to Protect Your S3 Buckets

Updated: Aug 21

As we anticipated, the anomaly and threat detection for Amazon Simple Storage Service activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your data stored in S3.





This new capability enables GuardDuty to continuously monitor and profile S3 data access events (usually referred to data plane operations) and S3 configurations (control plane APIs) to detect suspicious activities such as requests coming from an unusual geo-location, disabling of preventative controls such as S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions. To detect possibly malicious behavior, GuardDuty uses a combination of anomaly detection, machine learning, and continuously updated threat intelligence. For your reference, here’s the full list of GuardDuty S3 threat detections.


When threats are detected, GuardDuty produces detailed security findings to the console and to Amazon EventBridge, making alerts actionable and easy to integrate into existing event management and workflow systems, or trigger automated remediation actions using AWS Lambda. You can deliver findings to an S3 bucket to aggregate findings from multiple regions, and to integrate with third party security analysis tools.





If you are not using GuardDuty yet, S3 protection will be on by default when you enable the service. If you are using GuardDuty, you can simply enable this new capability with one-click in the GuardDuty console or through the API. For simplicity, and to optimize your costs, GuardDuty has now been integrated directly with S3. In this way, you don’t need to manually enable or configure S3 data event logging in AWS CloudTrail to take advantage of this new capability. GuardDuty also intelligently processes only the data events that can be used to generate threat detections, significantly reducing the number of events processed and lowering your costs.


If you are part of a centralized security team that manages GuardDuty across your entire organization, you can manage all accounts from a single account using the integration with AWS Organizations.





How OSAM can help


As an AWS Advanced Consulting Partner, OSAM has a bold team of Architects and DevOps engineers with a hunger for challenges and thirst for coffee. Not only can we enhance your information and system security, but we also optimize your cost/performance and ensure your continuation on AWS Cloud. Here is how we do it:


Step 01: ASSESS AND ANALYZE


  • Assess customers’ application infrastructure

  • Gather customers’ specific requirements

Step 02: CONSULT


  • Discuss with customers to find out best-fit services

  • Propose migration planning of Microsoft workloads to AWS

  • Provide customers approved AWS credit package


Step 03: MIGRATE


  • Determine what data and apps can be migrated

  • Move Microsoft workloads to the ideal environment


Step 04: VALIDATE


  • Perform post-migration validation

  • Once validated, we go live


Step 05: OPTIMIZE


  • Deploy managed services for better performance, agility and efficiency

  • Optimize figuration to get the most value of IT investment

44 views
VĂN PHÒNG
LIÊN HỆ
  • Facebook
  • YouTube
  • LinkedIn

Hà Nội

Tầng 2 Tòa nhà Trường Thịnh,

#1 Phùng Chí Kiên, Cầu Giấy.
 

Thành phố Hồ Chí Minh

Tầng 10, Tòa nhà Dreamplex,

#2 Nguyễn Trung Ngạn, Quận 1

Singapore

101 Upper Cross St.

#05-16 People's Park Centre

Nhật Bản

Shinjuku Monolith 19th Floor,

2-3-1 Nishi Shinjuku, Shinjuku-ku

 

Công ty TNHH Quốc Tế OSAM

(+84) 024 22165050.

hello@osam.io

 

9:00AM tới 6:00PM (GMT+7)

Số GCNĐKDN: 0107692699

Nơi cấp: Sở Kế hoạch & Đầu tư Thành phố Hà Nội (06/01/2017)

© Copyright 2020 Osam.io