Content, Channel partners, Security Program Controls/Technologies, Threat Intelligence

Amazon Unveils AWS GuardDuty Managed Threat Detection Service


Amazon Web Services (AWS) today launched GuardDuty, a fully managed intelligent threat detection service that helps AWS customers safeguard their accounts and workloads against malicious or unauthorized behavior.

GuardDuty, unveiled at the AWS re:Invent 2017 user, developer and cloud conference in Las Vegas, continuously monitors AWS customer account activity and applies machine learning to identify any events that fall outside normal patterns. It also correlates account activity using both proprietary threat intelligence sources and third-party sources and alerts customers any time it detects anomalies, AWS said in a prepared statement.

In addition, GuardDuty is designed for integration into existing event management and workflow systems, AWS stated. It requires no upfront costs, AWS pointed out, or hardware or software to deploy.

A free 30-day trial of GuardDuty is now available. After the trial, AWS customers pay only for events analyzed by the service.

What Does GuardDuty Mean for MSSPs?

MSSPs can deploy GuardDuty to identify AWS account-based threats that traditional solutions might miss, according to AWS.

GuardDuty enables MSSPs to leverage AWS CloudTrail and Amazon VPC Flow Logs, AWS said, and generate anomaly alerts that are tailored to each customer's AWS use.

Furthermore, GuardDuty continuously updates its threat intelligence sources, AWS pointed out. It also can be enabled instantly, AWS noted, with no risk of negatively impacting existing customer application workloads.

Why Should MSSPs Enter the Cloud Security Market?

GuardDuty may help MSSPs enter the cloud security market and empower organizations to protect their cloud applications and workloads.

Cloud security remains a major problem for many organizations, which is reflected in a recent survey conducted by digital security company Gemalto.

Key findings from the Gemalto "2016 Global Cloud Data Security Study" of 3,476 IT and IT security practitioners included:

  • 73 percent of survey respondents said cloud computing applications and platform solutions are considered very important or important to their organizations' operations.
  • Storage of customer information has increased from 53 percent of respondents in 2014 to 62 percent of respondents last year.
  • 60 percent stated it is more difficult to protect confidential or sensitive information when using cloud services versus on-premises services.

Moreover, the global cloud security market is projected to expand at a compound annual growth rate (CAGR) of 25.5 percent between 2017 and 2022, market research firm MarketsandMarkets said in a prepared statement. This sector also could be worth approximately $12.7 billion by 2022.

As IT and IT security practitioners increasingly leverage AWS and other cloud environments, the cloud security market may present many opportunities to MSSPs. Meanwhile, MSSPs that incorporate cloud security services into their portfolios could position themselves to capitalize on the rising demand for cloud solutions.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.