AWS Detection & Response
AWS Tutorial: Threat Detection & Response
Welcome to the Detection & Response lesson. Perfect security is impossible. When an attack happens, the speed at which your team is alerted and responds dictates how much damage is done.
Why Learn Detection Services?
Without automated threat detection, hackers can linger inside corporate networks for months completely unnoticed. AWS offers intelligent services that act as a 24/7 security patrol scanning your account logs for anomalies.
Tutorial Overview
In this tutorial, you will learn:
- Amazon GuardDuty
- AWS Security Hub
The Security Patrol
- Amazon GuardDuty: An intelligent threat detection service that continuously monitors your AWS account for malicious activity or unauthorized behavior. It uses machine learning to identify anomalies (e.g., "Why is an EC2 instance suddenly communicating with a known cryptocurrency mining IP address?").
- AWS Security Hub: Gives you a comprehensive, centralized view of your security alerts and security posture across your AWS accounts. It automatically aggregates alerts from GuardDuty, Macie, and AWS Firewall Manager into a single, unified dashboard for your security team to review.
Exercise
?Which intelligent threat detection service continuously monitors for malicious behavior, such as unusual API calls or unauthorized cryptocurrency mining?