Today, Amazon Web Services (AWS) announces the general availability of Amazon GuardDuty Extended Threat Detection. This new capability allows you to identify sophisticated, multi-stage attacks targeting your AWS accounts, workloads, and data. You can now use new attack sequence findings that cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical severity threats to minimize business impact.
GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale and automatically correlates security signals from across AWS services to detect critical threats. This capability allows for the identification of attack sequences, such as credential compromise followed by data exfiltration, and represents them as a single, critical-severity finding. The finding includes an incident summary, a detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations.
GuardDuty Extended Threat Detection is available in all AWS commercial Regions where GuardDuty is available. This new capability is automatically enabled for all new and existing GuardDuty customers at no additional cost. You do not need to enable all GuardDuty protection plans. However, enabling additional protection plans will increase the breadth of security signals, allowing for more comprehensive threat analysis and coverage of attack scenarios. You can take action on findings directly from the GuardDuty console or via its integrations with AWS Security Hub and Amazon EventBridge.
To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.
Source:: Amazon AWS