Recently, Foregenix worked with Amazon Web Services to do a security review of the GuardDuty Intelligent Threat Detection Service. Specifically, we were looking for three abilities in the service:
Amazon Web Services offers a wide range of cloud computing services. Anywhere from analytics to machine learning, as well as file storage, business applications, and much more. Because of this, managing all these potential services needs to be safe and secure.
GuardDuty, once enabled, continuously monitors your AWS accounts for any suspected threats, using machine learning and anomaly detection. If anything suspicious is detected, it promises quick alerts and updates so you, or whoever is managing your cyber security, can decide whether or not it’s a threat or a false positive.
We configured a lab environment to simulate a real world deployment composed of a web server, a bastion box and an internal server used for centralised event logging.
The environment was left running under normal operating conditions for more than 45 days in order to allow all tested solutions to build up a baseline of patterns for standard environmental behaviour, from which to detect anomalies later on.
The test, initially focused on Amazon GuardDuty, also included Host-based IDS solutions from other vendors available in the AWS marketplace.
We found that GuardDuty was a very effective tool. The whitepaper will explain what tests we put it through, and to what degree it passed. Take a look at AWS's blog post.
Of course, I’m only scratching the surface. Our whitepaper on AWS’ Guard Duty covers all sorts of tests and analyses we conducted on the service.
This whitepaper will not only allow you to see the quality of service provided by GuardDuty, and come to the conclusion on whether you should use it for your business, but it is also a good opportunity to see how Foregenix conducts and measures such reviews.
You can download the whitepaper from AWS's blog post here.