Intelligent Threat Detection – Amazon GuardDuty – AWS

This diagram details GuardDuty’s features and integration with different AWS workload and resource types. The diagram is divided into five sections that display from left to right.

The first section is titled “Amazon GuardDuty,” and says, “A threat detection service that continuously monitors for compromised accounts, anomalous behavior, and malware.”

The second section is titled “Activate GuardDuty.” The second section says, “With a few steps in the console, monitor all your AWS accounts without additional software to deploy or manage.”

The third section explains the different workload and resource types that you can continuously monitor for threats using Amazon GuardDuty. The items outlined are: Amazon S3, databases, container workloads, instance workloads, accounts and users, and serverless.
In the third section, under the workload and resource types, there is a box titled “Continuously analyze.” The box then says, “Automatically and continuously monitor AWS workloads and resources for potential threats at scale.”

The fourth section has an illustration depicting crosshairs, with an alert or warning icon. This section describes how GuardDuty intelligently detects threats, and says “GuardDuty uses machine learning, anomaly detection, malware scanning, and integrated threat intelligence to identify and prioritize potential threats.”