Amazon GuardDuty protects customer AWS instances using ET Intelligence, the most accurate source of threat intelligence and alerting available.
Proofpoint ET Intelligence helps Amazon GuardDuty detect and surface threats hidden in traffic between customer AWS instances and as it transverses to and from malicious sites. It proactively alerts for malicious activity and advanced threats such as weaponized URLs, credential phishing and malware command-and-control behaviors.
Actionable Alerts for Response
When network traffic to or from an AWS instance attempts to connect to a suspicious IP or domain, ET Intelligence generates an alert within the GuardDuty console notifying customers of the threat.
Alerts provide detailed information, including:
- Malicious IP or domain category such as botnet, CnC, drop site for logs or stolen credentials
- Threat intel source that detected a suspicious IP or domain, such as Proofpoint, a third-party or AWS internal threat intel sources
Who has access to these alerts?
- Alerts are displayed within the GuardDuty console and are available to all authorized users of the AWS cloud services.
- GuardDuty alerts can be leveraged in the following ways:
- Network and infrastructure teams can block or filter suspect IP and domains
- Incident response teams can investigate targeted systems or user accounts associated with the alerts
- Remediation teams can power down or replace potentially compromised AWS instances
Check out Amazon GuardDuty
Learn More about Amazon GuardDuty and how it works with Proofpoint
Discover Amazon GuardDuty and Proofpoint ET Intelligence
Learn more about ET Intelligence and its integration with Amazon GuardDuty