Talk to sales

Ask a member of our sales team about our products or services:

Amazon GuardDuty Threat intelligence and Alerting Service

Proofpoint ET Intelligence delivers the most timely and accurate threat intelligence to protect AWS deployments

Overview

Amazon GuardDuty protects customer AWS instances using ET Intelligence, the most accurate source of threat intelligence and alerting available.

Proofpoint ET Intelligence helps Amazon GuardDuty detect and surface threats hidden in traffic between customer AWS instances and as it transverses to and from malicious sites. It proactively alerts for malicious activity and advanced threats such as weaponized URLs, credential phishing and malware command-and-control behaviors.

Actionable Alerts for Response

When network traffic to or from an AWS instance attempts to connect to a suspicious IP or domain, ET Intelligence generates an alert within the GuardDuty console notifying customers of the threat.

Alerts provide detailed information, including:

  • Malicious IP or domain category such as botnet, CnC, drop site for logs or stolen credentials
  • Threat intel source that detected a suspicious IP or domain, such as Proofpoint, a third-party or AWS internal threat intel sources

Who has access to these alerts?

  • Alerts are displayed within the GuardDuty console and are available to all authorized users of the AWS cloud services.
  • GuardDuty alerts can be leveraged in the following ways:
    • Network and infrastructure teams can block or filter suspect IP and domains
    • Incident response teams can investigate targeted systems or user accounts associated with the alerts
    • Remediation teams can power down or replace potentially compromised AWS instances

Check out Amazon GuardDuty

Learn More about Amazon GuardDuty and how it works with Proofpoint

Discover Amazon GuardDuty and Proofpoint ET Intelligence

Learn more about ET Intelligence and its integration with Amazon GuardDuty