Amazon GuardDuty Threat intelligence and Alerting Service
Protect AWS deployments with Proofpoint ET Intelligence
Amazon GuardDuty protects customer AWS instances using ET Intelligence, the most accurate source of threat intelligence and alerting available.
Proofpoint ET Intelligence and AWS vulnerability scanning help Amazon GuardDuty detect and surface threats hidden in traffic between customer AWS instances and as it transverses to and from malicious sites. AWS vulnerability scanning proactively alerts for malicious activity and advanced threats such as weaponized URLs, credential phishing and malware command-and-control behaviors.
Actionable Alerts for Response
When network traffic to or from an AWS instance attempts to connect to a suspicious IP or domain, ET Intelligence generates an alert within the GuardDuty console notifying customers of the threat.
AWS vulnerability scanning alerts provide detailed information, including:
- Malicious IP or domain category such as botnet, CnC, drop site for logs or stolen credentials
- Threat intel source that detected a suspicious IP or domain, such as Proofpoint, a third-party or AWS internal threat intel sources
Who has access to these alerts?
AWS vulnerability scanning alerts are displayed within the GuardDuty console and are available to all authorized users of the AWS cloud services.
AWS GuardDuty alerts can be leveraged in the following ways:
- Network and infrastructure teams can block or filter suspect IP and domains
- Incident response teams can investigate targeted systems or user accounts associated with the alerts
- Remediation teams can power down or replace potentially compromised AWS instances