Amazon Web Services Posted July 6, 2022 Share Posted July 6, 2022 Amazon GuardDuty has incorporated new machine learning techniques that are highly effective at detecting anomalous access to data stored in Amazon Simple Storage Service (Amazon S3) buckets. This new capability continuously models S3 data plane API invocations (e.g. GET, PUT, and DELETE) within an account, incorporating probabilistic predictions to more accurately alert on highly suspicious user access to data stored in S3 buckets, such as requests coming from an unusual geo-location, or unusually high volumes of API calls consistent with attempts to exfiltrate data. The new machine learning approach can more accurately identify malicious activity associated with known attack tactics, including data discovery, tampering, and exfiltration. The new threat detections are available for all existing Amazon GuardDuty customers that have GuardDuty S3 Protection enabled, with no action required and at no additional costs. If you are not using GuardDuty yet, S3 protection will be on by default when you enable the service. If you are using GuardDuty, and are yet to enable S3 Protection, you can enable this capability organization-wide with one-click in the GuardDuty console or through the API. View the full article Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.