Amazon GuardDuty Threat Detections for Suspicious DNS Traffic | Amazon Web Services

Опубликовано 31 января 2024, 1:14

Amazon GuardDuty monitors DNS traffic from EC2 instances that use the Amazon DNS resolvers to detect potential malicious actor activities. However, malicious actors may attempt to mask their activity by using external DNS providers, or by using techniques such as sending DNS traffic over HTTPS (DoH), or over TLS (DoT). Amazon GuardDuty offers threat detections (finding types: DefenseEvasion:EC2/UnusualDNSResolver, DefenseEvasion:EC2/Unusual DoHActivity, and DefenseEvasion:EC2/UnusualDoTActivity) to help detect suspicious DNS traffic indicative of potential attempts by malicious actors to evade detection when performing activities such as exfiltrating data, or using command & control servers to communicate with malware. GuardDuty learns the expected DNS traffic patterns for the AWS environment to only alert when the activity is suspicious and indicative of potential malicious activity.

Interested in self-paced digital training on this service? explore.skillbuilder.aws/learn...

Learn more at: go.aws/48Sy4FH

Subscribe:
More AWS videos: go.aws/3m5yEMW
More AWS events videos: go.aws/3ZHq4BK

Do you have technical AWS questions?
Ask the community of experts on AWS re:Post: go.aws/3lPaoPb

ABOUT AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.

#AmazonGuardDuty #suspiciousDNStraffic #UnusualDNSResolver #UnusualDoHActivity #UnusualDoTActivity #ThreatDetection #AWSSecurityServicesFeatureDemos #AWS #AmazonWebServices #CloudComputing