Pricing Login
Interactive demos

Click through interactive platform demos now.

Live demo, real expert

Schedule a platform demo with a Sumo Logic expert.

Start free trial
Back to blog results

April 9, 2019 By Sumo Logic

What is AWS GuardDuty?

AWS is the most popular cloud platform for enterprises, and with good reason. Amazon has massive infrastructure around the world, and many years of experience with it. Whether your network is completely on the cloud or you have a hybrid network, using AWS saves your business a lot of money and physical space. You benefit from Amazon’s tremendous economies of scale, and a lot of the tedious work involved in maintaining a network can be delegated to them. But of course, you must still carefully and thoroughly monitor your AWS network for both functionality and cybersecurity reasons.

Amazon is always developing and improving tools to help you get the most out of your AWS network. Two years ago, they launched GuardDuty. GuardDuty is a threat detection service which constantly monitors the activity in your AWS network for anomalous behavior which could indicate cyber attacks or other unauthorized uses. GuardDuty can be effective because it’s built right into AWS already. It focuses on your data from AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs. There’s no software or additional steps as it is built into AWS. The Sumo Logic App for GuardDuty increases your AWS security posture by integrating with the rest of your security and incident response tools to aggregate and contextualize the data.

[Learn More: AWS GuardDuty Best Practices]

Sumo Logic’s app is the perfect companion to AWS GuardDuty. Here’s why.

Administrators know how frustrating it can be to have a plethora of panels to watch constantly. This is where Sumo Logic can be a real lifesaver because Sumo Logic’s app can keep all of the GuardDuty metrics you need on one dashboard. Sumo Logic has a selection of pre-configured dashboards that you can customize for your specific needs. The key to responding to threats is good visibility. That’s where Sumo Logic really shines. Rich graphical depictions of trends and security events makes the administrator’s job a lot easier and they can easily look at all of the information they need in order to know what’s going on and make informed decisions.

Triaging network events isn’t easy, but Sumo Logic makes it much easier. You can prioritize and customize GuardDuty findings based on severity and risk. That way events are responded to in a timely manner and the administrator’s job can be made a lot more efficient. It also significantly cuts down on information overload!

How would you like to predict possible security events before they occur? Everyone knows that it’s a lot easier to prevent an incident than it is to respond to it. Sumo Logic’s immense visibility and advanced analytics make it possible. It’ll certainly save your network a lot of trouble down the road!

Another great feature of Sumo Logic’s AWS GuardDuty app is the ability to use search tags for a more granular investigation of events and findings. So not only can you customize your dashboards and your metrics for more effective monitoring, but you can also actively investigate events a lot easier. You can narrow down your search to a particular geolocation or IP address if you want.

Pre-built dashboard for GuardDuty security visibility

The GuardDuty App on Sumo marketplace adds out-of-the-box content for threat map, trend of high severity threats, and other threats by IP, region, resource, account, etc., helping you with health and security of your AWS environment.

Value added context beyond GuardDuty

Sumo pulls additional log sources and broader context to provide you with full stack security visibility into your application, infrastructure, host, load balancer, and correlating all these events against CrowdStrike’s threat intelligence feeds.

Sumo Logic provides additional analytics around AWS resources like CloudTrail threats, VPCs and security groups. Gain insights into:

  • Application logs
  • Load balancer performance
  • Threat intel from Crowdstrike
  • And overall better context and visibility

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Sumo Logic

More posts by Sumo Logic.

People who read this also enjoyed