AWS re:Invent 2022
New Launch Introducing Amazon Guardduty Rds Protection Sec218

Title

AWS re:Invent 2022 - Introducing Amazon GuardDuty RDS Protection (SEC218)

Summary

  • Speakers: Jeremiah Wilton (Senior Principal Engineer in AWS databases) and Amit Megiddo (Product Management Lead for Amazon GuardDuty).
  • Topic: Introduction of Amazon GuardDuty RDS Protection, focusing on database security in the cloud.
  • Key Points:
    • Importance of database security as a top priority (job zero) for organizations.
    • AWS databases, including RDS and Aurora, are based on third-party software like MySQL, Postgres, MariaDB, Oracle, and SQL Server.
    • AWS has built-in security features, but customers requested more database-specific security solutions.
    • GuardDuty RDS Protection is designed to detect serious database exploits and alert customers.
    • It focuses on detecting suspicious logins and can identify both insider and external threats.
    • GuardDuty RDS Protection is integrated with existing AWS security services and uses machine learning for threat detection.
    • The service is easy to enable with a single click and provides organization-wide coverage.
    • During the public preview, the service is free and available in five AWS regions.
    • The session included a demo showing how to enable GuardDuty RDS Protection and view sample findings.

Insights

  • Database Security Challenges:

    • Databases are often the most sensitive and vulnerable digital assets.
    • Security is more critical than scalability, availability, or performance.
    • AWS databases are built on a variety of third-party software, each with unique security features, creating a need for expertise in multiple systems.

  • GuardDuty RDS Protection:

    • Aims to simplify security monitoring across different database types.
    • Uses machine learning to detect anomalies in database connection logs.
    • Can detect brute force attacks, credential misuse, and scanning attempts.
    • Provides detailed findings with recommendations for addressing security concerns.
    • Integrates with other AWS security services like AWS Security Hub and Amazon Detective.

  • Operational Benefits:

    • Reduces the need for manual security monitoring and expertise.
    • Offers a unified and automated approach to database security.
    • Enhances existing AWS security features with database-specific intelligence.
    • Supports a proactive security posture by detecting threats early.

  • Customer Impact:

    • Customers can benefit from additional security without significant operational overhead.
    • The service is designed to be low-noise, reducing alert fatigue.
    • It provides actionable findings, allowing for quick response to potential threats.
    • During the public preview, customers can try the service for free, encouraging adoption and feedback.
New Launch Break down Supply Chain Silos with Machine Learning Biz214New Launch Introducing Amazon Security Lake Sec216