Guard Duty for UW Madison AWS accounts
Posted: 2020-12-16 08:39:57 Expiration: 2021-02-05 08:39:57
AWS Account change to add Guard Duty for Intrusion Detection features by default for AWS accounts.
We wanted to make you aware of some changes we are implementing in AWS to improve our security posture. Setting up this service will allow us to have an Intrusion Detection System (IDS) in AWS as we have on campus. On January 4th the UW-Madison Public Cloud Team will be deploying Amazon GuardDuty in US regions to AWS accounts under the UW AWS organization. This change will incur a relatively small cost to your AWS account, on average the cost should be much less than ten dollars a month.
Amazon GuardDuty is a native intrusion detection system that takes feeds from user activity logs showing changes and particular events from workloads. It is analyzed along with network traffic logs and DNS logs, and it can be used to detect unusual behavior. AWS offers enrichment of this analysis with its own threat intelligence feeds. This is used to determine whether particular workloads are being subjected to intrusion attempts or are showing signs of being compromised and performing unauthorized actions.
If you have any billing or general questions about this service, please contact the Public Cloud Team at cloud-services@cio.wisc.edu
-- Public Cloud: Eric Straavaldsen