Posted On: Mar 18, 2025
Amazon GuardDuty Extended Threat Detection is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. This capability allows you to identify sophisticated, multi-stage attacks targeting your accounts, workloads, and data. You can now use new attack sequence findings that cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical-severity threats to minimize business impact.
GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at Amazon Web Services scale and automatically correlates security signals from across managed services to detect critical threats. It identifies attack sequences, such as credential compromise followed by data exfiltration, and represents them as a single, critical-severity finding. The finding includes an incident summary, a detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations.
GuardDuty Extended Threat Detection is also available in all the Amazon Web Services regions, including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. This capability is automatically enabled for all new and existing GuardDuty customers at no additional cost. You do not need to enable all GuardDuty protection plans. However, enabling additional protection plans such as GuardDuty S3 Protection will increase the breadth of security signals, allowing for more comprehensive threat analysis and coverage of attack scenarios. You can take action on findings directly from the GuardDuty console or via its integrations with Amazon Security Hub and Amazon EventBridge.
To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the Amazon Web Services Free Tier.
