Threat intelligence is a cornerstone of effective cyber defenses. The higher the quality of intelligence, the faster security teams can detect, investigate, and block malicious activities. 

Amazon has integrated Sophos threat intelligence into the Amazon GuardDuty threat detection and monitoring service, used by security teams and organizations to protect accounts and workloads on Amazon Web Services (AWS). 

Sophos threat intelligence further broadens threat coverage and improves the accuracy of the Amazon GuardDuty threat detection service, improving detection accuracy without compromising performance. 

How it works

GuardDuty leverages threat intelligence feeds consisting of lists of known malicious IP addresses, domains, and file hashes, along with machine learning models, to detect suspicious and potentially harmful activity across AWS environments. 

Through a custom integration built by Sophos, GuardDuty can ingest real-time threat telemetry from Sophos X-Ops, a joint task force of multiple specialist teams focused on tracking and disrupting today’s most advanced cyber-attacks. 

Sophos’ intelligence is combined with AWS’s own signals to accelerate threat detection and help analysts optimize investigation and response. 

The Sophos difference: Unique, accurate, and actionable data

With organizations across the world relying on AWS to run critical business operations, any supplementary threat intelligence must meet the exacting security standards Amazon applies while delivering incremental value. Amazon integrated Sophos based on three core strengths: 

• UNIQUE. Sophos threat intelligence helps GuardDuty users protect against complex, low signal, and evasive attacks. 
• ACCURATE. Sophos’ threat intelligence combines telemetry from defending more than 600,000 diverse organizations – every country, every industry, every size – with deep threat actor and malware expertise. This results in exceptionally low real-world false positive rates.
• ACTIONABLE. Threat intelligence is only of value if you can use it to reduce cyber risk. Sophos insights are continually updated and highly curated, enabling defenders to act decisively against emerging threats without unnecessary noise. 

Enhancing outcomes for Amazon GuardDuty users

By detecting advanced threats earlier, Sophos threat intelligence enables analysts to take swift, targeted remediation action while avoiding time-consuming investigations into benign activities. 

The consistently low false-positive rate also allows GuardDuty to minimize unnecessary blocking and alerting, reducing resource consumption, operational costs, and analyst fatigue. 

Securing all Sophos-protected organizations

Every Sophos-protected organization benefits from the same Sophos threat intelligence that is included in Amazon GuardDuty. 

Whether you utilize Sophos solutions directly, work with a Sophos managed service provider (MSP), or consume Sophos threat intelligence through an OEM partner, you gain access to the same high-fidelity insights that power Sophos’s industry-leading large-scale threat detection capabilities. 

To learn more about how Sophos OEM helps vendors elevate their security offerings, visit www.sophos.com/oem.

To check out Sophos products and services, visit our website or speak with your Sophos representative.