Which service continuously monitors network activity within your AWS environment for threats?

Amazon GuardDuty is a continuous monitoring service that analyzes and processes data from various sources within an AWS environment to identify potential threats. It utilizes machine learning, anomaly detection, and integrated threat intelligence to detect suspicious activity and behavior, helping to protect AWS accounts and workloads.

GuardDuty continuously ingests data from AWS CloudTrail logs, VPC Flow Logs, and DNS logs to assess and identify unusual patterns that may indicate malicious activity, such as unauthorized access or compromised resources. This proactive monitoring capability makes it a crucial component of security management in AWS.

In contrast, while Amazon Detective and AWS Security Hub play important roles in security frameworks, they do not provide the continuous threat monitoring capabilities that GuardDuty does. Amazon Detective is used to investigate security findings and analyze data to understand the context behind potential security incidents, while AWS Security Hub aggregates and prioritizes security alerts from various AWS services. AWS Config primarily focuses on resource configuration tracking and compliance rather than real-time threat monitoring.