Which service leverages machine learning for threat detection within AWS?

Amazon GuardDuty is the service designed specifically for threat detection within AWS using machine learning. It continuously monitors your AWS accounts and workloads for malicious activity, unauthorized behavior, and other potential threats. By analyzing various data sources such as AWS CloudTrail event logs, VPC flow logs, and DNS logs, GuardDuty applies machine learning models and threat intelligence feeds to identify anomalies and potential security threats in real-time.

This proactive approach helps in detecting threats that might not be evident through static rules or signatures. GuardDuty automatically adapts to emerging threats, enhancing its ability to recognize new attack patterns based on the evolving security landscape.

Other services, while related to security, serve different purposes. For instance, Amazon Inspector helps automate security assessment and compliance checks but does not focus primarily on threat detection using machine learning. AWS Shield provides protection against distributed denial-of-service (DDoS) attacks, focusing more on safeguarding resources from such specific threats. Amazon Macie is geared toward data security and privacy, utilizing machine learning to help identify and protect sensitive data within AWS storage services, but it is not specifically aimed at threat detection like GuardDuty.