AWS Announces 3 New Amazon GuardDuty Capabilities

SEATTLE, April 24, 2023 — Amazon Web Services, Inc. (AWS) today announced three new capabilities for Amazon GuardDuty, AWS’s threat detection service, that further strengthen customer security through expanded coverage and continuous enhancements in machine learning, anomaly detection, and integrated threat intelligence.

GuardDuty is part of a broad set of AWS security services that help customers identify potential security risks, so they can respond quickly, freeing security teams to focus on tasks with the highest value. The three new capabilities expand GuardDuty protection to container runtime behavior, as well as database and serverless environments. EKS Runtime Monitoring deepens threat detection inside customers’ containerized workloads. GuardDuty RDS Protection helps customers protect data stored in Amazon Aurora databases. GuardDuty Lambda Protection helps customers detect threats to their serverless applications.

GuardDuty helps protect customers from the latest threats through ongoing innovation in machine learning, anomaly detection, and integrated threat intelligence continuously derived from the broad visibility AWS has across the global threat landscape. With a few clicks in the AWS Management Console, customers can activate GuardDuty across multiple accounts in multiple AWS Regions on highly trusted and secure-by-design AWS Cloud infrastructure and mitigate threats early by initiating automated responses. Since its launch in 2017, GuardDuty has added more than 100 new threat detection capabilities, including the ability to detect credential exfiltration and compromise even when highly evasive techniques are used.

GuardDuty uses machine learning detections trained to identify highly suspicious data access and any potential Amazon Elastic Compute Cloud (Amazon EC2) compromise, and uses integrated threat intelligence to detect malware and malicious container, database, and serverless access. GuardDuty comes with pre-integrated and continuously updated threat intelligence feeds from AWS and industry-leading, third-party providers such as CrowdStrike, Proofpoint, and Bitdefender. AWS-developed threat intelligence offers customers unique coverage against the latest global threat landscape, including emerging Linux-based malware, evolving credential exfiltration techniques, and new malicious domains identified through machine learning–based reputation models.

The three new capabilities can all be easily enabled organization-wide with a few steps and no other requirements or prerequisites, resulting in actionable, contextual, and timely security findings with resource-specific details to help quickly investigate and respond. The new capabilities include:

• New container runtime protection for Amazon Elastic Kubernetes Service (Amazon EKS): GuardDuty EKS Runtime Monitoring introduces a fully managed, lightweight security agent that profiles and monitors on-host operating system–level behavior such as file access, process execution, and network connections. In tight collaboration with Amazon EKS, the agent performs without requiring customers to deploy, maintain, or update it. This allows GuardDuty to add security coverage comparable to other agent-based solutions, while maintaining easy-on enablement. It deepens GuardDuty protection for Amazon EKS deployments and decreases the operational overhead and complexity often required to achieve this level of coverage, especially in highly dynamic, containerized compute environments. GuardDuty now makes it easier to achieve runtime coverage across all Amazon EKS workloads in an account or organization.
• Extended coverage for data stored in Amazon Aurora: GuardDuty RDS Protection identifies potential threats to data stored in Aurora databases without compromising performance, productivity, or availability. GuardDuty RDS Protection profiles and monitors access activity to existing and new databases in customer accounts, and using integrated threat intelligence and a machine learning model that is trained with highly contextual RDS login activity, it can detect suspicious login activity to Aurora databases.
• Support for serverless applications in AWS Lambda: GuardDuty Lambda Protection mitigates security risks in customers’ serverless applications, which can be challenging for traditional threat detection methods to identify due to the added abstraction layers in serverless workloads. Once enabled, GuardDuty Lambda Protection continuously monitors serverless workloads, analyzing network communications mapped back to individual Lambda functions to detect malicious communications and popular compromise activity, such as cryptocurrency mining.

“Tens of thousands of organizations across virtually every industry and geography use Amazon GuardDuty, including more than 90% of our 2,000 largest customers, helping to protect more than half a billion EC2 instances and millions of S3 buckets,” said Jon Ramsey, vice president for Security Services at AWS. “GuardDuty’s new capabilities build on this powerful foundation to expand security detection and monitoring even further, to where customers tell us they need it most: containers’ runtime monitoring, databases, and serverless applications. We’ve now more than tripled the number of managed detections since we introduced GuardDuty.”

About Amazon Web Services

Since 2006, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud. AWS has been continually expanding its services to support virtually any workload, and it now has more than 200 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 99 Availability Zones within 31 geographic regions, with announced plans for 15 more Availability Zones and five more AWS Regions in Canada, Israel, Malaysia, New Zealand, and Thailand. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. To learn more about AWS, visit aws.amazon.com.

Source: AWS