Amazon GuardDuty has introduced Amazon EKS Runtime Monitoring support this week. The new capability enables organizations to detect runtime threats from more than 30 security findings to protect EKS clusters.
Amazon launched the Amazon GuardDuty feature back in 2017. It’s a threat detection service that uses AI and other security tools to monitor AWS accounts for suspicious activities and potential security threats. Amazon GuardDuty provides detailed insights and real-time alerts to help security teams investigate and remediate potential security issues.
The new EKS Runtime Monitoring capability utilizes a fully managed EKS add-on to provide insights into the specific container runtime activities. These include network connections, file access, and process execution. These insights make it easier for IT admins to detect and contain potential threats before they escalate.
“GuardDuty can now identify specific containers within your EKS clusters that are potentially compromised and detect attempts to escalate privileges from an individual container to the underlying Amazon EC2 host and the broader AWS environment. GuardDuty EKS Runtime Monitoring findings provide metadata context to identify potential threats and contain them before they escalate,” Amazon explained.
Amazon is offering a free 30-day trial of GuardDuty for EKS Runtime Monitoring for all existing GuardDuty accounts at no additional cost. However, customers will be required to pay for the service after the completion of the trial period.
It is important to note that the cost is based on the number and size of protected EKS workloads, and it’s measured in vCPUs. For more details, you can refer to the GuardDuty pricing page. We also invite you to check out this step-by-step guide to learn about how to configure EKS Runtime Monitoring in GuardDuty.