Amazon GuardDuty Gets New Threat Detection Capabilities

AWS (Amazon Web Services)

Amazon announced this morning some important updates for Amazon GuardDuty. The service has added support for Amazon EKS Runtime Monitoring, RDS Protection for Amazon Aurora, and Lambda Protection.

Amazon DutyGuard is a managed security monitoring service that uses machine learning to detect potential threats that can compromise Amazon Web Services (AWS) environments. It analyzes different data sources such as Amazon Virtual Private Cloud (VPC) Flow Logs, domain name system (DNS) logs, and AWS CloudTrail for potentially unauthorized and malicious activities.

“GuardDuty’s new capabilities build on this powerful foundation to expand security detection and monitoring even further, to where customers tell us they need it most: containers’ runtime monitoring, databases, and serverless applications. We’ve now more than tripled the number of managed detections since we introduced GuardDuty,” said Jon Ramsey, VP for Security Services at AWS.

Amazon GuardDuty has introduced support for Amazon EKS Runtime Monitoring. The feature leverages a GuardDuty security agent to offer insights about network connections, process execution, file access, and other container runtime activities. It helps customers to identify and monitor compromised EKS clusters and privilege escalation attempts.

Amazon GuardDuty Gets EKS Runtime Monitoring and RDS Protection Capabilities

With Amazon GuardDuty RDS Protection, IT admins can detect potential threats to sensitive data stored in Aurora databases. The feature analyzes and profiles RDS login activity to detect security risks like suspicious logins and high-severity brute force attacks. IT Pros can view the threat alerts in the GuardDuty console as well as via other services like Amazon Detective, AWS Security Hub, and Amazon EventBridge.

Amazon GuardDuty adds Lambda Protection support

Lastly, Amazon GuardDuty is getting support for Lambda Protection. The security feature makes it easier for customers to identify and mitigate security risks in serverless applications. Lambda Protection provides real-time monitoring of network activity logs to detect suspicious network traffic, including unauthorized cryptocurrency mining.

Amazon explained that the new threat detection capabilities are available for GuardDuty customers in most AWS regions. You can find more details about Amazon GuardDuty on the official AWS website.