Published: Jul 28, 2022
Amazon has released new security updates for its Amazon Elastic Block Store (EBS) and Amazon Elastic Kubernetes Service (EKS) services. First of all, Amazon GuardDuty is getting new malware protection capabilities to detect malicious files stored on container workloads or customer instances running on Amazon EC2.
For those unfamiliar, Amazon GuardDuty is a managed cloud security solution that continuously monitors AWS accounts, workloads, and resources for malicious activities and threats. The AI-powered service comes with built-in anomaly detection and threat intelligence to perform this real-time analysis and initiate automated responses.
“Amazon GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect malware that can be used to compromise resources, modify access permissions, and exfiltrate data. Malicious files that contain trojans, worms, crypto miners, rootkits, bots, and the like can be used to compromise workloads, repurpose resources for malicious use, and gain unauthorized access to data,” Amazon explained.
To enable the GuardDuty Malware Protection feature, IT admins will need to head to the GuardDuty console or use the GuardDuty API. Once the threat is detected, the security findings will be sent to Amazon Detective, Amazon EventBridge, and AWS Security Hub.
Additionally, Amazon Detective is bringing its security investigation capabilities to container workloads running on Amazon EKS clusters. Amazon Detective is a service that lets IT admins quickly detect and investigate potential security issues across one or more AWS accounts.
With the latest update, the Amazon Detective service can automatically ingest the EKS audit logs to extract new API activity from apps, user accounts, and the Kubernetes control plane. Once captured, Amazon Detective then takes into account the activity history to build entity profiles.
Amazon is offering a free 30-day trial of the new security features to all new and existing customers. These updates are available in almost all AWS Regions where the GuardDuty and Amazon Detective services are supported, and the pricing is determined by the volume of data and audit logs scanned.