AWS Enhances Amazon GuardDuty with New Threat Detection Capabilities

Highlights:

• GuardDuty is one of the AWS security services that assist clients in identifying potential security problems.
• Clients can identify dangers to their serverless apps with the aid of GuardDuty Lambda Protection.

The Amazon GuardDuty platform from Amazon Web Services Inc. will soon have more threat detection capabilities. The company stated that the updates are intended to enhance customer security and better shield their AWS resources from malicious and unauthorized behavior.

AWS CloudTrail management events, AWS CloudTrail event logs, and domain name system logs are just a few of the fundamental data sources that are examined and processed by Amazon GuardDuty, a security monitoring service. It is used by hundreds of commercial clients, such as Arctic Wolf Networks Inc., Siemens SE, and Best Buy Co. Inc., to constantly watch these sources for unusual behavior that might be a sign of harmful threats to clients’ AWS settings.

The new threat detections, which host the components of contemporary apps, databases, and serverless workloads, will aid clients in protecting their application containers, according to Amazon. For instance, GuardDuty EKS Runtime Monitoring offers Amazon Elastic Kubernetes Service users a fully managed and portable security agent.

It operates by profiling and keeping track of network connections, file access, and other operating system-level activities on the host computer. Customers may more readily detect the steps in an attack and limit risks before they develop into a serious security breach, thanks to GuardDuty’s expanded visibility across runtime events, Kubernetes audit logs, and the wider AWS control plane and network logs, according to Amazon.

GuardDuty RDS Protection, on the other hand, is made specifically for the Amazon Aurora database service and detects potential vulnerabilities there without affecting performance, productivity, or availability. Once more, it profiles and keeps track of all access behavior in customer accounts. It utilizes Amazon’s in-depth threat intelligence expertise and a machine learning model trained on contextualized RDS login activity to spot suspected customers acting up.

Finally, GuardDuty Lambda Protection assists in reducing risks in serverless applications used by AWS customers. The business explains that due to the additional abstraction of serverless workloads, where Amazon fully maintains the underlying infrastructure for apps, this might be difficult to do using conventional threat detection techniques. To identify malicious communications and common compromising activities like bitcoin mining, GuardDuty Lambda Protection continually monitors serverless workloads by monitoring network communications that may be traced back to specific Lambda functions.

The most excellent part about recent changes is that all existing GuardDuty users will have access to the new features at no extra charge. Customers receive all the benefits without having to worry about additional costs because no effort is necessary to deploy or maintain the new agents.

According to Amazon, the significance of gathering, analyzing, and alerting for security-relevant events cannot be emphasized enough. In a security environment where new threats are continuously developing, and the security landscape is always changing, it is crucial to any organization’s risk management program.

Over 90% of Amazon’s top 2,000 customers currently use Amazon GuardDuty, according to Jon Ramsey, Vice President of AWS Security Services. Thus, the new features are anticipated to take effect right away.