Amazon GuardDuty is a security monitoring and threat detection service that uses machine learning to analyze various AWS data sources. It continuously monitors AWS accounts and workloads for malicious activity, providing detailed security findings for visibility and remediation. One of its features, GuardDuty Runtime Monitoring, analyzes OS-level, network, and file events to detect potential threats for specific AWS workloads.
The general availability of GuardDuty Runtime Monitoring for Amazon Elastic Kubernetes Service (Amazon EKS) was introduced in March 2023. The feature has since expanded to provide threat detection for Amazon Elastic Container Service (Amazon ECS) and AWS Fargate, with a preview for Amazon Elastic Compute Cloud (Amazon EC2) workloads in Nov 2023. Today, Amazon GuardDuty EC2 Runtime Monitoring is now generally available to enhance threat detection coverage for EC2 instances at runtime.
GuardDuty EC2 Runtime Monitoring complements existing anomaly detection by monitoring VPC Flow Logs, DNS query logs, and AWS CloudTrail events. It provides visibility into on-host, OS-level activities and container-level context to help identify and respond to potential threats targeting EC2 workloads. The service can detect threats like remote code execution leading to malware downloads and executions, providing insights into suspicious commands and activities to help prevent business-impacting events.
To enable GuardDuty EC2 Runtime Monitoring, users can do so easily in the GuardDuty console with a few clicks. The service offers a 30-day free trial for new customers to access all features and detection findings. Users can set up the GuardDuty security agent for individual EC2 instances either automatically or manually, with automated agent configuration being the preferred option. The service can be centrally managed for multiple accounts using AWS Organizations.
When enabled, GuardDuty EC2 Runtime Monitoring provides detailed security findings for EC2 instances, allowing users to investigate and resolve potential threats. Users can integrate GuardDuty with other AWS security services like AWS Security Hub or Amazon Detective, or use Amazon EventBridge for automated responses. The service supports over 30 runtime security findings for EC2 instances, including detecting abused domains, backdoors, and unauthorized communications.
GuardDuty EC2 Runtime Monitoring is available for EC2 instances running Amazon Linux 2 or Amazon Linux 2023. Users can configure CPU and memory limits for the agent and estimate usage costs through the GuardDuty console. Enabling EC2 Runtime Monitoring can also lead to cost savings on GuardDuty foundational protection VPC Flow Logs.
Amazon GuardDuty EC2 Runtime Monitoring is now available in all AWS Regions where GuardDuty is available. Users can try out the service in the GuardDuty console and refer to the Amazon GuardDuty User Guide for more information. Feedback can be provided through AWS re:Post for Amazon GuardDuty or usual AWS support contacts.
Source link
