AWS Announces Three New Amazon GuardDuty Capabilities to Help Customers Protect Container, Database, and Serverless Workloads
Tens of thousands of AWS customers use GuardDuty to protect millions of accounts, including more than half a billion
Arctic Wolf, Best Buy, GE Digital, Siemens, and Wiz are among the tens of thousands of customers and partners using
The ability to gather, synthesize, and alert on security-relevant events is fundamental to any organization’s risk management program. The evolving cybersecurity landscape and multitude of security tools from different vendors, combined with a shortage of IT security professionals, make it challenging for customers to integrate and scale security detection and response across their environments. Many security teams today have to build or integrate multiple tools to detect anomalies, such as web server vulnerabilities, compromised instances used to serve malware or mine cryptocurrency, or compromised access credentials. Integration challenges can lead to inefficiencies, data inconsistencies, and increased costs. In addition, the workplace and threat landscape continue to evolve, requiring chief information security officers (CISOs) to continually raise the bar on enterprise security to account for cloud adoption, remote working, and third-party infrastructure integration. Demand for technologies and services such as cloud threat detection, security analytics, cloud security posture management, and threat intelligence has been rising to tackle new vulnerabilities, misconfigurations, and other IT risks emerging from this digital transformation.
GuardDuty helps protect customers from the latest threats through ongoing innovation in machine learning, anomaly detection, and integrated threat intelligence continuously derived from the broad visibility AWS has across the global threat landscape. With a few clicks in the AWS Management Console, customers can activate GuardDuty across multiple accounts in multiple AWS Regions on highly trusted and secure-by-design AWS Cloud infrastructure and mitigate threats early by initiating automated responses. Since its launch in 2017, GuardDuty has added more than 100 new threat detection capabilities, including the ability to detect credential exfiltration and compromise even when highly evasive techniques are used. GuardDuty uses machine learning detections trained to identify highly suspicious data access and any potential
The three new capabilities added to GuardDuty build on the hundreds of features and enhancements available since its launch and expand security coverage to other AWS workloads and core deployment use cases. The capabilities can all be easily enabled organization-wide with a few steps and no other requirements or prerequisites, resulting in actionable, contextual, and timely security findings with resource-specific details to help quickly investigate and respond. The new capabilities include:
- New container runtime protection for
AmazonElastic Kubernetes Service ( AmazonEKS): GuardDuty EKS Runtime Monitoring introduces a fully managed, lightweight security agent that profiles and monitors on-host operating system–level behavior such as file access, process execution, and network connections. In tight collaboration with AmazonEKS, the agent performs without requiring customers to deploy, maintain, or update it. This allows GuardDuty to add security coverage comparable to other agent-based solutions, while maintaining easy-on enablement. It deepens GuardDuty protection for AmazonEKS deployments and decreases the operational overhead and complexity often required to achieve this level of coverage, especially in highly dynamic, containerized compute environments. GuardDuty now makes it easier to achieve runtime coverage across all AmazonEKS workloads in an account or organization. Account and data compromise can often start with a single compromised endpoint or container that then escalates to credential compromise and can spread to the broader AWS environment and data stored in it. With GuardDuty's visibility across runtime events, Kubernetes audit logs, and broader AWS control plane and networking logs, customers can identify steps in an attack and are signaled early to contain potential security threats before the threat escalates to broader business-impacting breaches. This capability builds on the initial integration of GuardDuty EKS Protection, which monitors control plane activity by analyzing Kubernetes audit logs from existing and new AmazonEKS clusters in customers’ accounts.
- Extended coverage for data stored in
AmazonAurora: GuardDuty RDS Protection identifies potential threats to data stored in Aurora databases without compromising performance, productivity, or availability. GuardDuty RDS Protection profiles and monitors access activity to existing and new databases in customer accounts, and using integrated threat intelligence and a machine learning model that is trained with highly contextual RDS login activity, it can detect suspicious login activity to Aurora databases.
- Support for serverless applications in AWS Lambda: GuardDuty Lambda Protection mitigates security risks in customers’ serverless applications, which can be challenging for traditional threat detection methods to identify due to the added abstraction layers in serverless workloads. Once enabled, GuardDuty Lambda Protection continuously monitors serverless workloads, analyzing network communications mapped back to individual Lambda functions to detect malicious communications and popular compromise activity, such as cryptocurrency mining.
“Tens of thousands of organizations across virtually every industry and geography use
Arctic Wolf Networks is a global leader in security operations that provides security monitoring to detect and respond to cyberthreats. “Continuous monitoring is a required component for effective security operations, and as both a customer and partner of AWS, GuardDuty is a service we entrust across all of our AWS workloads,” said Adam Marrè, CISO at Arctic Wolf. “With real-time threat detection,
Best Buy is an American multinational consumer electronics retailer. “Security is always top of mind for us, especially as we expanded our use of
GE Digital, a business unit of General Electric (GE), is an industrial software leader bringing simplicity, speed, and scale to their customers’ digital transformations. “As a longtime customer of GuardDuty, we’re very pleased to see the continued additions of critical detections and increased coverage across AWS’s compute native services,” said
Siemens, a technology and industrial manufacturing company based in
Wiz is a cybersecurity startup with a mission to help organizations create secure cloud environments that accelerate their business. “Wiz uses
View source version on businesswire.com: https://www.businesswire.com/news/home/20230424005364/en/