DEV Community

Michael Wahl for AWS Community Builders

Posted on

AWS GuardDuty - Now Packing Malware protections

What is it?
This additional feature/functionality within GuardDuty detects those malicious files which may be hiding within EC2 instances or container workloads for example. 

How does it work?
By scanning files stored in AWS EBS volumes, GuardDuty is able to detect malware that may be used to harm your AWS resources or gain access to your data. 
If you are an existing AWS customer, you can enable the GuardDuty Malware Protection feature in the GuardDuty console. When Malware/threats are detected, GuardDuty Malware Protection will send those findings to other AWS Security Services such as AWS Security Hub, Amazon EventBridge, and Amazon Detective. These integrations help consolidate the monitoring, and automation of the malware findings. 
Amazon GuardDuty Malware Protection has eight new threat detections:
Execution:EC2/MaliciousFile Execution:ECS/MaliciousFile Execution:Kubernetes/MaliciousFile Execution:Container/MaliciousFile Execution:EC2/SuspiciousFile Execution:ECS/SuspiciousFile Execution:Kubernetes/SuspiciousFile Execution:Container/SuspiciousFile

More info is available here

Top comments (0)