UPDATED 19:32 EST / APRIL 24 2023

SECURITY

Amazon updates threat detection capabilities for containers, databases and serverless apps

More threat detection capabilities are coming to Amazon Web Services Inc.’s Amazon GuardDuty platform.

The updates, announced today, are designed to improve customer security and better protect their AWS resources from malicious and unauthorized behavior, the company said.

Amazon GuardDuty is a security monitoring service that analyzes and processes foundational data sources such as AWS CloudTrail management events, AWS CloudTrail event logs and domain name system logs. It continually monitors these sources for suspicious activity that might be indicative of malicious threats to customer’s AWS environments, and is used by hundreds of enterprise customers, including Siemens SE, Arctic Wolf Networks Inc. and Best Buy Co. Inc.

Amazon said the new threat detections will help customers to better protect their application containers, which host the components of modern apps, databases and serverless workloads. For instance, GuardDuty EKS Runtime Monitoring introduces a fully managed and lightweight security agent for users of Amazon Elastic Kubernetes Service.

It works by profiling and monitoring on-host operating system-level behavior such as file access, process execution and network connections. With GuardDuty’s extended visibility across runtime events, Kubernetes audit logs and the broader AWS control plane and network logs, customers can more easily identify the steps in an attack and contain threats before they escalate to become a severe security breach, Amazon said.

Meanwhile, GuardDuty RDS Protection is designed for the Amazon Aurora database service and identifies potential threats there without any impact on performance, productivity or availability. Again, it profiles and monitors all access activity in customer accounts, leveraging Amazon’s sophisticated threat intelligence knowledge and a machine learning model trained on contextualized RDS login activity to detect any suspicious users doing things they shouldn’t.

Finally, GuardDuty Lambda Protection helps to mitigate risks in AWS customer’s serverless applications. The company explains that this can be challenging using traditional threat detection methods due to the added abstraction of serverless workloads, where the underlying infrastructure for apps is fully managed by Amazon. GuardDuty Lambda Protection continuously monitors serverless workloads, analyzing network communications mapped back to individual Lambda functions to detect malicious communications and popular compromise activity, such as cryptocurrency mining.

The best thing about today’s updates is that the new capabilities are being made available to all existing GuardDuty users at no additional cost. No action is required to deploy or maintain the new agents, so customers get all the benefits with no additional overheads to worry about.

Amazon stressed that the importance of gathering, synthesizing and alerting for security-relevant events cannot be overstated. It’s essential to any organization’s risk management program amid a security landscape that is constantly evolving with new threats emerging daily.

AWS Vice President for Security Services Jon Ramsey said more than 90% of Amazon’s largest 2,000 customers are already using Amazon GuardDuty, so the new features are expected to have an immediate impact.

“GuardDuty’s new capabilities build on this powerful foundation to expand security detection and monitoring even further, to where customers tell us they need it most: containers’ runtime monitoring, databases and serverless applications,” he said. “We’ve now more than tripled the number of managed detections since we introduced GuardDuty.”

The new capabilities are live now in all regions where Amazon GuardDuty is available.

Image: Kreatikar/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU