New AWS GuardDuty capabilities secure container, database, serverless workloads

Amazon Web Services (AWS) has added three new capabilities to its threat detection service Amazon GuardDuty. The new features expand GuardDuty protection to container runtime behavior, as well as database and serverless environments, strengthening customer security through enhanced coverage, AWS said.

GuardDuty is part of a broad set of AWS security services that help customers identify potential security risks. It uses machine learning and integrated threat intelligence to detect suspicious data access, potential Amazon Elastic Compute Cloud (Amazon EC2) compromise, and malware.

The three new capabilities are EKS Runtime Monitoring, RDS Protection, and Lambda Protection. These have been added to the hundreds of features already available within GuardDuty and can be enabled with no other requirements or prerequisites, according to AWS.

New capabilities expand AWS security detection and monitoring

The capabilities expand security coverage to other AWS workloads and core deployment use cases, delivering actionable, contextual, and timely security findings with resource-specific details to help users investigate and respond to incidents, the company said in its announcement. EKS Runtime Monitoring deepens threat detection inside customers’ containerized workloads, GuardDuty RDS Protection helps customers protect data stored in Amazon Aurora databases, and GuardDuty Lambda Protection helps customers detect threats to their serverless applications.

GuardDuty EKS Runtime Monitoring is a fully managed, lightweight security agent that profiles and monitors on-host operating system–level behavior such as file access, process execution, and network connections, AWS said. It deepens GuardDuty protection for Amazon EKS deployments and decreases the operational overhead and complexity often required to achieve this level of coverage, making it easier to achieve runtime coverage across all Amazon EKS workloads in an account or organization, according to the firm. It also helps customers identify steps in an attack, signaling them early to contain potential security threats before the threat escalates to broader business-impacting breaches, AWS said.

GuardDuty RDS Protection identifies potential threats to data stored in Aurora databases, profiling, and monitoring access activity to existing and new databases in customer accounts, AWS said. It uses integrated threat intelligence and a machine learning model that is trained with highly contextual RDS login activity, detecting suspicious login activity to Aurora databases.

GuardDuty Lambda Protection mitigates security risks in customers’ serverless applications, continuously monitoring serverless workloads. It analyzes network communications mapped back to individual Lambda functions to detect malicious communications and popular compromise activity, such as cryptocurrency mining, according to AWS.

In November last year, AWS launched Amazon Security Lake, a new cybersecurity service that centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account.