New capabilities expand coverage to other AWS workloads and core deployment use cases, delivering security findings with resource-specific details. Amazon Web Services (AWS) has added three new capabilities to its threat detection service Amazon GuardDuty. The new features expand GuardDuty protection to container runtime behavior, as well as database and serverless environments, strengthening customer security through enhanced coverage, AWS said.GuardDuty is part of a broad set of AWS security services that help customers identify potential security risks. It uses machine learning and integrated threat intelligence to detect suspicious data access, potential Amazon Elastic Compute Cloud (Amazon EC2) compromise, and malware.The three new capabilities are EKS Runtime Monitoring, RDS Protection, and Lambda Protection. These have been added to the hundreds of features already available within GuardDuty and can be enabled with no other requirements or prerequisites, according to AWS. New capabilities expand AWS security detection and monitoringThe capabilities expand security coverage to other AWS workloads and core deployment use cases, delivering actionable, contextual, and timely security findings with resource-specific details to help users investigate and respond to incidents, the company said in its announcement. EKS Runtime Monitoring deepens threat detection inside customers’ containerized workloads, GuardDuty RDS Protection helps customers protect data stored in Amazon Aurora databases, and GuardDuty Lambda Protection helps customers detect threats to their serverless applications. GuardDuty EKS Runtime Monitoring is a fully managed, lightweight security agent that profiles and monitors on-host operating system–level behavior such as file access, process execution, and network connections, AWS said. It deepens GuardDuty protection for Amazon EKS deployments and decreases the operational overhead and complexity often required to achieve this level of coverage, making it easier to achieve runtime coverage across all Amazon EKS workloads in an account or organization, according to the firm. It also helps customers identify steps in an attack, signaling them early to contain potential security threats before the threat escalates to broader business-impacting breaches, AWS said.GuardDuty RDS Protection identifies potential threats to data stored in Aurora databases, profiling, and monitoring access activity to existing and new databases in customer accounts, AWS said. It uses integrated threat intelligence and a machine learning model that is trained with highly contextual RDS login activity, detecting suspicious login activity to Aurora databases. GuardDuty Lambda Protection mitigates security risks in customers’ serverless applications, continuously monitoring serverless workloads. It analyzes network communications mapped back to individual Lambda functions to detect malicious communications and popular compromise activity, such as cryptocurrency mining, according to AWS.In November last year, AWS launched Amazon Security Lake, a new cybersecurity service that centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account. Related content news analysis Kinsing crypto mining campaign targets 75 cloud-native applications Five years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits. By Lucian Constantin May 08, 2024 6 mins Cryptocurrency Malware Application Security feature How to future-proof Windows networks: Take action now on planned phaseouts and changes Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. By Susan Bradley May 08, 2024 6 mins Windows Security Threat and Vulnerability Management Network Security brandpost Sponsored by Cyber NewsWire Hunters announces full adoption of OCSF and introduces OCSF-native search By Cyber NewsWire - Paid Press Release May 07, 2024 5 mins Cyberattacks Security news Administrator of ransomware operation LockBit named, charged, has assets frozen A Russian national alleged to have been the administrator of the notorious and prolific LockBit ransomware provider faces international charges. A $10-million reward for the suspect’s arrest has been offered. By Lucian Constantin May 07, 2024 3 mins Advanced Persistent Threats Hacker Groups Ransomware PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe