Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS | Amazon Web Services Today, we’re announcing new enhancements to Amazon GuardDuty Extended Threat Detection with the addition of two attack sequence findings for Amazon Elastic Compute Cloud (Amazon EC2) instances and Amazon...

📰🚨 Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS

#AmazonGuardDuty #ExtendedThreatDetection #AWSSecurity #CloudSecurity #ECSAndEC2

ift.tt/Y0adPB3

Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS

AWS announces further enhancements to Amazon GuardDuty Extended Threat Detection with new capabilities to detect multistage attacks targeting Amazon Elastic Compute Cloud (Amazon EC2) insta...

#AWS #AmazonGuardduty

Amazon GuardDuty Malware Protection for AWS Backup is now available

Amazon GuardDuty Malware Protection for AWS Backup is now available, extending malware detection to your Amazon EC2, Amazon EBS, and Amazon S3 backups. This capability automates...

#AWS #AwsGovcloudUs #AmazonGuardduty #AwsBackup

Enhancing threat detection with Amazon GuardDuty new custom entity lists

Today, AWS announced the general availability of Amazon GuardDuty docs.aws.amazon.com/guardduty/latest/ug/guar... This new feature enhances threat detection capabilities...

#AWS #AmazonGuardduty

Enhancing threat detection with Amazon GuardDuty new custom entity lists Today, AWS announced the general availability of Amazon GuardDuty custom threat detection using entity lists. This new feature enhances threat detection capabilities in GuardDuty by extending support to incorporate your own domain-based threat intelligence into the service beyond originally supported custom IP list. You can now detect threats in GuardDuty using malicious domains or IP addresses defined in your custom threat list. As part of this update, GuardDuty introduces a new finding type, Impact:EC2/MaliciousDomainRequest.Custom, which is triggered when activity related to a domain in your custom threat list is detected. Additionally, you can use entity lists to suppress alerts from trusted sources, giving you greater control over your threat detection strategy. Entity lists offer enhanced flexibility compared to the previous IP address lists. These new lists can include IP addresses, domains, or both, allowing for more comprehensive threat intelligence integration. Unlike the legacy IP list format, entity lists provides simplified permission management and avoids impacting IAM policy size limits across multiple AWS Regions, making it easier to implement and manage custom threat detection across your AWS environment. GuardDuty custom entity list is available in all AWS Regions where GuardDuty is offered, excluding China Regions and GovCloud (US) Regions.

🆕 AWS released Amazon GuardDuty's custom entity lists for improved threat detection, letting users add domain-based threat intel beyond IP lists, with easier permission management and better threat intel integration.

#AWS #AmazonGuardduty

Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters | Amazon Web Services Expanded Amazon GuardDuty Extended Threat Detection for EKS clusters uses proprietary correlation algorithms to identify sophisticated multi-stage attack sequences across Kubernetes audit logs, container...

📰🚨Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters by Esra Kayabali

#AmazonGuardDuty #KubernetesSecurity #ThreatDetection #CloudSecurity #AWService

Amazon GuardDuty Extended Threat Detection now supports Amazon EKS

Today, AWS announces further enhancements to Amazon GuardDuty docs.aws.amazon.com/guardduty/latest/ug/guar... This capability now includes coverage for multi-stag...

#AWS #AmazonGuardduty

Amazon GuardDuty Extended Threat Detection now supports Amazon EKS Today, AWS announces further enhancements to Amazon GuardDuty Extended Threat Detection. This capability now includes coverage for multi-stage attacks targeting Amazon Elastic Kubernetes Service (EKS) clusters in your AWS environment. GuardDuty correlates multiple security signals across Amazon EKS audit logs, runtime behavior of processes, malware execution, and AWS API activity to detect sophisticated attack patterns that might otherwise go unnoticed.  These new attack sequence findings cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical severity threats, thereby minimizing business impact.  GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale to automatically correlate security signals to detect critical threats. For example, it can identify an anomalous deployment of a privileged container followed by persistence attempts, crypto mining, and reverse shell creation, representing these related events as a single, critical-severity finding. You can then take action based on a new attack sequence finding type of critical severity. Each finding includes an incident summary, detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations. This capability is automatically enabled for all GuardDuty customers at no additional cost in all Regions where GuardDuty is available. To detect attack sequences involving Amazon EKS clusters, you must enable GuardDuty EKS Protection, and GuardDuty recommends to also enable GuardDuty Runtime Monitoring for EKS for a more comprehensive security coverage. Take action on findings directly from the GuardDuty console or via integrations with AWS Security Hub and Amazon EventBridge. To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.

🆕 AWS GuardDuty now supports Amazon EKS, enhancing threat detection and correlating security signals to spot multi-stage attacks, cutting first-level analysis time and minimizing business impact. Automatically enabled at no extra cost; enable GuardDuty EKS Protection for ful…

#AWS #AmazonGuardduty

Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters

Expanded Amazon GuardDuty Extended Threat Detection for EKS clusters uses proprietar...

#AWS #AmazonElasticKubernetesService #AmazonGuardduty #Announcements #Featured #Launch #News #Security #Identity #&Compliance

Amazon GuardDuty Malware Protection for EC2 now available in AWS GovCloud (US) Regions

Today, Amazon Web Services (AWS) announces the availability of docs.aws.amazon.com/guardduty/latest/ug/malw... in AWS GovCloud (US) Regions, enab...

#AWS #AmazonGuardduty #AwsGovcloudUs

Amazon GuardDuty Malware Protection for EC2 now available in AWS GovCloud (US) Regions Today, Amazon Web Services (AWS) announces the availability of Amazon GuardDuty Malware Protection for Amazon EC2 in AWS GovCloud (US) Regions, enabling GuardDuty customers to detect the potential presence of malware by scanning the Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon Elastic Compute Cloud (Amazon EC2) instances and container workloads running on Amazon EC2. Malware scanning in GuardDuty does not any additional security software to be deployed and is designed to have no performance impact to running workloads. When potential malware is identified, GuardDuty generates actionable security findings with information related to the resource and the detected threat. Malware Protection for EC2 supports two methods of scanning: 1/ GuardDuty-initiated scans, which automatically initiates a malware scan when GuardDuty detects suspicious behavior indicative of malware on the instance, and 2/ On-demand scans, where you can initiate scan by providing the Amazon Resource Name (ARN) of the Amazon EC2 instance. Tens of thousands of customers across many industries and geographies use GuardDuty. GuardDuty can identify unusual or unauthorized activity like cryptocurrency mining, access to data stored in Amazon Simple Storage Service (Amazon S3) from unusual locations, or unauthorized access to Amazon Elastic Kubernetes Service (Amazon EKS) clusters. If you’re new to GuardDuty, you can try it at no cost for 30 days on the AWS Free Tier. To learn more and get started: Refer to the documentation to learn about the new capability Get updates on new features and threat detections with the Amazon GuardDuty SNS topic

🆕 Amazon GuardDuty Malware Protection for EC2 is now in AWS GovCloud (US), detecting EBS malware via scans with no performance impact. Two methods: GuardDuty-initiated and on-demand scans. Free for 30 days.

#AWS #AmazonGuardduty #AwsGovcloudUs

Amazon GuardDuty Extended Threat Detection now available in AWS GovCloud (US) and China Regions

Amazon GuardDuty docs.aws.amazon.com/guardduty/latest/ug/guar... is now automatically available in AWS GovCloud (US) an...

#AWS #AwsGovcloudUs #AmazonGuardduty

Amazon GuardDuty Extended Threat Detection now available in AWS GovCloud (US) and China Regions Amazon GuardDuty Extended Threat Detection is now automatically available in AWS GovCloud (US) and China Regions. This capability allows you to identify sophisticated, multi-stage attacks targeting your AWS accounts, workloads, and data. You can now use new attack sequence findings that cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical-severity threats to minimize business impact. GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale and automatically correlates security signals from across AWS services to detect critical threats. It identifies attack sequences, such as credential compromise followed by data exfiltration, and represents them as a single, critical-severity finding. The finding includes an incident summary, a detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations. GuardDuty Extended Threat Detection is also available in all AWS commercial Regions where GuardDuty is available. This capability is automatically enabled for all new and existing GuardDuty customers at no additional cost. You do not need to enable all GuardDuty protection plans. However, enabling additional protection plans such as GuardDuty S3 Protection will increase the breadth of security signals, allowing for more comprehensive threat analysis and coverage of attack scenarios. You can take action on findings directly from the GuardDuty console or via its integrations with AWS Security Hub and Amazon EventBridge. To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.

🆕 Amazon GuardDuty Extended Threat Detection is now available in AWS GovCloud (US) and China Regions, providing advanced attack detection and response, automatically enabled at no extra cost, with AI insights and integration with AWS Security Hub and EventBrid…

#AWS #AwsGovcloudUs #AmazonGuardduty

Amazon GuardDuty Malware Protection for S3 now available in AWS GovCloud (US) Regions

Today, Amazon Web Services (AWS) announces the availability of docs.aws.amazon.com/guardduty/latest/ug/gdu-... in AWS GovCloud (US) regions...

#AWS #AmazonGuardduty #AwsGovcloudUs

Amazon GuardDuty Malware Protection for S3 now available in AWS GovCloud (US) Regions Today, Amazon Web Services (AWS) announces the availability of Amazon GuardDuty Malware Protection for Amazon S3 in AWS GovCloud (US) regions. This expansion of GuardDuty Malware Protection allows you to scan newly uploaded objects to Amazon S3 buckets for potential malware, viruses, and other suspicious uploads and take action to isolate them before they are ingested into downstream processes. GuardDuty helps customers protect millions of Amazon S3 buckets and AWS accounts. GuardDuty Malware Protection for Amazon S3 is fully managed by AWS, alleviating the operational complexity and overhead that normally comes with managing a data-scanning pipeline, with compute infrastructure operated on your behalf. This feature also gives application owners more control over the security of their organization’s S3 buckets; they can enable GuardDuty Malware Protection for S3 even if core GuardDuty is not enabled in the account. Application owners are automatically notified of the scan results using Amazon EventBridge to build downstream workflows, such as isolation to a quarantine bucket, or define bucket policies using tags that prevent users or applications from accessing certain objects. GuardDuty Malware Protection for Amazon S3 is available in all AWS Regions where GuardDuty is available, excluding China Regions.

🆕 Amazon GuardDuty Malware Protection for S3 now available in AWS GovCloud (US) regions, scanning S3 buckets for malware, viruses, and suspicious uploads, fully managed by AWS, excluding China Regions.

#AWS #AmazonGuardduty #AwsGovcloudUs

Amazon GuardDuty Malware Protection for S3 announces price reduction

docs.aws.amazon.com/guardduty/latest/ug/gdu-... provides a fully-managed offering to scan new object uploads to S3 bucket for malware. Starting February 1, 2025, we are lo...

#AWS #AmazonGuardduty

Amazon GuardDuty Malware Protection for S3 announces price reduction Amazon GuardDuty Malware Protection for Amazon S3 provides a fully-managed offering to scan new object uploads to S3 bucket for malware. Starting February 1, 2025, we are lowering the price for the data scanned dimension by 85%. Over the past few months we have made improvements to our scanning infrastructure and data processing efficiencies, enabling us to reduce the price as part of our commitment to pass savings back to customers. GuardDuty Malware Protection for S3 is priced based on two dimensions: the number of objects evaluated and the amount of data scanned. We are lowering the price for the data scanned dimension, for example in US East (N. Virginia) from $0.60 to $0.09 per GB. The price for objects evaluated remains unchanged. With this price reduction, you will be more capable of building secure and cost-effective data pipelines on Amazon S3 for applications with untrusted uploads across the enterprise. The price reduction applies automatically to all AWS Regions where GuardDuty Malware Protection for S3 is available, requiring no action from customers. For additional information visit Amazon GuardDuty pricing page. To receive programmatic updates on new GuardDuty features and threat detections, subscribe to the Amazon GuardDuty AWS Simple Notification Service (SNS) topic.

🆕 Amazon GuardDuty Malware Protection for S3 announces price reduction

#AWS #AmazonGuardduty

Amazon GuardDuty is now available in AWS Asia Pacific (Malaysia) Region

https://aws.amazon.com/guardduty/ is now available in the Asia Pacific (Malaysia) Region. You can now use this additional Region to continuously monitor and detect anomalous behavior, security threat...

#AWS #AmazonGuardduty

Amazon GuardDuty is now available in AWS Asia Pacific (Malaysia) Region Amazon GuardDuty is now available in the Asia Pacific (Malaysia) Region. You can now use this additional Region to continuously monitor and detect anomalous behavior, security threats, and sophisticated multi-stage attack sequences targeting your AWS accounts to help protect your AWS accounts, workloads, and data. Tens of thousands of customers across many industries and geographies use GuardDuty. GuardDuty can identify unusual or unauthorized activity like cryptocurrency mining, access to data stored in Amazon Simple Storage Service (Amazon S3) from unusual locations, or unauthorized access to Amazon Elastic Kubernetes Service (Amazon EKS) clusters. GuardDuty Malware Protection adds file scanning for workloads using Amazon Elastic Block Store (Amazon EBS) volumes or Amazon S3 to detect the presence of malware. GuardDuty continually evolves its techniques to identify indicators of compromise, such as regularly updating machine learning (ML) models, adding new anomaly detections, and growing integrated threat intelligence to identify and prioritize potential threats to your AWS resources. You can begin your 30-day free trial of Amazon GuardDuty with a single click in the AWS Management Console. To receive programmatic updates on new GuardDuty features and threat detections, subscribe to the Amazon GuardDuty SNS topic.

🆕 Amazon GuardDuty is now available in AWS Asia Pacific (Malaysia) Region

#AWS #AmazonGuardduty

AWS announces AWS Security Incident Response for general availability

Today, AWS announces the general availability of AWS Security Incident Response, a new service that helps you prepare for, respond to, and recover from security events...

#AWS #AmazonGuardduty #AwsSecurityHub #AwsOrganizations

Amazon GuardDuty introduces GuardDuty Extended Threat Detection

Today, Amazon Web Services (AWS) announces the general availability of Amazon GuardDuty docs.aws.amazon.com/guardduty/latest/ug/guar... This new capability allows yo...

#AWS #AmazonGuardduty

AWS announces AWS Security Incident Response for general availability Today, AWS announces the general availability of AWS Security Incident Response, a new service that helps you prepare for, respond to, and recover from security events. This service offers automated monitoring and investigation of security findings to free up your resources from routine tasks, communication and collaboration features to streamline response coordination, and direct 24/7 access to the AWS Customer Incident Response Team (CIRT). Security Incident Response integrates with existing detection services, such as Amazon GuardDuty, and third-party tools through AWS Security Hub to rapidly review security alerts, escalate high-priority findings, and, with your permission, implement containment actions. It reduces the number of alerts your team needs to analyze, saving time and allowing your security personnel to focus on strategic initiatives. The service centralizes all incident-related communications, documentation, and actions, making coordinated incident response across internal and external stakeholders possible and reducing the time to coordinate from hours to minutes. You can preconfigure incident response team members, set up automatic notifications, manage case permissions, and use communication tools like video conferencing and in-console messaging during security events. By accessing the service through a single, centralized dashboard in the AWS Management Console, you can monitor active cases, review resolved security incident cases, and track key metrics, such as the number of triaged events and mean time to resolution, in real time. If you require specialized expertise, you can connect 24/7 to the AWS CIRT in only one step. For more information about AWS Regions where Security Incident Response is available, refer to the following service documentation. To get started, visit the Security Incident Response console, and explore the overview page to learn more. For configuration details, refer to the Security Incident Response User Guide.

🆕 AWS announces AWS Security Incident Response for general availability

#AWS #AmazonGuardduty #AwsSecurityHub #AwsOrganizations

Amazon GuardDuty introduces GuardDuty Extended Threat Detection Today, Amazon Web Services (AWS) announces the general availability of Amazon GuardDuty Extended Threat Detection. This new capability allows you to identify sophisticated, multi-stage attacks targeting your AWS accounts, workloads, and data. You can now use new attack sequence findings that cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical severity threats to minimize business impact. GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale and automatically correlates security signals from across AWS services to detect critical threats. This capability allows for the identification of attack sequences, such as credential compromise followed by data exfiltration, and represents them as a single, critical-severity finding. The finding includes an incident summary, a detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations. GuardDuty Extended Threat Detection is available in all AWS commercial Regions where GuardDuty is available. This new capability is automatically enabled for all new and existing GuardDuty customers at no additional cost. You do not need to enable all GuardDuty protection plans. However, enabling additional protection plans will increase the breadth of security signals, allowing for more comprehensive threat analysis and coverage of attack scenarios. You can take action on findings directly from the GuardDuty console or via its integrations with AWS Security Hub and Amazon EventBridge. To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.

🆕 Amazon GuardDuty introduces GuardDuty Extended Threat Detection

#AWS #AmazonGuardduty

Introducing Amazon GuardDuty Extended Threat Detection: AI/ML attack sequence identification for enhanced cloud security

AWS extends GuardDuty with AI/ML capabilities to detect complex attack sequences across ...

#AWS #AmazonGuardduty #Announcements #Launch #News #Security #Identity #&Compliance