Amazon GuardDuty Adds Two New Threat Detections

Posted on: May 17, 2019

Amazon GuardDuty adds two new threat detections. These new detections represent the latest in a continuously growing library of fully managed threat detections available for customers who enable Amazon GuardDuty in their AWS accounts. With 25 added since launch, Amazon GuardDuty now supports 54 active finding types.  

Following are the new finding types: 

Recon:EC2/PortProbeEMRUnprotectedPort

The new Recon:EC2/PortProbeEMRUnprotectedPort finding type indicates that an EMR-related sensitive port on an Amazon EC2 Instance is not blocked by a security group, access control list, or an on-host firewall, and known scanners on the internet are actively probing it. Ports that can trigger this finding, such as the port 8088 (YARN Web UI port), could potentially be used for remote code execution. This is a high severity finding type. 

PrivilegeEscalation:IAMUser/AdministrativePermissions

The new PrivilegeEscalation:IAMUser/AdministrativePermissions finding type is triggered when a user or role attempts to assign a highly permissive policy to themselves. If the user or role in question is not meant to have administrative privileges, it indicates that either the user's credentials have been compromised or that the role's permissions may not be configured properly. This is a low severity finding type. 

These new findings are available today in all Regions in which Amazon GuardDuty is available. You don’t need to take any action to start using these new finding types. 

Once enabled, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts and access keys. GuardDuty identifies unusual or unauthorized activity, like cryptocurrency mining or infrastructure deployments in a region that has never been used. When a threat is detected, you are alerted with a GuardDuty security finding that provides detail of what was observed and the resources involved. Powered by threat intelligence and machine learning, GuardDuty is continuously evolving to help you protect your AWS environment.

You can enable your 30-day free trial of Amazon GuardDuty with a single-click in the GuardDuty console. Please see the AWS Regions page for all the regions where GuardDuty is available. To learn more, see Amazon GuardDuty Findings and to start your 30-day free trial, see Amazon GuardDuty Free Trial.