Posted On: Mar 30, 2023

Amazon GuardDuty expands threat detection coverage to continuously monitor and profile Amazon Elastic Kubernetes Service (Amazon EKS) container runtime activity to identify malicious or suspicious behavior within container workloads. GuardDuty EKS Runtime Monitoring introduces a new lightweight, fully-managed security agent that monitors on-host operating system-level behavior, such as file access, process execution, and network connections. Once a potential threat is detected, GuardDuty generates a security finding that pinpoints the specific container, and includes details such as pod ID, image ID, EKS cluster tags, executable path, and process lineage. GuardDuty EKS Runtime monitoring includes over two dozen new detections at launch, which when combined with GuardDuty EKS Audit Log Monitoring, amounts to more than 50 detections that are tailored to identify threats to Amazon EKS deployments.

GuardDuty EKS Runtime Monitoring can be enabled with a few steps in the GuardDuty console, and is integrated with Amazon EKS to allow for automated agent deployment to existing and new EKS clusters in your account. Leveraging AWS Organizations, you can centrally enable runtime threat detection coverage for accounts and workloads across the organization and maintain full security coverage. Current and new GuardDuty users can try GuardDuty EKS Runtime Monitoring at no cost with a 30-day free trial.

To learn more and get started: