Posted On: May 1, 2023
Amazon GuardDuty Malware Protection adds a new capability that allows customers to initiate on-demand malware scans of Amazon Elastic Compute Cloud (Amazon EC2) instances, including instances used to host container workloads. Scans can be initiated using the GuardDuty console, or programmatically via the API, without the need to deploy security software and are designed to have no performance impact to running workloads. When potential malware is identified, GuardDuty generates actionable security findings with information such as the threat and file name, the file path, the Amazon EC2 instance ID, resource tags and, in the case of containers, the container ID and the container image used. This capability builds on the existing Malware Protection capability of GuardDuty-initiated scans that when enabled, automatically initiates a malware scan when GuardDuty detects suspicious behavior indicative of malware on the instance.
Customers across many industries and geographies use GuardDuty, including more than 90% of AWS’s 2,000 largest customers. GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. If you’re new to GuardDuty, you can try it at no cost for 30 days on the AWS Free Tier.
To learn more and get started:
- Refer to the documentation to learn about the new capability and for Region-specific feature availability.
- Get updates on new features and threat detections with the Amazon GuardDuty SNS topic.