Posted On: Nov 26, 2023

Today, AWS announces the preview launch of Amazon GuardDuty EC2 Runtime Monitoring, an expansion of Amazon GuardDuty that introduces runtime threat detection for Amazon Elastic Compute Cloud (Amazon EC2) workloads.

GuardDuty EC2 Runtime Monitoring deepens threat detection coverage for Amazon EC2 workloads. It gives you visibility into on-host, operating system–level activities and provides container-level context into detected threats. With this extended capability, GuardDuty can help you identify and respond to potential threats that might target the compute resources within your EC2 workloads. This could include instances or self-managed containers in your AWS environment that are querying IP addresses associated with cryptocurrency-related activity or making connections to a Tor network as a Tor relay. Now, no matter where you run your compute on AWS, you have full runtime visibility—helping to reduce the attack surface and mitigating risks in running applications and workloads.

You can enable GuardDuty EC2 Runtime Monitoring with a few steps in the GuardDuty console. It is compatible with AWS Organizations, so you can centrally enable runtime threat detection coverage for accounts and workloads across the organization to simplify your security coverage.

GuardDuty EC2 Runtime Monitoring is available to preview in all AWS Regions where GuardDuty is available, excluding AWS GovCloud (US) Regions and AWS China Regions.

To get started, consult the GuardDuty documentation for specific supported operational models and preview GuardDuty EC2 Runtime Monitoring.