Posted On: Feb 9, 2024
Amazon GuardDuty Malware Protection can now scan Amazon Elastic Block Store (Amazon EBS) volumes that are encrypted with EBS managed keys attached to EC2 instance and container workloads, in addition to unencrypted EBS volumes, and volumes encrypted with AWS KMS customer-managed keys (CMKs). You can now configure automatic malware scanning based on GuardDuty network-based findings, and initiate on-demand malware scans of EBS volumes encrypted with EBS managed keys. When potential malware is identified, GuardDuty generates actionable security findings with information such as the threat and file name, the file path, the Amazon EC2 instance ID, resource tags and, in the case of containers, the container ID and the container image used, helping customers identify and respond to the malware security finding. GuardDuty Malware Protection does not require you to deploy additional security agents or software and is designed to have no performance impact on running workloads
GuardDuty is a threat detection service that continuously analyzes AWS logs and runtime behavior for malicious and abnormal activity and delivers detailed security findings for visibility and remediation. If you’re new to GuardDuty, you can try it at no cost for 30 days on the AWS Free Tier.
To learn more and get started:
- Refer to the documentation to learn about the new capability and for Region-specific feature availability.
- Get updates on new features and threat detections with the Amazon GuardDuty SNS topic.