Posted On: Feb 13, 2024

Amazon GuardDuty Runtime Monitoring, which detects potential runtime-based threats, now protects workloads running in shared virtual private cloud (VPCs) across all supported compute services. VPC sharing allows multiple AWS accounts to create their application resources, such as Amazon EC2 instances, into shared, centrally-managed VPCs. Customers use shared VPCs to simplify network management across different accounts in the organization, providing cost benefits and reduced operational overhead with fewer VPCs to manage. GuardDuty Runtime Monitoring uses a VPC endpoint to securely send the agent telemetry to the GuardDuty backend for processing and detecting threats. With GuardDuty Runtime Monitoring, customers can automatically manage the security agent—including the creation of the VPC endpoint and installing, deploying, and updating the agent—at no extra cost. With this launch, customers who are already opted into automated agent management in GuardDuty will benefit from a renewed 30-day trial of GuardDuty Runtime Monitoring where we will automatically start monitoring the resources (clusters) deployed in shared VPC setup. Customers also have the option to manually manage the agent and provision the VPC endpoint in their shared VPC environment.

GuardDuty is a threat detection service that continuously analyzes AWS logs and runtime behavior for malicious and abnormal activity and delivers detailed security findings for visibility and remediation. If you’re new to GuardDuty, you can try it at no cost for 30 days on the AWS Free Tier.

To learn more and get started:

* Refer to the documentation to learn about the new capability and for Region-specific feature availability
* Get updates on new features and threat detections with the Amazon GuardDuty SNS topic