Posted On: Mar 29, 2024

Today, AWS announces the general availability of Amazon GuardDuty EC2 Runtime Monitoring. This feature deepens threat detection coverage for Amazon Elastic Compute Cloud (Amazon EC2). It gives you visibility into on-host, operating system–level activities and provides container-level context of detected threats. It complements runtime coverage already available for Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) on AWS Fargate, giving you comprehensive runtime visibility and detection across popular AWS compute services. 

GuardDuty Runtime Monitoring helps you identify and respond to potential threats, including instances or self-managed containers in your AWS environment that are querying IP addresses associated with cryptocurrency-related activity or making connections to a Tor network as a Tor relay. Threats to compute workloads often involve remote code execution that leads to the download and execution of malware. GuardDuty Runtime Monitoring provides visibility into suspicious commands that involve malicious file downloads and execution across each step, providing earlier discovery of threats during initial compromise—before they become business-impacting events. 

Tens of thousands of customers across many industries and geographies use GuardDuty. You can enable GuardDuty EC2 Runtime Monitoring in a few steps in the GuardDuty console. GuardDuty will immediately begin collecting and analyzing runtime event activity for potential threats. Using AWS Organizations, you can centrally enable runtime threat detection—including automated agent management—for accounts and workloads across the organization to simplify your security coverage. 

This feature is generally available in all AWS Regions where GuardDuty is available, excluding AWS GovCloud (US) Regions and AWS China Regions.

To learn more and get started, try GuardDuty EC2 Runtime Monitoring for 30 days at no cost on the AWS Free Tier. You can also subscribe to feature updates with the Amazon GuardDuty SNS topic.