Posted On: Nov 9, 2023
HAQM GuardDuty has incorporated new machine learning techniques to more accurately detect anomalous activities indicative of threats to your HAQM Elastic Kubernetes Service (HAQM EKS) clusters. This new capability continuously models Kubernetes audit log events from HAQM EKS to detect highly suspicious activity such as unusual user access to Kubernetes secrets that can be used to escalate privileges, and suspicious container deployments with images not commonly used in the cluster or account. The new threat detections are available for all GuardDuty customers that have GuardDuty EKS Audit Log Monitoring enabled.
The new machine learning approach establishes normal behavior based on features such as pod or container configuration, autonomous system number (ASN), or user agent. This allows GuardDuty to more accurately identify abnormal activity in your HAQM EKS clusters associated with known attack tactics, including discovery, credential access, privilege escalation, and execution.
The new capabilities are now available in all AWS Regions where GuardDuty is available, excluding AWS Europe (Spain), AWS Europe (Zurich), AWS Asia Pacific (Hyderabad), AWS Asia Pacific (Melbourne), AWS GovCloud (US) Regions and AWS China Regions.
To get started:
- Learn about these new finding types in GuardDuty
- Try GuardDuty free for 30 days on the AWS Free Tier