Posted On: Nov 26, 2023
Today, AWS announces the preview launch of HAQM GuardDuty EC2 Runtime Monitoring, an expansion of HAQM GuardDuty that introduces runtime threat detection for HAQM Elastic Compute Cloud (HAQM EC2) workloads.
GuardDuty EC2 Runtime Monitoring deepens threat detection coverage for HAQM EC2 workloads. It gives you visibility into on-host, operating system–level activities and provides container-level context into detected threats. With this extended capability, GuardDuty can help you identify and respond to potential threats that might target the compute resources within your EC2 workloads. This could include instances or self-managed containers in your AWS environment that are querying IP addresses associated with cryptocurrency-related activity or making connections to a Tor network as a Tor relay. Now, no matter where you run your compute on AWS, you have full runtime visibility—helping to reduce the attack surface and mitigating risks in running applications and workloads.
You can enable GuardDuty EC2 Runtime Monitoring with a few steps in the GuardDuty console. It is compatible with AWS Organizations, so you can centrally enable runtime threat detection coverage for accounts and workloads across the organization to simplify your security coverage.
GuardDuty EC2 Runtime Monitoring is available to preview in all AWS Regions where GuardDuty is available, excluding AWS GovCloud (US) Regions and AWS China Regions.
To get started, consult the GuardDuty documentation for specific supported operational models and preview GuardDuty EC2 Runtime Monitoring.