Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS
Today, we are announcing further enhancements to Amazon GuardDuty Extended Threat Detection with new capabilities to detect multistage attacks targeting Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at Amazon Web Services scale to automatically correlate security signals and detect critical threats. It analyzes multiple security signals across network activity, process runtime behavior, malware execution, and Amazon Web Services API activity over extended periods to detect sophisticated attack patterns that might otherwise go unnoticed.
With this launch, GuardDuty introduces new critical-severity finding: AttackSequence:EC2/CompromisedInstanceGroup This finding provides attack sequence information, allowing you to spend less time on initial analysis and more time responding to critical threats, minimizing business impact. For example, GuardDuty can identify suspicious processes followed by persistence attempts, crypto-mining activities, and reverse shell creation, representing these related events as a single, critical-severity finding. Each finding includes a detailed summary, events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations.
GuardDuty Extended Threat Detection for Amazon EC2 is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD at no additional charge.
To get started, enable GuardDuty protection plans via the Console or API. New GuardDuty customers can start with a 30-day free trial. For additional information, visit Amazon GuardDuty product page.