AWS has announced the general availability of Amazon GuardDuty EC2 Runtime Monitoring. Amazon GuardDuty is a monitoring and threat detection solution for AWS data sources, and the company has already introduced Runtime Monitoring for other AWS services, including EKS, ECS, and AWS Fargate.
Now the capability is being expanded to EC2 instances. According to AWS, the most common threats to EC2 are related to remote code execution, which can lead to download and execution of malware.
GuardDuty Runtime Monitoring helps provide more visibility into commands that may involve malicious file downloads or execution, allowing companies to stop these threats before they impact the business.
It provides detailed information about the potential threats it finds, and offers capabilities that make it easier to find and filter threats. It includes information on over 30 security issues, including abused domains, backdoors, cryptocurrency-related activity, and unauthorized communications.
Amazon GuardDuty EC2 Runtime Monitoring also integrates with other AWS security services like AWS Security Hub and Amazon Detective, and Amazon EventBridge can be used to connect it to other systems as well, like Splunk, Jira, or ServiceNow.
AWS is offering users a free 30 day trial of EC2 Runtime Monitoring, which includes all the features and detection findings that it offers.