Posted On: May 25, 2023

Amazon GuardDuty Malware Protection is now available, in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD to help detect malicious files residing on an instance or container workload running on Amazon Elastic Compute Cloud (Amazon EC2) without deploying security software or agents. Amazon GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect malware that can be used to compromise resources, modify access permissions, and exfiltrate data. Malicious files that contain trojans, worms, crypto miners, rootkits, bots, and the like can be used to compromise workloads, repurpose resources for malicious use, and gain unauthorized access to data. Existing customers can enable the GuardDuty Malware Protection feature with a single click in the GuardDuty console or through the GuardDuty API. When threats are detected, GuardDuty Malware Protection automatically sends security findings to Amazon Security Hub and Amazon EventBridge. These integrations help you centralize your security monitoring for Amazon Web Services and partner services, automate responses to malware findings, and perform security investigations from the GuardDuty console. With the launch of Amazon GuardDuty Malware Protection there are eight new threat detections:

1. Execution:EC2/MaliciousFile
2. Execution:ECS/MaliciousFile
3. Execution:Kubernetes/MaliciousFile
4. Execution:Container/MaliciousFile
5. Execution:EC2/SuspiciousFile
6. Execution:ECS/SuspiciousFile
7. Execution:Kubernetes/SuspiciousFile
8. Execution:Container/SuspiciousFile
 

You can begin your 30-day free trial of Amazon GuardDuty with a single-click in the Amazon Web Services Management Console. To receive programmatic updates on new GuardDuty features and threat detections, subscribe to the Amazon GuardDuty SNS topic.