Security

AWS ups security for Elastic Block Store, Kubernetes service

Stretching its security software a bit further


Amazon’s cloud platform is extending security capabilities for a couple of its widely used services; Amazon Elastic Block Store (EBS) and Amazon Elastic Kubernetes Service (EKS).

This latest support comes in the shape of updates to a couple of existing AWS capabilities, namely Amazon GuardDuty and Amazon Detective.

Amazon GuardDuty is described as a threat detection service that can continuously monitor AWS accounts and workloads for malicious activity, and can initiate automated responses.

With the latest update, Amazon GuardDuty now has the ability to detect malware, and a scan for malware will be initiated if GuardDuty detects that customer EC2 instances - or container workloads running on EC2 - is doing something considered suspicious. When a malware scan is initiated, GuardDuty will actually take a snapshot of any Amazon Elastic Block Store (EBS) volumes attached to a suspect EC2 instance that are less than 1TB in size, and then scan the snapshot for malware.

GuardDuty supports many file system types and is able to scan file formats known to be used to spread or contain malware, including Windows and Linux executables, PDF documents, archives, binaries, scripts, installers, email databases, and plain old emails.

In fact, the scanning appears to be actually performed using third-party security tools, since AWS lists a number of partner offerings GuardDuty is integrated with, including those from BitDefender, Sophos, and Palo Alto Networks. Users can opt to preserve a snapshot for further analysis if malware is detected, otherwise they will be deleted upon completion of a scan.

Amazon GuardDuty Malware Protection is available in most AWS Regions where GuardDuty is available with a few exceptions. Customers pay for the volume of data scanned in the file systems, and not for the size of the EBS volumes themselves, Amazon said.

Meanwhile, Amazon Detective is a fully managed service intended to analyze and identify the root cause of potential security issues or suspicious activities. It does this by examining log data into a graph model that summarizes resource behaviors and interactions across an entire AWS environment.

The updated capabilities in Amazon Detective now expand its security investigation coverage to workloads running in containers under Amazon EKS. According to Amazon, Detective will automatically start ingesting EKS audit logs to capture API activity from users, applications, and the Kubernetes control plane in Amazon EKS once enabled by a customer.

AWS said that Amazon Detective for EKS is available in all Regions where Amazon Detective is available, and pricing will be based on the volume of audit logs analyzed.

However, Detective provides a free 30-day trial when EKS coverage is enabled, allowing customers to ensure that the capabilities meet their security needs and to get an estimate of the service’s monthly cost before committing to paid usage. ®

Send us news
Post a comment

Progress outbids private equity in offer for MariaDB plc

MySQL sibling saga continues as 40-year-old infrastructure software firm enters the fray

INC Ransom claims responsibility for attack on NHS Scotland

Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total

PostgreSQL pioneer's latest brainchild promises time travel to dodge ransomware

Michael Stonbraker on the neat side effects of putting an operating system on top of a database

Databricks claims its open source foundational LLM outsmarts GPT-3.5

In the AI gold rush, analytics outfit wants to provide the shovels

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

One might say this is a wurst case scenario

AI hallucinates software packages and devs download them – even if potentially poisoned with malware

Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that

Execs in Japan busted for winning dev bids then outsourcing to North Koreans

Government issues stern warning over despot money-making scheme

Hyperfluorescent OLEDs promise more efficient displays that won't make you so blue

Novel design might also help reduce those annoying burn-in issues

Standardization could open door to third-party chiplets in AMD designs

Domain-specific accelerators are 'essential to progress' it claims, and a chiplet ecosystem is one way forward

Apple fans deluged with phony password reset requests

Beware support calls offering a fix

NASA gives IXPE observatory the Ctrl-Alt-Del treatment to make it talk sense

Hardware misbehaving in orbit? Time for a reset on the avionics

'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders