All news with #amazon guardduty tag

Amazon GuardDuty Malware Protection for AWS Backup

🔒 Amazon announced GuardDuty Malware Protection for AWS Backup, extending malware detection to backups of Amazon EC2 instances, Amazon EBS volumes, and Amazon S3 objects. The capability automatically scans new backups, supports on-demand scans of existing backups, and can identify the last known clean backup to reduce recovery impact. It offers incremental scanning to analyze only changed data between backups, lowering costs versus full rescans, and can be enabled even if GuardDuty foundational data sources are not active. The feature is available in supported Regions and accessible via the AWS Backup console, API, or CLI.

Planning and Running an AWS Security Hub POC Guide

🔒 This post explains how to plan and implement an AWS Security Hub proof of concept (POC) to evaluate unified cloud security operations. It outlines steps to define success criteria, configure integrations with GuardDuty, Amazon Inspector, Macie, and Security Hub CSPM, and to prepare, enable, and validate the deployment. The guidance recommends using overlapping trial periods, adopting the OCSF standard for normalized findings, and leveraging automation and ticketing integrations to measure operational impact.

Security Services Available in AWS Dedicated Local Zones

🛡️ This post explains how organizations can use AWS security services while keeping data within Dedicated Local Zones. It describes the AWS Nitro System for hardware-enforced isolation, AWS KMS with an external key store option, and continuous protection from Amazon Inspector and GuardDuty. It also covers certificate management via ACM, DDoS mitigation with AWS Shield, and centralized auditing through CloudTrail.

Amazon GuardDuty Adds Custom Entity Lists for Domains

🛡️ AWS announced general availability of Amazon GuardDuty custom threat detection using entity lists, extending support beyond IP-only lists to include malicious domains and IP addresses. GuardDuty introduces a new finding type, Impact:EC2/MaliciousDomainRequest.Custom, triggered when activity related to a listed domain is observed. Entity lists also allow suppression of alerts from trusted sources and simplify cross-region permission management, avoiding IAM policy size limits. The feature is available in all GuardDuty Regions except China and GovCloud (US).

Amazon GuardDuty Adds Custom Entity Lists for Detection

🛡️ AWS announced general availability of Amazon GuardDuty custom threat detection using entity lists, expanding support beyond legacy IP-only lists to include domains and mixed IP/domain lists. The service adds a new finding type, Impact:EC2/MaliciousDomainRequest.Custom, when activity involves a listed domain. Entity lists can also be used to suppress alerts from trusted sources, and they simplify permissions and cross-region management. The capability is available in all Regions where GuardDuty runs, excluding China and GovCloud (US).