Amazon Web Services (AWS) announces three new capabilities for Amazon GuardDuty, AWS’ threat detection service.

AWS GuardDuty focuses on customer security and is continually improved through machine learning, anomaly detection, and built-in threat intelligence. The three new features extend GuardDuty protection to runtime behavior of containers, database, and serverless environments.

EKS Runtime Monitoring improves threat detection in customer containerized workloads. GuardDuty RDS Protection helps customers protect data stored in Amazon Aurora databases. GuardDuty Lambda Protection helps customers detect threats to their serverless applications.

Since its launch in 2017, Amazon GuardDuty has added more than 100 new threat detection capabilities, including the ability to detect credential exfiltration and compromise, even when using elusive techniques. The three new features added to GuardDuty extend security coverage to other AWS workloads and core deployment use cases. New features include:

• New container runtime protection for Amazon Elastic Kubernetes Service (Amazon EKS). GuardDuty EKS Runtime Monitoring introduces a fully managed, lightweight security agent that profiles and monitors host operating system-level behavior such as file access, process execution, and network connections.
• Extensive coverage for data stored in Amazon Aurora. GuardDuty RDS Protection identifies potential threats to data stored in Aurora databases without impacting performance, productivity, or availability.
• Support for serverless applications on AWS Lambda. GuardDuty Lambda Protection mitigates security risks in serverless customer applications. Once enabled, GuardDuty Lambda Protection continuously monitors serverless workloads and analyzes network communications reported back to individual Lambda functions.