Guard Duty Findings in EKS & EC2
Amazon GuardDuty is a security service that continuously monitors your AWS accounts and workloads to identify unexpected and potentially malicious activity. It uses a combination of machine learning, threat intelligence feeds, and integrated AWS security features to identify threats, and provides you with recommendations for how to remediate them. In this blog, we'll take a look at some of the common findings that GuardDuty can identify in Amazon Elastic Container Service for Kubernetes (EKS) and Amazon Elastic Compute Cloud (EC2) environments. One common finding in EKS environments is unauthorized resource access. This occurs when an entity (such as an IAM user or an EC2 instance) accesses resources that it does not have permission to access. This could be the result of a misconfigured IAM policy or an accidental leak of AWS credentials. GuardDuty can alert you to this type of activity so that you can take action to secure your resources. Another common finding in EKS environments is network communication with known malicious IPs. This occurs when an EKS cluster or an EC2 instance in your environment communicates with an IP address that is known to be associated with malicious activity. This could be the result of an infected EC2 instance or an EKS cluster that has been compromised by a malicious actor. GuardDuty can alert you to this type of activity so that you can take steps to secure your environment. In EC2 environments, a common finding is unusual resource creation. This occurs when an entity creates resources in your environment at an unusual rate or in an unusual way. This could be the result of a compromised IAM user or an EC2 instance that has been compromised by a malicious actor. GuardDuty can alert you to this type of activity so that you can take steps to secure your environment.
Recommended
Recommended
More Related Content
Similar to Guard Duty Findings in EKS & EC2
Similar to Guard Duty Findings in EKS & EC2 (20)
More from Christopher Doman
More from Christopher Doman (20)
Recently uploaded
Recently uploaded (20)
Guard Duty Findings in EKS & EC2
- 1. Guard Duty Findings in EKS & EC2
- 2. Responding to Guard Duty findings in EKS & EC2 2
- 3. Preserve Intrusion Evidence Zero-impact to production systems Easy data collection from anywhere: ✓ Cloud ✓ Containers ✓ On-prem systems
- 4. Investigate at Cloud Speed Quick automated data processing: ✓ Fast ✓ Efficient ✓ Effective Patent-pending cloud-based architecture
- 5. Understand the Full Picture Complete visibility and context Seamless investigation of multiple data sources: ✓ Host ✓ Logs ✓ Memory
- 6. Identify Root Cause Patent-pending analytics engine Powerful analytics that saves: ✓ Time ✓ Resources ✓ Money
- 7. Cado Use Cases ● Conduct forensics investigations across complex & expansive cloud environments ● Investigate cloud incidents that span multiple cloud platforms, regions, systems, and accounts with ease ● Capture incident data before it’s gone across virtualization technologies that continuously grow, shrink and recycle data ● Process and investigate container environments and auto scaling groups ● Ensure optimal security even where an agent-based detection solution can’t be deployed ● Conduct threat hunts across high-availability production systems with zero impact Cloud Forensics Container Forensics Cloud Threat Hunting
- 8. Know Your Cloud with Cado. www.cadosecurity.com