Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS

AWS has enhanced Amazon GuardDuty Extended Threat Detection to identify multistage attacks targeting EC2 instances and ECS clusters. This feature leverages AI and machine learning to correlate various security signals and detect complex threats. It analyzes network activity, process behavior, malware execution, and API calls over time for sophisticated attack patterns. Two new critical-severity findings, AttackSequence:EC2/CompromisedInstanceGroup and AttackSequence:ECS/CompromisedCluster, are now available. These findings offer attack sequence details, reducing analysis time and speeding up threat response. They consolidate related suspicious activities like persistence attempts, crypto-mining, and reverse shells into a single finding. Each finding includes a summary, timeline, MITRE ATT&CK mapping, and remediation advice. GuardDuty Extended Threat Detection is automatically enabled at no extra cost. To maximize coverage, customers should enable Runtime Monitoring for EC2 and for Fargate or EC2 based on their ECS setup. New and existing customers can utilize free trial periods for GuardDuty and Runtime Monitoring. Further details are available on the AWS blog and GuardDuty product page.