GuardDuty Malware Protection for S3 - Overview and Demo | Amazon Web Services

GuardDuty Malware Protection for S3 - Overview and Demo | Amazon Web Services

Introduction

Hi, I'm Matthew, and I'll be your AI voiceover companion for this video. I'm thrilled to announce the launch of a new Amazon GuardDuty feature that will help organizations better protect data in the cloud: Amazon GuardDuty Malware Protection for S3. In today's threat landscape, safeguarding your data in the cloud is more important than ever. This new capability allows you to scan your S3 buckets to detect malware from untrusted sources.

The Importance of Cloud Data Protection

We know that data stored in the cloud can come from various sources, not all entirely trustworthy. GuardDuty leverages advanced threat detection capabilities to continuously monitor your S3 objects and identify any potential malware threats. When GuardDuty detects malware, it can tag objects, enabling downstream orchestration like automated quarantining to prevent malware spread and further damage to your critical data. The tagging also provides visibility into flagged files for further investigation by your security team.

Fully Managed AWS Service

GuardDuty is a fully managed AWS service, meaning there's no infrastructure for you to deploy or maintain. AWS handles all underlying resources, scaling, and updates required for malware detection and remediation. This lets your team focus on your core business instead of managing security operations.

Easy and Seamless Setup

The setup is straightforward and seamless, requiring minimal configurations for both application developers and your security team. Integration with your existing S3 buckets is quick, allowing you to start benefiting from this additional protective layer in just a few clicks, either using the console or CloudFormation.

Highly Contextualized Findings

GuardDuty provides highly contextualized findings when it detects potential malware by offering metadata about the impacted S3 bucket, the specific S3 object, and malware details. GuardDuty uses continuously updated malware signature lists. Any detected malware's generated alert contains contextual information about its category, S3 bucket metadata, and other scan-related information. GuardDuty provides scalable bucket-level monitoring, automatically scaling to handle even the largest data volumes in your S3 environment.

Quarantine and Tagging Capabilities

Crucially, GuardDuty also quarantines identified malware to prevent further damage. The agentless malware scanning solution relieves you of complexity in managing, operating, and incurring overhead of underlying compute infrastructure. This allows application teams to focus on business logic while securing applications uploading untrusted data to S3 buckets.

Demo: Enabling S3 Malware Protection

Now, let's dive deep into the console with a demo.

1. Enable S3 Malware Protection:

   • Navigate to the GuardDuty service in the AWS Management Console.
   • In the settings, select the malware protection for S3 option.
   • Choose the buckets to scan, keeping in mind it's most practical to scan potentially malicious files.
   • Enable tagging for future access control and other logical actions.
   • Provide the necessary role and trust policy configuration.
   • Select 'Enable,' and GuardDuty will get to work.

2. Test with a Sample Malware File:

   • Upload a sample file from EICAR, which malware scanning engines are designed to alert on.
   • Check the GuardDuty console for findings generated on the upload.

3. Examining Findings:

   • GuardDuty provides detailed information about detected malware for further investigation and response.
   • Findings include S3 bucket name, file name, timestamp, assessment severity, and details about the threat.

4. Object Isolation Example:

   • Use EventBridge and Lambda to orchestrate object isolation based on GuardDuty tags.
   • Uploaded objects are automatically moved to the isolation bucket if they contain malware or a clean bucket otherwise.

Pricing and Cost Management

GuardDuty S3 malware scanning offers a free tier for existing accounts until June 11, 2025, and for new accounts without an end date. The free tier includes 1,000 PUT requests and 1 GB of free usage every month for the first 12 months. Once these thresholds are surpassed, charges are based on $ 0.60 per GB and $ 0.215 per 1,000 PUT requests in US East. Always check the GuardDuty pricing page for your specific regions and updates.

Unique Standalone Feature

This feature is unique because it can be used standalone and doesn't require any other GuardDuty features to be enabled, offering a highly secure solution with cost-effective, scalable pricing.

Activation Day

Want to learn more? Attend an AWS Activation Day. These free events provide hands-on, instructor-led training for those new to AWS cloud services. Reach out to your account team or email amazonguardduty@amazon.com for more information.

Thanks for watching. It's a bad day to be malware.

Keyword

• Amazon GuardDuty
• S3 Malware Protection
• Malware Detection
• Cloud Security
• Fully Managed AWS Service
• Contextualized Findings
• Simplified Setup
• Scalable Bucket-Level Monitoring
• Quarantine Capability
• EventBridge and Lambda Integration

FAQ

1. What is Amazon GuardDuty Malware Protection for S3? Amazon GuardDuty Malware Protection for S3 is a new feature that allows organizations to scan their S3 buckets to detect malware from untrusted sources, enhancing data protection in the cloud.

2. How does GuardDuty detect and handle malware? GuardDuty continuously monitors S3 objects for potential malware threats. When detected, it tags the object for downstream orchestration, such as automated quarantining, to prevent malware spread or further damage.

3. Is there any infrastructure I need to maintain for GuardDuty? No, GuardDuty is a fully managed AWS service. AWS handles all underlying resources, scaling, and updates required for malware detection and remediation.

4. How easy is it to set up GuardDuty Malware Protection for S3? The setup is straightforward and requires minimal configurations. Integration with existing S3 buckets is quick, allowing organizations to benefit from this protective layer with just a few clicks.

5. How does GuardDuty present its findings? GuardDuty provides detailed, highly contextualized findings that include metadata about the impacted S3 bucket, the specific S3 object, malware details, and assessment severity.

6. What are the pricing details for GuardDuty S3 malware scanning? There is a free tier available that includes 1,000 PUT requests and 1 GB of free usage every month for the first 12 months. After surpassing these thresholds, charges are $ 0.60 per GB and $ 0.215 per 1,000 PUT requests, with regional variances in pricing.

7. How can I learn more about using GuardDuty effectively? Attend an AWS Activation Day for hands-on, instructor-led training. These events provide interactive workshops and guided exercises to help you design, deploy, and manage applications on the AWS cloud.