Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS
AWS News Blog
This article announces expanded Extended Threat Detection capabilities in Amazon GuardDuty for EC2 instances and ECS tasks, enabling detection of multistage attack sequences across virtual machine and container environments.
- New attack sequence findings detect coordinated activity across EC2 instance groups and ECS clusters
- Combines runtime activity, malware detections, VPC Flow Logs, DNS queries, and CloudTrail events
- Uses AI and machine learning to link related security signals into unified findings
- Analyzes shared attributes like Auto Scaling groups, AMIs, and IAM instance profiles
- Provides incident summaries, event timelines, MITRE ATT&CK mappings, and remediation guidance
- Critical-severity sequences highlighted in GuardDuty console and AWS Security Hub
- Available in all AWS regions where GuardDuty is offered
GuardDuty Extended Threat Detection now provides unified visibility into multistage attacks across EC2 and ECS workloads, helping security teams prioritize response actions with consolidated, high-fidelity findings.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2025
2024
2025
2025
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.