Hunting malware with Amazon GuardDuty and Sysdig

Amazon has introduced GuardDuty Malware Protection, a new service designed to identify and manage malware threats across AWS environments by scanning EC2 workloads without requiring agent deployment. This service, announced at AWS Re:inforce, allows cloud security teams to detect and respond to potential malware threats while minimizing operational overhead. It integrates with third-party solutions like Sysdig Secure, which can utilize GuardDuty's findings to enhance security workflows through Amazon EventBridge. Sysdig Secure uses Falco, an open-source threat detection engine, to correlate malware findings with other suspicious activities, offering insights into the impact and presence of malware. This integration allows for automated response actions, such as stopping infected containers, and supports forensics capabilities, including capturing system call activity data. By combining AWS's agentless malware detection with Sysdig's real-time security insights, organizations can better protect their cloud infrastructure from evolving malware threats.