Today Amazon Web Services (AWS) launched the new Amazon GuardDuty Malware Protection service, delivering agentless detection of malware on AWS workloads.

As a global leader in next-generation cybersecurity, we’re excited to integrate these advancements into our newly announced Cloud Native Security offering to help automate, simplify, and enhance the detection and response to the Amazon GuardDuty Malware Protection findings. 

What is Amazon GuardDuty Malware Protection?

Amazon GuardDuty Malware Protection helps detect malicious files on Amazon EC2 instances and container workloads without requiring the use of security software or agents.  Suspicious GuardDuty findings initiate GuardDuty Malware Protection scans of volume snapshots of Amazon EBS volumes attached to your Amazon EC2 instance and container workloads. 

It offers the following benefits: 

• Protect all AWS workloads from malware with a single click: enable the GuardDuty Malware Protection feature in the GuardDuty console across all workloads
• Scale and simplify operations by removing requirements for malware scanning software and agents
• Receive more accurate and actionable information for detecting files containing malware

Add critical full-estate context with the new Sophos Cloud Native Security offering

While Amazon GuardDuty Malware Protection is a great way to add additional AWS security protection, it, and GuardDuty in general, can only tell a company’s security team part of an overall story.

Our new Cloud Native Security offering, which combines Intercept X for Server with XDR and Cloud Optix, integrates Amazon GuardDuty findings into a full organizational security posture view through the Sophos Central management console. 

Sophos Central provides a clear, prioritized view of threats across your entire enterprise attack surface. Amazon GuardDuty alerts are seamlessly integrated into this single view, as well as layering in information from numerous other AWS security services, such as Amazon Inspector, AWS CloudTrail and AWS Security Hub, IAM role anomaly detection, and workload protection agent visibility. 

“Ease of integration with our partner and customer’s systems is the true test of great security,” said Scott Barlow, Sophos vice president of global MSP and cloud alliances. “That’s why we’ve engineered Sophos Cloud Native Security to integrate with Amazon Simple Notification Service, security information and event management (SIEM) solutions, widely used collaboration services, and more. Two-way integration with ticketing tools allows your teams to easily embed cloud security and compliance response into standard workflows by creating tickets from inside the Cloud Optix console for new incidents, including Amazon GuardDuty.” 

“We know how critical contextual data is when investigating and confidently responding to cloud security threat incidents,” added Barlow. 

Sophos enhances and extends Amazon GuardDuty capabilities

While full-estate context is critical to understanding an attack, added capabilities through Sophos makes IT security pros jobs easier and helps them sleep better at night.

For example, the Cloud Native Security feature Activity Insights enhances GuardDuty alert notification services by using AI to build out a timeline of events and assign a confidence score, saving security pros invaluable incident triage time. 

Sophos Cloud Native Security will also soon be able to (currently in pre-release) scan files going into or leaving S3 (Amazon Simple Storage Service) for malware, as well as optionally scanning static files, enabling scans of both types of AWS’ primary storage services. 

Sophos Cloud Native Security also provides telemetry from Sophos workload protection agents to add further context to threats identified by Amazon GuardDuty. Security pros can then act confidently to mitigate a threat, reducing incident mean time to resolve (MTTR). 

Enable Sophos 24/7 threat protection, monitoring, and response on AWS

“As an AWS Level 1 Managed Security Service Partner, we know that a proactive defense requires 24/7 monitoring and response, but for a lot of IT teams, large and small, it’s not realistic to keep a team monitoring security around the clock,” added Barlow. 

Available in AWS Marketplace, the Sophos Threat Protection, Monitoring and Response for AWS package combines cloud security posture management and compliance, firewall, cloud workload and endpoint protection, a number of AWS services, and the Sophos Managed Threat Response service to continuously monitor AWS environments, and analyze and triage security events.

This support helps companies increase the efficiency of their security programs and internal teams, pre-emptively advising on recommended next steps and acting on their behalf, if desired. 

Learn more or speak with an expert to dive deeper on a specific topic at sophos.com/aws-mssp.