Skip to main content

As technology advances, so too does the sophistication and success of cyber attacks. Millions of organisations are affected by cyber crime every year1. The impact of these security incidents is far reaching – from reputational damage and undermining of citizen or customer trust through to financial loss. The global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years2.

As attacks become smarter, organisations are left playing catch-up when it comes to protecting their infrastructure and data. At the same time, cloud technology used to underpin operations is continually advancing. Something else to keep up with.

For organisations that prioritise rapid deployment of applications and services, striking a balance between agility and security is a challenge. Enter Amazon GuardDuty and its Elastic Kubernetes Service (EKS) protection – a toolset designed to ensure that organisations can extract more value from their cloud platforms without compromising on security.

Let’s delve into how Amazon GuardDuty EKS protection can help accelerate the time to value of your cloud platform.

  1. Rapid Response

With threats becoming increasingly difficult to identify, and even more difficult to resolve, automation now plays an increasing role in threat detection and timely response. GuardDuty uses automation of continuous monitoring and threat detection to identify patterns in data faster.

Machine learning, anomaly detection, and integrated threat intelligence (through EKS audit logs or runtime activity) are used to identify malicious activity, configuration changes or potentially compromised clusters that might expose an Amazon EKS cluster to unauthorised access. This activity could be patterns that denote cryptocurrency mining or data exfiltration.

For organisations deploying applications on EKS, GuardDuty and its use of continuous monitoring means threats are detected in real time, leading to quicker reactions and the ability to minimise potential damage.

  1. Streamlined Operations

One of the distinct advantages of Amazon GuardDuty EKS protection is its seamless integration with other AWS services. This native integration streamlines security operations and enables automatic responses through services like Amazon Detective, AWS Security Hub, AWS Lambda and AWS Step Functions.

Security incidents can therefore be automatically investigated, contained or remediated. This in turn means swifter resolutions but also ensures the cloud environment remains optimised for delivery.

  1. Reduced Operational Overhead

Setting up and maintaining traditional security infrastructures can be laborious and resource-intensive – often involving repetitive manual tasks which are prone to error. With GuardDuty’s EKS protection, organisations can eliminate the overhead associated with self-managed automated threat detection solutions such as log collection, threat intelligence enrichment, rule-based and anomaly detections, agents’ deployment and maintenance.

In the Kubernetes world, the cluster audit logs provide a chronological record of events initiated by users, administrators, or system components, and can be used to answer questions surrounding the timing of a particular event. Without the need for additional configuration, GuardDuty can collect audit logs from both new and existing EKS clusters, as well as AWS CloudTrail, Amazon VPC flow logs, DNS queries, and Amazon S3 data events.

The breadth of coverage in terms of log collection isn’t the only capability that increases efficiency and reduces operational overheads. GuardDuty’s EKS Cluster Add-on for Runtime Monitoring can be used to ensure up-to-date protection without the need for manual interventions, agents or additional resource constraints. This further accelerates the operational efficiency of your platform.

  1. Increased Developer Productivity

Developers want to focus on building and deploying applications, not on constantly monitoring for security threats. With the comprehensive protection offered by GuardDuty for EKS, developers can have confidence that their applications are being developed, tested and run in a secure environment. This assurance enables them to concentrate on adding value to the business rather than diverting their attention to potential security incidents.

  1. Comprehensive Protection

EKS GuardDuty comes with 27 pre-defined findings out-of-the-box. This helps identify malicious API operations as well as suspicious user and workload behaviour patterns. These findings are flagged with an associated severity level – Low, Medium or High – when identified, to help you decide what action to take.

Organisations can use these pre-defined threat detection parameters to meet their specific security requirements as well as industry standards. This ensures that you can optimise your platform for delivery whilst maintaining a security posture tailored to your specific risk profile.

That’s not all. By using EKS GuardDuty alongside AWS Organisations, you can automate threat detection of all your EKS clusters running on multiple AWS accounts. Security findings can be aggregated into a central account to provide blanket-wide, flexible and consistent management of findings.


In today’s economic environment, accelerating the delivery of value is key so it is critical that delays due to security concerns are minimised.

Amazon GuardDuty’s EKS protection offers an automated threat detection solution that balances the need for agile adoption and cost contention with breadth of coverage and effectiveness. It provides a reliable and efficient security solution. This, coupled with its native integration with other AWS services, means it can help reduce operational overheads whilst also increasing developer productivity. It enables organisations to accelerate the delivery of value from their cloud platform whilst also providing the confidence that security isn’t compromised.

1 Cyber security breaches survey 2023

2 Cost of a Data Breach Report 2023, IBM