Prisma Cloud Supports Amazon GuardDuty Malware Protection

Jul 26, 2022
3 minutes
... views

Prisma Cloud expands its existing Amazon GuardDuty integration to include malware findings from GuardDuty Malware Protection.

Malware is one of the top five cloud-native risks identified by Prisma Cloud research. Now, together with AWS, Prisma Cloud by Palo Alto Networks is excited to announce we will extend our Amazon GuardDuty support by integrating with the new GuardDuty Malware Protection findings to provide customers with enhanced visibility and context for detected malware threats.

This new Prisma Cloud integration expands our existing GuardDuty integration to allow customers to view and respond to malware findings alongside other security and compliance data Prisma Cloud already collects.

"AWS has enhanced their Amazon GuardDuty service to include malware detection, and Palo Alto Networks will be supporting this new security innovation with a seamless Prisma Cloud integration for simplified cloud security,” said Steven Cacciaroni, Director of Business Development for Palo Alto Networks. “With our expanded ingestion of AWS contextualized security findings from the new Amazon GuardDuty Malware Protection feature, our customers can continue to achieve the best possible security outcomes on AWS."


Prisma Cloud Ingests Malware Scans from Amazon GuardDuty Malware Protection for Better Cloud Security

With Prisma Cloud and expanded GuardDuty ingestion for malware findings, our customers can improve visibility and detection of malicious software (Trojans, worms, cryptominers, rootkits, bots, and more) that may be used by attackers to compromise AWS workloads or containers.

Prisma Cloud ingests event-driven Amazon GuardDuty Malware Protection security data through EventBridge to the Prisma Cloud Console
Prisma Cloud ingests event-driven Amazon GuardDuty Malware Protection security data through EventBridge to the Prisma Cloud Console

When malware protection is enabled for GuardDuty, suspicious activity on a workload or container will initiate automated malware scans of the attached Amazon EC2 Elastic Block Store (EBS). Detected malware generates an additional context-rich finding that will be ingested by Prisma Cloud as an alert in near real time. Prisma Cloud may then leverage this expanded malware threat visibility and context from Amazon GuardDuty and initiate the appropriate response action, like additional threat analysis or automated Lambda remediation. Further, customers can use our Prisma Cloud RQL tool to set up customized alerting policies for detected malware.

Amazon GuardDuty Malware Protection is Better Together with Prisma Cloud

Prisma Cloud by Palo Alto Networks, together with Amazon GuardDuty Malware Protection, helps to protect against malware in the cloud with this additional integration in Q4 2022.

Now our customers can better respond to potential sources of suspicious behavior caused by malicious software and reduce unnecessary complexity when monitoring and protecting AWS accounts and workloads.

Choose Prisma Cloud as your simplified single platform that aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, AWS Security Hub, and more.

Start using Prisma Cloud and AWS together today by visiting Prisma Cloud in the AWS Marketplace. And learn more by visiting our Prisma Cloud AWS environment page.



Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.