Securing Your Amazon S3 Buckets with Amazon GuardDuty Malware Protection

Introduction

Amazon S3 is a go-to cloud storage solution for many, but it’s crucial to keep it secure from threats like malware. Amazon GuardDuty, a powerful threat detection service, now offers Malware Protection for S3, which automatically scans your S3 buckets for malicious files. This feature helps ensure your data stays safe without much manual effort.

What is Amazon GuardDuty Malware Protection for S3?

Amazon GuardDuty Malware Protection for S3 scans objects in your S3 buckets for malware whenever suspicious activity is detected. This could include unusual access patterns or changes in bucket permissions. When a potential threat is found, Amazon GuardDuty alerts you so you can take action to prevent any damage.

Key Benefits

• Automatic Scanning: Amazon GuardDuty continuously monitors and scans S3 buckets for malware, reducing the need for manual checks.
• Cost-Effective: You only pay for the data that’s scanned, making it an affordable security measure.
• Easy Integration: Works seamlessly with other AWS security tools like AWS Security Hub for centralized threat management.

Steps to Enable Amazon GuardDuty Malware Protection for S3

• Enable GuardDuty: Start by enabling GuardDuty in your AWS account. For this in AWS Management console open the GuardDuty service page and select the option ‘GuardDuty Malware Protection for S3 only’ and click ‘Get Started’, as shown below. (If GuardDuty is already enabled for this region, then skip this step and move on to next step).

• Activate Malware Protection: In the GuardDuty console, enable Malware Protection for your chosen S3 buckets.

• Now select the S3 Bucket to be protected against malware as shown below.

• Create a role using the policies visible through ‘View Permissions’ button (as shown below) and once the role is created select the same IAM role.

• Now click ‘Enable’ Then It will the protected bucket is listed as shown below in GuardDuty S3 Malware Protection option.

• Monitor Alerts: GuardDuty will begin scanning your buckets and alert you to any detected malware, helping you quickly respond to threats. The uploaded objects in which malware is detected are tagged as ‘THREATS_FOUND’ and the uploaded objects which are clean are tagged as ‘NO_THREATS_FOUND’.

Testing and Results

I have intentionally uploaded two objects: a clean file named ‘FileWithoutMalware.txt’ and one containing malware named ‘FileWithMalware.txt’. Once these files are uploaded to S3, GuardDuty will tag them as either ‘THREATS_FOUND’ or ‘NO_THREATS_FOUND’. By checking the tags of the newly uploaded objects, I can determine which file contains malware and which does not. Below are the results for the two objects I uploaded to the protected S3 bucket. If GuardDuty all features are enabled in this region, you will also see the findings generated in the GuardDuty findings window.

If you are looking for automated remediation actions to be taken on the objects with malware, refer to the AWS blog reference link provided at end of this blog.

Conclusion

Amazon GuardDuty Malware Protection for S3 provides an extra layer of security for your cloud storage. By automatically detecting and alerting you to malware, it helps keep your data safe with minimal effort. Implementing this feature is a smart step in maintaining a secure cloud environment.

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner,  AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner and many more.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.