Uploading malicious files to S3 buckets used to be a security nightmare. But fear not, developers! AWS announced GuardDuty Malware Protection for S3 at the last Cloud Security Conference. This is another step to enhance cloud security. This tool allows developers to scan nine uploads to an S3 bucket for malware, viruses, and suspicious content, enabling immediate action to eliminate threats before further processing.
Channy Yun, senior developer advocate for AWS, explained that Amazon GuardDuty Malware Protection leverages several AWS-developed and third-party malware scanning engines, ensuring no degradation of scale latency or resiliency. This integration gives application owners more control over their organization and the S3 bucket protection.
Corey Quinn, chief cloud economist at The Duckbill Group, questioned AWS’ late adoption, noting the similarities between Airbnb and BinaryAlert. Even so, the new feature was greeted with enthusiasm, with Reddit user atccodex expressing excitement over the discontinuation of the standard solution.
GuardDuty Malware Protection supports file sizes up to 5 GB and can handle archive files with large nesting. After scanning, objects receive a GuardDutyMalwareScanStatus tag indicating their status: NO_THREATS_FOUND, THREATS_FOUND, UNSUPPORTED, ACCESS_DENIED, or FAILED. Malicious content can be cached, and findings can be accessed through the AWS Management Console.
Automatic notifications through Amazon EventBridge enable downstream workflows and bucket policy definitions to prevent further access to infected objects. While GuardDuty Malware Protection can function independently, enabling GuardDuty offers additional monitoring and integration with AWS Security Hub and Amazon Detective for deeper investigation.
Available in all GuardDuty-supported regions, the feature includes a limited Free Tier and usage-based charges thereafter. This new capability empowers organizations to fortify their cloud storage, ensuring a higher level of security for their data.
