Our Blog

Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS

Published
December 2, 2025
https://aws.amazon.com/about-aws/whats-new/2025/12/guardduty-extended-threat-detection-ec2-ecs/

Amazon GuardDuty Extended Threat Detection Enhancements

AWS has enhanced Amazon GuardDuty Extended Threat Detection to detect multistage attacks targeting Amazon EC2 instances and Amazon ECS clusters running on AWS Fargate or Amazon EC2. This feature uses AI and machine learning to correlate security signals and detect critical threats.

New critical-severity findings include:

  • AttackSequence:EC2/CompromisedInstanceGroup
  • AttackSequence:ECS/CompromisedCluster

These findings provide attack sequence information, allowing for quicker threat response. GuardDuty analyzes multiple security signals to detect sophisticated attack patterns.

What to do

  • Enable Runtime Monitoring for EC2 to improve attack sequence coverage.
  • Enable Runtime Monitoring for Fargate or EC2 to detect compromised ECS clusters.
  • Start with a 30-day free trial for new GuardDuty customers.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/amazon-quick-sight-expands-dashboard-theme-customization

Amazon Quick Sight expands Dashboard Theme Customization

Amazon Quick Sight now supports comprehensive theming capabilities that enable organizations to maintain consistent brand identity across their analytics dashboards
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/aws-payment-cryptography-available-montreal-south-africa

AWS Payment Cryptography is now available in Canada(Montreal), Africa (Cape Town) and Europe (London)

AWS Payment Cryptography has expanded its global presence with availability in three new regions - Canada(Montreal), Africa (Cape Town) and Europe (London)
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-ec2-i7ie-instances-available-in-aws-sao-paulo/

Amazon EC2 I7ie instances now available in AWS South America (São Paulo)

AWS is announcing Amazon EC2 I7ie instances are now available in AWS South America (São Paulo) region
Read more
View all