Anti-Malware / EDR / Runtime Protection

Who needs to implement the Anti-Malware / EDR / Runtime Protection

According to the shared responsibility model , if you use an encapsulated / managed service such as Amazon Relational Database Service or an Abstract / serverless service such as Amazon S3 where the customer doesn’t have access to the operating system, as it’s managed by AWS, you don’t need to worry about the the Anti-malware (which is implemented as it’s required by PCI-DSS certification); It is managed, updated, and monitored by AWS.

If you chose infrastructure services such as Amazon EC2 , then you are responsible for the operating system Hardening, applying the patches of both the operating system and the applications that are there, and for implementing an anti-malware / EDR (Endpoint Detection and Response) / Runtime protection.

It is recommended for every instance to have an anti-malware / EDR solution / Runtime protection to provide the ability to detect and stop attacks like ransomware , troyans and worms

There are numerous solutions from our partners such as Crowdstrike , McAfee or Trend Micro in the AWS Marketplace

Risk Mitigation

  • Malware can remotely control your instances, encrypt your data or be used to launch additional attacks on your infrastructure.

Guidance for assessments

  • Do you have Anti-Malware / EDR / Runtime Protection ?
  • What is the coverage that you have ? What percentage of your instances are protected ?
  • Are all the OS used in your organization covered by the program ? or only Windows ?