CASE 39 · GRANITE · 2025
Malware caught at the volume, not at the customer.
A manufacturing tech company had a customer-uploaded file scanning gap — uploads landed in S3 and were processed by EKS pods without antivirus inspection. After a near-miss with an infected upload, we deployed GuardDuty Malware Protection for both EBS and EKS, with an automated quarantine flow.
Manufacturing tech
SECURITY
2025
RESULTS
What changed, by the numbers.
SCAN COVERAGE
100%
SCAN TIME
< 30s
INFECTIONS QUARANTINED
11
CUSTOMER IMPACT
0
HOW IT WENT
The near-miss was the wake-up call. A customer had uploaded an infected file; the EKS processor had pulled it, decompressed it, and started parsing it. The malware was a known-bad-but-not-active strain, but the team did not know that until after the file had been on the cluster for two hours.
We deployed GuardDuty Malware Protection for S3 (scanning on object upload) and for EKS (scanning running pods’ filesystems). Findings routed to EventBridge: critical findings triggered an immediate Lambda quarantine — move object to lock-bucket, kill the pod, notify the customer success rep.
In the first 60 days the system quarantined 11 files. All were legitimate customer uploads from compromised customer machines. The scan latency p95 is under 30 seconds; legitimate traffic doesn’t notice.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.