A company operates multiple workloads on Amazon EC2 instances within public subnets. During a recent incident, an attacker exploited a vulnerability in an application on one of the EC2 instances, gaining access to it. The company resolved the application issue and deployed a new EC2 instance with the updated application.

The attacker utilized the compromised application to distribute malware across the internet. The company was alerted to the compromise via a notification from AWS. The company now requires a solution to detect when an application running on an EC2 instance is distributing malware, with minimal operational effort.

Which solution best meets this requirement with the LEAST operational overhead?