IT Central Station is now PeerSpot: Here's why

Amazon GuardDuty OverviewUNIXBusinessApplication

Amazon GuardDuty is #13 ranked solution in Cloud Workload Security Solutions. PeerSpot users give Amazon GuardDuty an average rating of 10 out of 10. Amazon GuardDuty is most commonly compared to Microsoft Defender for Cloud: Amazon GuardDuty vs Microsoft Defender for Cloud. Amazon GuardDuty is popular among the large enterprise segment, accounting for 71% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
Buyer's Guide

Download the Cloud Workload Security Buyer's Guide including reviews and more. Updated: June 2022

What is Amazon GuardDuty?

Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.

Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.

GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.

GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.

Users can access GuardDuty via:

  • AWS SDKs: Amazon provides users with several software development kits (SDKs) that are made up of libraries and sample code of numerous popular programming languages and platforms, such as Android, iOS, Java, .Net, Python, and Ruby. The SDKs make it easier to develop programmatic access to GuardDuty.

  • GuardDuty HTTPS API: This allows users to issue HTTPS requests directly to the service.

  • GuardDuty Console: This is a browser-based intuitive dashboard interface where users can access and use GuardDuty.

Amazon Elastic Kubernetes Service (Amazon EKS)

Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).

When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.

Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.

As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.

Amazon Simple Cloud Storage (S3) Protection

Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.

Reviews from Real Users

The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services

Amazon GuardDuty Customers

autodesk, mapbox, fico, webroot

Amazon GuardDuty Video

Amazon GuardDuty Pricing Advice

What users are saying about Amazon GuardDuty pricing:
"We use a pay-as-you-use license, which is competitively priced in the market."

Amazon GuardDuty Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Arunkumar Anbazhagan - PeerSpot reviewer
Information Security Manager at Tata Consultancy Services
Real User
Top 10
Highly stable and scalable solution that streamlines data collection
Pros and Cons
  • "The most valuable features are the single system for data collection and the alert mechanisms."
  • "An improvement would be to have a mobile version where remote workers can log in and monitor and fix issues."

What is our primary use case?

I mainly use GuardDuty to check user responses, collect logs, and collect data on who logs in and out and their permission and authorization. 

How has it helped my organization?

Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.

What is most valuable?

The most valuable features are the single system for data collection and the alert mechanisms.

What needs improvement?

An improvement would be to have a mobile version where remote workers can log in and monitor and fix issues. In the next release, I'd like Amazon to add a pane to visualize all seven layers of security.
Buyer's Guide
Cloud Workload Security
June 2022
Find out what your peers are saying about Amazon, Microsoft, Palo Alto Networks and others in Cloud Workload Security. Updated: June 2022.
610,229 professionals have used our research since 2012.

For how long have I used the solution?

I've been using GuardDuty for two to three years.

What do I think about the stability of the solution?

GuardDuty's stability is really good - we never see outages or falls in networking or BPC connections.

What do I think about the scalability of the solution?

GuardDuty is really scalable, which is helping us to upscale our environment to the cloud. I really appreciate the scalability measures that Amazon is providing to all its customers.

How are customer service and support?

We've had enormous support from the Amazon support team.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, I used GCT.

How was the initial setup?

GuardDuty is set up through a one-touch system, so the process was simple.

What about the implementation team?

We used the AWS team to do our workload, publishing, and so on, so it took about a quarter of the time it would have otherwise.

What's my experience with pricing, setup cost, and licensing?

We use a pay-as-you-use license, which is competitively priced in the market.

What other advice do I have?

I'd rate GuardDuty as nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Cloud Workload Security Report and find out what your peers are saying about Amazon, Microsoft, Palo Alto Networks, and more!
Updated: June 2022
Product Categories
Cloud Workload Security
Buyer's Guide
Download our free Cloud Workload Security Report and find out what your peers are saying about Amazon, Microsoft, Palo Alto Networks, and more!