Try our new research platform with insights from 80,000+ expert users
AWS GuardDuty Logo

AWS GuardDuty Reviews

Vendor: Amazon Web Services (AWS)
4.1 out of 5
Badge Leader
Leave a review

What is AWS GuardDuty?

Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.

Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.

GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.

Get the AWS GuardDuty Buyer's Guide and find out what your peers are saying about AWS GuardDuty, Wiz, Microsoft Defender for Cloud and more!
AWS GuardDuty is the #3 ranked solution in Cloud Workload Protection Platforms. PeerSpot users give AWS GuardDuty an average rating of 8.2 out of 10. AWS GuardDuty is most commonly compared to Wiz: AWS GuardDuty vs Wiz. AWS GuardDuty is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.
Buyer's Guide
AWS GuardDuty
August 2025
Get the report
Helped 865,985 peers since 2012

Featured AWS GuardDuty reviews

Read more reviews

AWS GuardDuty mindshare

As of August 2025, the mindshare of AWS GuardDuty in the Cloud Workload Protection Platforms (CWPP) category stands at 11.8%, down from 12.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Cloud Workload Protection Platforms (CWPP) Market Share Distribution
ProductMarket Share (%)
AWS GuardDuty11.8%
Wiz18.3%
Microsoft Defender for Cloud13.6%
Other56.3%
Cloud Workload Protection Platforms (CWPP)

PeerResearch reports based on AWS GuardDuty reviews

TypeTitleDate
CategoryCloud Workload Protection Platforms (CWPP)Aug 27, 2025Download
ProductReviews, tips, and advice from real usersAug 27, 2025Download
ComparisonAWS GuardDuty vs Microsoft Defender for CloudAug 27, 2025Download
ComparisonAWS GuardDuty vs WizAug 27, 2025Download
ComparisonAWS GuardDuty vs SentinelOne Singularity Cloud SecurityAug 27, 2025Download
Suggested products
TitleRatingMindshareRecommending
Wiz4.518.3%95%22 interviewsAdd to research
Microsoft Defender for Cloud4.013.6%94%78 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

AWS GuardDuty offers valuable features including centralized data collection, comprehensive threat detection, continuous monitoring, and alert mechanisms. Plural users benefit from seamless integration with AWS services, monitoring multiple accounts, and addressing security anomalies like unauthorized access. GuardDuty's behavior analysis, cost-effectiveness, and ML-powered protection enhance its efficacy. It covers various resources, provides timely alerts, and simplifies compliance. Its ease of use and automated responses help identify and prioritize threats efficiently without needing additional tools.
  • "AWS GuardDuty integrates seamlessly with third-party tools in our existing ecosystem, and we did not experience any challenges with integration."
  • "AWS GuardDuty is a great solution; I appreciate it because it's native for the Cloud provider, and I don't need to acquire other tools from another vendor."
  • "Overall, GuardDuty is a very easy-to-use tool, and I would recommend it even to those who are not tech-savvy."

Room for Improvement

AWS GuardDuty needs enhanced cost efficiency and improved UI features. It should offer mobile access, better analytics, and seamless integrations with more AWS services. Automation and dashboard improvements are requested. The platform would benefit from enhanced detection accuracy, threat intelligence updates, and easier note-taking. Users also desire improved technical support, better container detections, and a unified dashboard for managing multi-region environments. Integration with external monitoring tools and the ability to assign findings are also priorities.
  • "In future updates of AWS GuardDuty, I would suggest implementing better UI features."
  • "I think that some detections in container environments such as container runtime, and on services such as AWS container service, Fargate service or EKS service could be improved."
  • "GuardDuty is limited to AWS environments."

ROI

AWS GuardDuty enhances security posture through intelligent threat detection, improving trust and attracting more customers. It leads to earlier threat notification, reducing investigation time and effort. Users report better return on investment from detecting and mitigating attacks, saving significant operational costs. Satisfaction with AWS GuardDuty suggests ROI is achieved as it reduces security costs and accelerates response times, although some details remain undecided due to ongoing evaluations.

Pricing

AWS GuardDuty offers a pay-as-you-go pricing model considered competitive and flexible. Businesses appreciate its transparency and ability to scale costs based on usage. The tool is inexpensive, with charges often around $1 per GB or $1 per million requests. While pricing may increase with larger volumes, most small to medium enterprises find it manageable. Costs can be reduced by configuring regions and integrating with other AWS security services, providing a cost-effective solution without expensive setup.
  • "The tool's licensing model is pay-as-you-go."
  • "80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security."
  • "It can get very expensive. If you turn on every feature, it can turn into hundreds of thousands of dollars."

Popular Use Cases

Organizations use AWS GuardDuty primarily for threat detection, anomaly identification, and log analysis within AWS environments. They monitor for suspicious activity, compliance issues, and unauthorized access attempts. GuardDuty assists in safeguarding cloud infrastructure and applications by providing insights into potential risks, categorizing threats, and alerting security teams. Its integration with other AWS services enhances security measures across computing environments, detecting compromised instances, monitoring for policy misconfigurations, and preventing attacks through continuous surveillance and protection.

Service and Support

AWS GuardDuty customer service is effective and responsive. Support is available through chat, phone, and web, ensuring quick resolution of issues. While response time can vary, most users find the service prompt, often within 15-45 minutes. Feedback highlights the support team's ability to address concerns quickly, with some needing improvements in consistency. Documentation and resources are clear, aiding setup and configuration. Many users rate their experiences positively, noting the support's readiness to assist.

Deployment

Users found AWS GuardDuty's initial setup to be largely simple and straightforward, often completed with a single click or a few steps within the AWS cloud account. While basic deployment was quick, typically taking minutes or a few hours, some users encountered complexity when integrating with other systems, especially with distinct requirements or infrastructures. Setting up GuardDuty across multiple accounts or using infrastructure as code posed additional challenges for some organizations.

Scalability

AWS GuardDuty's scalability is praised for its adaptability to dynamic cloud environments. It effectively handles increased data volumes and network traffic changes. Users find it reliable for small and large organizations alike, enabling seamless integration and management across multiple accounts. Some challenges arise with infrastructure as code, but user addition remains straightforward. Ratings typically range from eight to ten out of ten, reflecting GuardDuty's ability to meet diverse scaling demands without infrastructure concerns.

Stability

AWS GuardDuty is consistently described as highly reliable and stable. Users report no significant outages or downtime, with responsive support and minimal performance issues. GuardDuty's delegation feature allows efficient management across multiple accounts. It is praised for machine learning capabilities and advanced computing power. Stability ratings frequently range from eight to ten, with users highlighting its dependability and quick analytics. Though minor issues like false positives occur, users find the performance satisfactory.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our AWS GuardDuty Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business8
Midsize Enterprise4
Large Enterprise12
By reviewers
By visitors reading reviews
Company SizeCount
Small Business318
Midsize Enterprise217
Large Enterprise990
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
8%
Government
6%
Retailer
6%
Insurance Company
5%
Comms Service Provider
4%
Healthcare Company
4%
Energy/Utilities Company
4%
University
3%
Media Company
3%
Educational Organization
3%
Construction Company
2%
Legal Firm
2%
Transportation Company
2%
Outsourcing Company
2%
Real Estate/Law Firm
2%
Non Profit
2%
Recreational Facilities/Services Company
1%
Hospitality Company
1%
Consumer Goods Company
1%
Performing Arts
1%
Wholesaler/Distributor
1%
Pharma/Biotech Company
1%
Aerospace/Defense Firm
1%
Recruiting/Hr Firm
1%
Sports Company
1%
Marketing Services Firm
1%

Compare AWS GuardDuty with alternative products

Go!

Learn more about AWS GuardDuty

GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.

Users can access GuardDuty via:

  • AWS SDKs: Amazon provides users with several software development kits (SDKs) that are made up of libraries and sample code of numerous popular programming languages and platforms, such as Android, iOS, Java, .Net, Python, and Ruby. The SDKs make it easier to develop programmatic access to GuardDuty.

  • GuardDuty HTTPS API: This allows users to issue HTTPS requests directly to the service.

  • GuardDuty Console: This is a browser-based intuitive dashboard interface where users can access and use GuardDuty.

Amazon Elastic Kubernetes Service (Amazon EKS)

Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).

When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.

Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.

As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.

Amazon Simple Cloud Storage (S3) Protection

Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.

Reviews from Real Users

The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services

AWS GuardDuty customers

autodesk, mapbox, fico, webroot

Related questions

  • 19
What tools provide the best container environment security?
  • 8
When evaluating Cloud Workload Security, what aspect do you think is the most important to look for?
  • 12
Can we customize the dashboard in Threat Stack Cloud Security Platform? Any recommendations for an alternative solution supporting dashboards?
  • 7
What are the best cloud workload security software solutions?
  • 5
Why use cloud workload security software?
  • 26
Why are Cloud Workload Protection Platforms (CWPP) important for companies?
  • 4
Why is CWPP (Cloud Workload Protection Platforms) important for companies?

Product Categories

Product Categories
Cloud Workload Protection Platforms (CWPP)

Popular Comparisons

Popular Comparisons
Wiz vs AWS GuardDuty Logo
Wiz vs AWS GuardDuty
Microsoft Defender for Cloud vs AWS GuardDuty Logo
Microsoft Defender for Cloud vs AWS GuardDuty
SentinelOne Singularity Cloud Security vs AWS GuardDuty Logo
SentinelOne Singularity Cloud Security vs AWS GuardDuty
CrowdStrike Falcon Cloud Security vs AWS GuardDuty Logo
CrowdStrike Falcon Cloud Security vs AWS GuardDuty
Illumio vs AWS GuardDuty Logo
Illumio vs AWS GuardDuty
Akamai Guardicore Segmentation vs AWS GuardDuty Logo
Akamai Guardicore Segmentation vs AWS GuardDuty
Orca Security vs AWS GuardDuty Logo
Orca Security vs AWS GuardDuty
Aqua Cloud Security Platform vs AWS GuardDuty Logo
Aqua Cloud Security Platform vs AWS GuardDuty
Check Point CloudGuard CNAPP vs AWS GuardDuty Logo
Check Point CloudGuard CNAPP vs AWS GuardDuty
Cisco Secure Workload vs AWS GuardDuty Logo
Cisco Secure Workload vs AWS GuardDuty
Lacework FortiCNAPP vs AWS GuardDuty Logo
Lacework FortiCNAPP vs AWS GuardDuty
Trend Vision One - Cloud Security vs AWS GuardDuty Logo
Trend Vision One - Cloud Security vs AWS GuardDuty
SUSE NeuVector vs AWS GuardDuty Logo
SUSE NeuVector vs AWS GuardDuty
Tenable Cloud Security vs AWS GuardDuty Logo
Tenable Cloud Security vs AWS GuardDuty
Qualys TotalCloud vs AWS GuardDuty Logo
Qualys TotalCloud vs AWS GuardDuty
See all alternatives
 
AWS GuardDuty Reviews Summary
Author infoRatingReview Summary
Senior Security Analyst (AppSec) at ELETROBRAS4.5I've extensively used AWS GuardDuty to detect threats and unauthorized access in my environment and appreciate its integration with the AWS ecosystem. While it's effective, I think container environment detections could be improved for services like Fargate and EKS.
AWS Cloud Engineer at Standard Telephones and Cables4.5I mainly use AWS GuardDuty to detect compromised EC2 instances and monitor threats in S3 buckets and Lambda functions. Its ease of use and cost-effectiveness are valuable, but improvements are needed for multi-region management and more detailed investigations.
DevOps Engineer at a consultancy with 10,001+ employees4.0I use AWS GuardDuty with AWS Security for detecting threats like brute force attacks and unauthorized SSH attempts. It's valued for its threat detection integration, though I wish it integrated with more AWS services. AWS's notifications improve response times significantly.
Security and Compliance Architect at a manufacturing company with 1,001-5,000 employees4.5I use AWS GuardDuty for effective threat detection and monitoring of AWS accounts, containers, and Amazon S3 buckets. It needs updates to handle evolving threats, but it significantly improves incident prevention, offering early notifications and valuable ROI.
Vice President at a financial services firm with 10,001+ employees4.0I use AWS GuardDuty to detect threats, valuing its S3 and malware protection features. However, improvements are needed in support response time and detection accuracy. Despite some challenges, our investment in GuardDuty appears to deliver satisfactory results.
Solutions architect at University of Helsinki5.0AWS GuardDuty serves as a basic threat detection tool within AWS's vast portfolio. While not my primary focus, it's a good starting point for endpoint protection. For larger scale needs, I would consider AWS Shield or third-party solutions.
Cloud System Specialist at a financial services firm with 51-200 employees4.0I find AWS GuardDuty valuable for its machine learning-based intrusion detection, which effectively alerts our security team about potential brute-force attacks. I would appreciate adding IPS features in future releases. It provides a good ROI through effective attack detection.
Cloud Engineer at Epsilon4.0I use AWS GuardDuty to continuously monitor AWS accounts and enhance security through intelligent threat detection and integration with other AWS services. Its machine learning capabilities are valuable, though the high cost needs improvement. Overall, it's crucial for detecting threats.