AWS GuardDuty Reviews

We are only using it for a client's requirements; we are simply building it and selling it to the client.

Amazon GuardDuty is used on private infrastructure for our clients. The application is not publicly accessible; it is hosted internally.

GuardDuty has been used to set the CloudWatch alarms. Assume that both scans are detected, or something similar, we have just enabled CloudWatch alarms for those use cases so that any such use case is detected. The alert will be triggered, and we have configured and integrated Amazon GuardDuty with all of the other seven accounts to have the central HPU.

The correlation back end is the solution's most valuable feature. Like in the backend, it is collecting all the data, which I think is pretty interesting, and coordinating everything, which is another good thing.

While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved.

For example, suppose you want to know when an alert is sent to your mailbox. The information is in JSON format. It would be helpful if that could be sent to the mailbox in a human-readable format.

I believe it can be improved in a variety of ways. If we can build our own use cases instead of using Microsoft Sentinel alone, that would be ideal.

I have been using Amazon GuardDuty for two to three years.

I have used it for the last 12 months.

Amazon GuardDuty is a stable product.

Amazon GuardDuty is scalable.

We have not had any issues that required us to contact the GuardDuty AWS vendor. It's straightforward and effective.

The initial setup is straightforward. We simply click on the app, and that's it.

The deployment can be done in a few minutes. We don't have to spend a lot of time there. It will take some time, to integrate everything one by one, which is why we did it manually, otherwise everything else was straightforward.

Pricing is determined by the number of events sent. It's fine, and it's not a problem from our perspective.

My recommendation is to go for the master setup that will be beneficial to you.

There are some limitations where we cannot modify use cases to meet our needs; we must do additional work, such as setting up CloudWatch alarms and SNS, and things are not patched. There are some restrictions. I'll just suggest that you have some skilled resources with patching knowledge.

It's good, I would rate Amazon GuardDuty a seven out of ten.

We primarily used Amazon GuardDuty for threat detection because we have AWS accounts we wanted to monitor and we wanted a solution that could detect any kind of threat. We ended up leveraging the native tool of AWS which was Amazon GuardDuty, and we used it for monitoring our AWS accounts. It was used for looking for any kind of malicious activity, and any workloads that might have any malicious activity, and it was also used for reporting purposes. Amazon GuardDuty helped in our whole security incident response process. We were analyzing logs with it, for example, the event logs. We were reviewing any kind of potential risks that we might face and would need to accordingly take action on, through Amazon GuardDuty.

What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away.

Some of the pain points in Amazon GuardDuty was the cost. When compared to some of the other services, depending on how many we had to monitor, if we had a huge range of accounts, as our accounts increased, we had a cost factor that came into play.

Sometimes there were issues, for example, with findings that came up, we wanted to add notes and there were issues back then where notes couldn't be entered properly. If we wanted to leave a note such as "Okay, we have assessed this and this is how we feel", or "This is a false positive", Amazon GuardDuty wasn't allowing us to do that. Even with the suppression of certain findings, there was some issue that we had faced at one time.

Those were some of the pain points of the solution.

I have four and a half years of experience with Amazon GuardDuty.

Amazon GuardDuty was fairly stable. Except for those few pain points, it was fairly stable because we were constantly checking for things that would come up and what it would flag, even when we had to reach out to Amazon support for certain things, they were fairly responsive. There wasn't any outage or any significant downtime while we were using Amazon GuardDuty. There might have been just a little bit of performance degradation, but it wasn't a complete "black hole".

Amazon GuardDuty is a scalable product. It manages to scale accounts. I don't recall the exact number of accounts, but my company definitely had way more accounts. Over time, Amazon GuardDuty matured as a product. In the beginning, it wasn't as scalable as you would expect, but over time, the way the product was improved, it was able to meet kind of any kind of scaling demands. The environment in my company was also growing and had more accounts getting added to it, so my company needed Amazon GuardDuty to accommodate everything, and in my experience, I have not faced any issues, even when I had a much larger coverage done. The product is designed to meet decent scaling demands, at least.

The technical support for Amazon GuardDuty was pretty responsive. Compared to many other vendors that I've used, AWS support, in terms of the SLA, has been fairly good about getting back on that. AWS claims to provide 24/7 access to customer service, so typically, whenever I've reached out, I've received a response fairly quickly. The support team acknowledges the request and will act on it. I've never had any trouble. I hardly remember ever escalating to the customer support manager, some specific, or some general support issue. There was rarely a case where an escalation had to happen, and for the most part, it was working out.

The initial setup for Amazon GuardDuty was straightforward. I don't remember it being complex at all. One had to sign in to the AWS Management Console, for example, my company had this audit account I would sign into, then I would navigate into the Amazon GuardDuty console, then I would just choose the account that I wanted to be added to as part of that, and then it will be managed and monitored by the Amazon GuardDuty admin account. I remember it being fairly straightforward. The setup wasn't difficult.

In terms of ROI from Amazon GuardDuty, we're getting threat detection or intelligent threat detection, and that's the key thing. As we are in a security environment, our customers are also demanding for better security posture. We can't put ROI quantitatively into words, but qualitatively, the ROI from Amazon GuardDuty goes towards improving our overall security posture. There's ROI from the solution because it would translate into the improvement in security posture which then translates into the trust we gain from our customers, so more customers would be interested and potentially get services or solutions from us, resulting in a win-win situation.

In terms of the costs associated with Amazon GuardDuty, it was $1 per GB from what I recall. Pricing was based on per gigabyte. For example, for the first five hundred gigabytes per month, it'll be $1 per GB, so it'll be $500. If your usage was greater, there's another bracket, for example, the next two thousand GB, then there's an add-on cost of 50 cents per GB. That's how Amazon GuardDuty pricing slowly goes up. I can't remember if there was any kind of additional cost apart from standard licensing for the solution. Nothing else that at least comes to mind.

What the service was charging was worth it. That was one good thing when using Amazon GuardDuty because my company could be in a certain tier for a certain period. My company wasn't under a licensing model where it could overestimate its usage and under-utilize its usage and pay much more. This was what made the pricing model for Amazon GuardDuty better.

I'm working with different solutions, and right now, I'm dealing with software composition analysis solutions, static application security testing tools, and even dynamic application security testing tools. I'm also working with API security or cloud security solutions. There's a range of tools I'm working with, including Amazon GuardDuty.

Ten to fifteen people use Amazon GuardDuty in my company. It's not a huge number of people, but there's a given number of people with access to the solution, who'll be able to go in and check. The users are mostly system administrators who can take action. My company goes by role-based access control in the environment, using the principle of least privilege in every case. It's to make sure whoever is given access is based on what he or she does, and based on user responsibilities. Access to Amazon GuardDuty is limited to a small group of people, or just certain users, specifically, people you'll reach out to if something happens, such as system administrators, IT administrators, and security administrators.

My advice to others looking into implementing Amazon GuardDuty is to try to add coverage over all your AWS accounts. I would recommend the solution for every AWS account that anyone owns or uses. It's best to get all your accounts centralized and added under the coverage of Amazon GuardDuty because you want to protect those accounts, check for any malicious activity, and add those accounts to continuous monitoring. Never skip out on anything. The solution also gives you one place where you can go in and find out how many AWS accounts you have, what kind of accounts you have, and whether you want to shut down accounts that are no longer in use. There's a lot of security that Amazon GuardDuty can provide, and it also helps in maintaining security hygiene.

I would rate Amazon GuardDuty eight out of ten because I did not face that many issues while using it, and if someone is leveraging AWS, then Amazon GuardDuty is one of the first solutions they should use.

My company has a partnership with AWS as it has a cloud offering that's based on AWS, though it's not a reseller of Amazon products.

We use the tool for threat detection. AWS includes AI features as well. AWS GuardDuty gives us reports. 

AWS GuardDuty needs to be more customer-oriented. 

I have been working with the tool for three years. 

The tool is stable. 

AWS GuardDuty is scalable. We used the tool bi-weekly. 

I have not contacted customer support yet. 

The tool's setup is easy. You don't need any additional learning or resources to do it. You just need to enable AWS GuardDuty. The tool's deployment got completed in two to three minutes. 

The tool has no subscription charges. 

AWS GuardDuty is automated and gives alerts whenever there is an intrusion. AWS has a SMS service and you can get notifications through it if you subscribe. We have not encountered any performance issues. I would rate the tool a nine out of ten. 

Amazon GuardDuty is an AWS Managed Service. The product finds information related to potential security risks and detects our environment related findings. It is a service that helps administrators find anomalies in their environment, rectify those issues and make the environment more secure and safe.

For example, consider some S3 buckets; we have X server access login disabled and certain configurations which are recommended that we are not following that are certain IAM user regulates such as monitoring from the background. Amazon GuardDuty will give us anomaly data for that particular IAM user, advising that certain activity was suspicious.

In our environment, the most valuable feature is discovering the anomalous sign users because we have configured single sign-on in our environment, but there are some IAM users. Since our environment is cloud-based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing. Finding anything suspicious with AWS recommendations is helpful.

Amazon GuardDuty is limited to certain services. The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA. By being integrated with these services, it would be handy for users and save time.

I have been using Amazon GuardDuty for six months.

Amazon GuardDuty is service based not user-based. I can have a number of users in my system because the user management is turning the different services in AWS AIM direct access management.

We have four users of the solution. It is used by system administrators, cloud administrators, and architects. 

Amazon GuardDuty is an extra security measure. We have other security measures also implemented in our environment, such as our on-premise environment and network related securities. 

The initial setup of Amazon GuardDuty is fairly easy without much complexity.

Licensing of GuardDuty is part of the AWS license. The pricing model is pay as you go and is based on the number of events per month. When you first look at the price it seems reasonable but if you look at it holistically the cost can be improved.

At a very basic level, Amazon GuardDuty is a good tool. If you are looking for advanced security that would provide higher checks to secure their environment, this may not be enough. 

Certain checks only related to the AWS environment are good, but if you are integrated with other services like Salesforce or MuleSoft it is not a good solution.

I would rate GuardDuty a six out of 10 overall. 

I use AWS GuardDuty to monitor my AWS environment for potential security threats. It analyzes data from various sources like CloudTrail logs and VPC Flow Logs to detect malicious activity. GuardDuty provides insights into potential threats, categorizing them by severity levels, helping me prioritize and respond effectively. 

As I explore AWS GuardDuty, I find its features helpful for spotting threats in my AWS setup. With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks. While I'm still new to using it and haven't faced many threats yet, I see how GuardDuty is crucial for beefing up my AWS security by catching and dealing with vulnerabilities early on.

One improvement I would suggest for AWS GuardDuty is the ability to assign findings to specific users or groups, facilitating better communication and follow-up actions. It would be beneficial to have a knowledge bank where past findings and actions taken are stored, aiding in handling repeat incidents and providing historical precedence for new team members.

I have been using AWS GuardDuty for a year.

AWS GuardDuty is stable and responsive. I haven't encountered any glitches or stability issues, and the analytics are quick and reliable.

As a very small business in its initial stage, I find AWS GuardDuty to be scalable for our needs.

The tech support for AWS GuardDuty is good. The documentation and support resources available are clear and comprehensive, making it easy to set up and configure. I would rate it around nine out of ten.

Positive

GuardDuty is intuitive to use and the setup process is simple. There is not much complex configuration involved, which makes it easy to get started. Deploying AWS GuardDuty is straightforward with just a few steps, and it is all done within your AWS cloud account. As for maintenance, it is easy and there haven't been any issues or challenges.

The pricing and licensing for AWS GuardDuty are transparent and predictable, which I appreciate. While some may find it expensive at larger scales, for our small business, it is manageable and in line with expectations. AWS's pay-as-you-go model ensures we only pay for what we use, which is beneficial for budgeting.

GuardDuty helps by flagging unexpected or potentially unauthorized activity in my AWS environment. For instance, it alerts me when there is an API call from an unfamiliar IP address, which might indicate a security threat. However, in some cases, these alerts might be triggered by legitimate actions, such as employees working remotely from different locations using VPNs.

I find the anomaly detection and continuous monitoring features of AWS GuardDuty very effective. They give me peace of mind knowing that AWS is actively looking out for any abnormal behavior or traffic in my environment. In the past, for on-premises setups, I relied on different network tools for this, but in the cloud, GuardDuty takes care of it, sparing me from manual tasks like checking VPC logs. 

Integrating AWS GuardDuty with third-party tools seems straightforward, although I haven't done it yet myself. From what I have seen, getting GuardDuty data into AWS Security Hub appears to be a simple process, allowing for centralized security monitoring across multiple accounts. I'm considering enabling it and trying it out, especially since AWS offers a 30-day trial for Security Hub.

Overall, I would rate AWS GuardDuty as a ten out of ten.

We have been using AWS, and since we used a couple of tools, we decided to implement AWS GuardDuty for security purposes.

We are currently leveraging AWS GuardDuty quite often for security monitoring within our infrastructure.

I can discuss specific instances where AWS GuardDuty's automated response feature was very helpful for our security. It provides abrupt alerts, which has been a good feature.

AWS GuardDuty integrates seamlessly with third-party tools in our existing ecosystem, and we did not experience any challenges with integration.

AWS GuardDuty is currently meeting our needs concerning what could be improved.

In future updates of AWS GuardDuty, I would suggest implementing better UI features.

We have recently learned AWS GuardDuty, and we are trying to integrate it right now, as it has only been a few months.

When we deployed AWS GuardDuty, it proceeded smoothly without any difficulties or complexities.

On a scale from one to ten, I find AWS GuardDuty very stable, rating it approximately nine.

For scalability, AWS GuardDuty rates around eight on the same scale.

I have communicated with the technical support of AWS, and they are helpful and responsive.

On a scale from one to ten, I rate the technical support ten. They provided workshops and all services on time, which demonstrates their excellence.

Positive

The deployment of AWS GuardDuty required just a few hours to complete.

AWS GuardDuty has impacted our security operational costs, but we are still in the process and experimenting with it, so I'm not fully aware of the financial implications.

My team was experimenting with some tools and found AWS GuardDuty to be relatively better.

The solution can be utilized in public or private cloud environments, though I'm not fully aware of those details as my team manages the implementation.

We are not currently utilizing artificial intelligence in AWS GuardDuty to enhance its threat detection capabilities.

I would recommend AWS GuardDuty to other companies and businesses.

I rate AWS GuardDuty a nine out of ten.

My company uses AWS GuardDuty to develop the software and provide services to clients. I use the solution to monitor the service on the AWS workload or AWS instance and monitor threats or vulnerabilities.

AWS GuardDuty is easy to use and configure. I use AWS GuardDuty to check whether we are under attack or not. The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action.

I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use. The operation team can use a single desktop to monitor.

I have been using AWS GuardDuty for less than one month.

In my department, around seven to eight users are using AWS GuardDuty.

I previously used Google Cloud for three to four years. AWS GuardDuty has more features and can be customized more than Google Cloud.

I have heard that the solution's price is quite high. Sometimes, they need to fine-tune the service on AWS. For example, Amazon Simple Storage Service (S3) is used for static content because it is cheaper.

Overall, I rate AWS GuardDuty an eight out of ten.

We have over 1,000 employees, and we monitor their activity through AWS GuardDuty.

The solution's user interface could be improved because it will help users to understand multiple options. Currently, we have multiple options on AWS GuardDuty, which may confuse new users.

I have been using AWS GuardDuty for two years.

We faced some issues with AWS GuardDuty because sometimes we don't get proper loss from the solution.

I rate the solution an eight out of ten for stability.

I rate the solution ten out of ten for scalability.

The solution’s initial setup is not very difficult.

We have a whole bunch of information on various things in AWS GuardDuty.

Overall, I rate the solution a nine out of ten.