AWS GuardDuty is a security service providing threat detection and continuous monitoring, integrating seamlessly with AWS services and third-party tools. Enhanced by machine learning, it offers comprehensive protection against unauthorized access and malicious activity within AWS environments.
| Product | Mindshare (%) |
|---|---|
| AWS GuardDuty | 10.4% |
| Microsoft Defender for Cloud | 13.2% |
| Wiz | 9.3% |
| Other | 67.1% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Cloud Workload Protection Platforms (CWPP) | Jun 22, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 22, 2026 | Download |
| Comparison | AWS GuardDuty vs Microsoft Defender for Cloud | Jun 22, 2026 | Download |
| Comparison | AWS GuardDuty vs Wiz | Jun 22, 2026 | Download |
| Comparison | AWS GuardDuty vs SentinelOne Singularity Cloud Security | Jun 22, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Wiz | 4.4 | 9.3% | 97% | 46 interviewsAdd to research |
| SentinelOne Singularity Cloud Security | 4.4 | 4.9% | 99% | 129 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 3 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 276 |
| Midsize Enterprise | 170 |
| Large Enterprise | 566 |
GuardDuty offers behavior analysis and automated responses, utilizing multiple data sources like CloudTrail and VPC Flow Logs for thorough threat analysis. Its scalability and cost-effectiveness simplify the process of identifying suspicious activities, thereby protecting AWS environments from security threats. While users appreciate these features, there's room for improvement in expanded integrations, a more intuitive dashboard, and detailed threat intelligence. Key capabilities include facilitating compliance and enhancing cloud security by monitoring accounts, services, and detecting unusual patterns in real-time.
What are the key features of AWS GuardDuty?Industries utilize AWS GuardDuty for robust security management, detecting threats and analyzing potential risks within AWS environments. This is crucial for sectors needing strict compliance and security, such as finance and healthcare, enabling these sectors to respond effectively to security events and maintain integrity.
autodesk, mapbox, fico, webroot
| Author info | Rating | Review Summary |
|---|---|---|
| Senior IT Auditor at Ernst & Young | 4.5 | I’ve used AWS GuardDuty for three years to detect threats and automate responses; it’s reliable and scalable, though integration could improve compared to Microsoft Sentinel. Despite being costly, overall, it’s a strong, effective security solution for our needs. |
| AWS Cloud Engineer at Standard Telephones and Cables | 4.5 | I mainly use AWS GuardDuty to detect compromised EC2 instances and monitor threats in S3 buckets and Lambda functions. Its ease of use and cost-effectiveness are valuable, but improvements are needed for multi-region management and more detailed investigations. |
| Senior Security Analyst (AppSec) at ELETROBRAS | 4.5 | I've extensively used AWS GuardDuty to detect threats and unauthorized access in my environment and appreciate its integration with the AWS ecosystem. While it's effective, I think container environment detections could be improved for services like Fargate and EKS. |
| DevOps Engineer at a consultancy with 10,001+ employees | 4.0 | I use AWS GuardDuty with AWS Security for detecting threats like brute force attacks and unauthorized SSH attempts. It's valued for its threat detection integration, though I wish it integrated with more AWS services. AWS's notifications improve response times significantly. |
| Security and Compliance Architect at a manufacturing company with 1,001-5,000 employees | 4.5 | I use AWS GuardDuty for effective threat detection and monitoring of AWS accounts, containers, and Amazon S3 buckets. It needs updates to handle evolving threats, but it significantly improves incident prevention, offering early notifications and valuable ROI. |
| Solutions architect at University of Helsinki | 5.0 | AWS GuardDuty serves as a basic threat detection tool within AWS's vast portfolio. While not my primary focus, it's a good starting point for endpoint protection. For larger scale needs, I would consider AWS Shield or third-party solutions. |
| Vice President at a financial services firm with 10,001+ employees | 4.0 | I use AWS GuardDuty to detect threats, valuing its S3 and malware protection features. However, improvements are needed in support response time and detection accuracy. Despite some challenges, our investment in GuardDuty appears to deliver satisfactory results. |
| Security and Compliance Architect at a manufacturing company with 1,001-5,000 employees | 4.0 | I used Amazon GuardDuty for AWS threat detection, valuing its monitoring and timely alerts. While setup was easy and support responsive, I found its cost could escalate with more accounts, and there were past issues with adding notes or suppressing findings. |
| Cloud Engineer at Epsilon | 4.0 | I use AWS GuardDuty to continuously monitor AWS accounts and enhance security through intelligent threat detection and integration with other AWS services. Its machine learning capabilities are valuable, though the high cost needs improvement. Overall, it's crucial for detecting threats. |
| Cloud Engineer at Unicloud | 4.5 | In our AWS environment, GuardDuty offers strong automated protection using machine learning to quickly detect threats, such as brute force attacks. Its integration with AWS services keeps us informed, though a more insightful dashboard would enhance its usability. |
We generally use AWS GuardDuty for detection of zero-day vulnerabilities and automatic threat responses; it serves as a SOAR, an orchestrated and automated response solution for us in the AWS platform.
We use the integration aspect of AWS GuardDuty with Threat Intelligence in our operations; it's already implemented for us, and we're using it almost every day.
The benefit from monitoring unexpected behaviors using AWS GuardDuty is that it provides an automated response; they have certain capabilities to detect and thwart illegitimate traffic, and that is something which is present and we use from our AWS GuardDuty solution.
AWS GuardDuty is able to detect unauthorized access and malicious activity within the company, and it is giving a good service to us.
AWS GuardDuty is a good product; it's doing its job right now, and I don't see any additional improvements needed.
Comparing AWS GuardDuty to similar products from Microsoft, Microsoft has a product called Sentinel, which is a completely integrated solution that basically does everything from vulnerability management to managing log analytics. This is something which AWS GuardDuty doesn't have since it's a separate service. I would prefer to see a product where everything is in one single unit rather than having separate services for AWS GuardDuty, Trusted Advisor, and Shield. Microsoft has that integration, which AWS can consider implementing.
I am a customer who has been working with AWS GuardDuty for three years.
I rate the stability of AWS GuardDuty as nine out of ten.
I rate the scalability of AWS GuardDuty as ten out of ten; it's really scalable.
I rate technical support for AWS GuardDuty as ten out of ten; AWS has very good security support overall.
Positive
AWS GuardDuty can be implemented using Terraform or CloudFormation or the Management Console, and that implementation part is easy; if you know your configuration parameters, it's easy to install.
AWS GuardDuty is an expensive feature, and while you can't expect the price to be low, it can be lower because it's pretty expensive.
I would assess the integration of AWS GuardDuty with Threat Intelligence as majorly positive; no threat intelligence is 100% accurate, and there are a few false positives, but as a security engineer, this must be accepted, and overall, the response and service is good for us.
We do not directly use AWS GuardDuty dashboard by itself, as we have our own integrated security dashboard; AWS GuardDuty gives the feed to that dashboard, and it's giving us a satisfactory view of how the security landscape looks.
We use metrics such as zero-day threats, any malicious traffic, and any traffic which originates from OFAC countries to measure its effectiveness, as we are majorly into a financial institution, as any traffic that is from a malicious IP or a rogue device.
I don't see any significant negative points regarding AWS GuardDuty; it's a good product to have if you're a cloud consumer.
I rate AWS GuardDuty nine out of ten overall.
We mainly use AWS GuardDuty to detect compromised EC2 instances. Primarily, we use it to identify suspicious activity, such as unusual outbound traffic, connections to known malicious IP addresses, or unauthorized attempts to access EC2 instances. This may indicate a compromised instance.
Additionally, we use GuardDuty to monitor S3 bucket misconfigurations and for threat detection on Lambda functions. We analyze cloud logs for suspicious API calls and abnormal execution patterns within AWS Lambda functions, helping us identify potential misuse.
Another use case is that we use GuardDuty to detect credential stuffing attacks by identifying failed login attempts, particularly from unusual locations or at high frequency, indicating potential credential stuffing attacks or brute force attempts.
Furthermore, GuardDuty can also monitor for large-scale data downloads or uploads, potentially indicating data exfiltration attempts by unauthorized actors or malware.
GuardDuty's automated incident response feature allows us to integrate it with Lambda and CloudWatch to trigger automated responses. This enables quick actions such as disabling AWS IAM users, blocking malicious IPs, or isolating compromised EC2 instances.
GuardDuty's comprehensive threat detection does not only monitor data - it also detects a wide range of security threats. This helps in eliminating blind spots across the AWS environment and provides added convenience in identifying threats through its ease of use.
Enabling GuardDuty with a single click allows it to start analyzing data for threats without requiring additional software deployment or updates. Another valuable feature is its cost-effectiveness, as it operates on a pay-as-you-go model that efficiently scales based on usage, reducing the need for investing in additional hardware or software.
GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be useful, including more granular details in findings, such as specific user actions or historical comparisons, would be beneficial.
Furthermore, managing global AWS environments requires setting up additional tools for viewing GuardDuty findings across multiple regions. A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.
I have been using GuardDuty for about two and a half years now.
GuardDuty is a stable product. It is backed by machine learning, and AWS has strong machine learning models and the capacity to support this with advanced computing power. I have never faced any challenges with GuardDuty.
GuardDuty's scalability is quite impressive. It is designed to scale based on usage, which makes it very adaptable for varying demands.
The support teams from Amazon are very good. Every time I face challenges, I contact the AWS support teams. They are very swift in their response and open to acknowledging when they do not understand an issue. They are quick to escalate such issues to the right person who can provide the necessary assistance.
Positive
GuardDuty is very cheap and operates on a pay-as-you-go basis. It's priced around a dollar per million requests, making it very reasonable as there's typically no requirement for making millions of requests.
Overall, GuardDuty is a very easy-to-use tool, and I would recommend it even to those who are not tech-savvy. It allows users to simply click and go. I would give GuardDuty a review rating of nine out of ten.
At AWS, I have been working extensively with AWS GuardDuty, and I think this is an excellent tool to detect threats in my environment. Another security tool at AWS that I appreciate is Security Hub because I have many vulnerabilities and points of my environment that need attention as they are out of compliance with frameworks such as NIST or CIS benchmarks.
I use AWS GuardDuty extensively to detect unauthorized access control attempts from other persons when their requests to AWS APIs occur; I can detect many attempts to login to these APIs. Another use for AWS GuardDuty is detecting attempts to access objects that some users don't have permission for, and detecting threats in AWS instances when they try to connect to other networks that are out of compliance such as TOR or other external networks.
AWS GuardDuty is a great solution; I appreciate it because it's native for the Cloud provider, and I don't need to acquire other tools from another vendor.
The great benefits of using AWS GuardDuty are that it is connected to all ecosystems from the AWS environment, and I can detect threats faster and locate all the information in a single tool. I don't need to access many tools or features to understand the incident.
Another protection that I use is some EDRs for EC2 instances, and I have experimented with Orca Security and Cynap.
I think that some detections in container environments such as container runtime, and on services such as AWS container service, Fargate service or EKS service could be improved. I need to improve better detections in containers in these services.
I have three years of experience with this solution.
I appreciate the support for AWS; it is relatively fast, and their SLAs meet my needs.
Positive
The first setup is easier because all the intelligence integrates with AWS environments.
It depends on the size of environments, but currently, in the environments where I work, I need about a week to configure all environments. I have workloads such as EC2 instances and containers, and I could set up in one week; it's enough to start the detections and tune AWS GuardDuty.
I set up everything well on my own. I didn't need help; this was my choice.
I can save about 40%.
I don't worry much about the pricing, but I think it is a good price for what they deliver. This cost is cheaper because of all the information they provide. The pricing of this tool is cheaper compared to other tools from other vendors, which are more expensive.
Orca has many more features than AWS GuardDuty. However, in intelligence terms, AWS GuardDuty is ahead of Orca; it is better than Orca.
Not much maintenance is required because AWS support takes care of this task. I don't need to worry about maintenance; I appreciate it as a customer.
AWS GuardDuty saves time to analyze some detections significantly different from trying to analyze detections from a SIEM or another type of tool.
We experiment with AI, but we don't use it strongly. We have some experiments, and it's a good experience.
We recommend AWS GuardDuty. I would rate this solution an eight out of ten.
The main use cases of GuardDuty, when combined with AWS Security, are to offer in-depth security issue detection, such as identifying brute force attacks or unauthorized SSH attempts into your infrastructure, as well as other anomalous behaviors. GuardDuty serves as a threat detection and intelligence service.
GuardDuty is extensive in terms of configuration and security compliance. It integrates with threat detection, offering end-to-end visibility. The best thing is that it notifies you immediately when something goes wrong, allowing quick response to threats. Our infrastructure is continuously monitored, safeguarding it against threats. Even internal threats are easy to identify. AWS monitors user behavior, which helps detect compromised credentials.
I would like to see more integration with other AWS provided services. Currently, GuardDuty provides integrations with RDS and S3, however, further integration with services like API Gateway would be beneficial.
I have been using GuardDuty for more than a year.
The stability of GuardDuty is extremely reliable. There is no downtime, and it has proven to be very dependable.
You don't have to scale it or worry about the infrastructure or the security service being down. It remains consistent in its performance.
We have never felt the need to escalate any questions to the technical support about GuardDuty.
Positive
Before GuardDuty, I worked with Microsoft and used their cloud workload protection solution, Microsoft Defender. While it is more detailed and extensive, the UI and UX of Microsoft Defender are tricky and not as user-friendly as AWS, which prompted the switch.
The initial setup of GuardDuty was straightforward. The only prerequisite was having Security Hub enabled; from there, it was just a few clicks.
The ROI is now improved. I don't have those details. Overall, the average time saved is significant. AWS notifies quickly, which improves response time.
Once you configure GuardDuty clearly based on your organization's needs, it operates in a setup-and-forget mode. On a scale of one to ten, I would rate GuardDuty as an eight.
We leverage the solution to block anything malicious since it's a threat detection service. GuardDuty allows us to monitor accounts in a much better way. The solution looks for any malicious activity that's going on and will notify you if anything is going on with your AWS accounts. It's not necessarily an IPS because it only alerts you about malicious activity.
The way it monitors accounts is definitely a very important feature. GuardDuty is a threat detection service. The solution looks for any kind of malicious activity or any unauthorized behavior that could breach some problems with accounts. GuardDuty does not just focus on AWS accounts but also on container applications and even Amazon S3 buckets. GuardDuty covers a range of different Amazon resources as part of the protection.
Because it's a threat detection service, they need to keep up with the various threat factors because new threat factors and attack factors come up all the time. Sometimes they may detect a certain behavior. But if that behavior morphs into something else, GuardDuty may not pick up on that specifically if something new comes up which hasn't been found or uncovered before. If Amazon doesn't update the service to reflect that or address that or factor that in, it may not detect the threat. The end user then is obviously at the mercy of whatever it flags. GuardDuty must ensure they cover everything, including the latest threats.
There hasn't been a stability issue yet, so I rate the stability an eight out of ten.
With scalability, it helps to factor in additional resources and workloads. I'd rate the scalability an eight out of ten. About five users are using AWS GuardDuty. Only people who are monitoring threats are using the solution.
I rate the initial setup an eight out of ten. I think it's more on the easy side. Regarding steps taken for deployment, the first step was creating a cloud trail, like an AWS Cloud trail. The other step was setting up the VPC flow logs. The third step was setting up the DNS logs. If everything is in place, deploying the solution could take as little as half a day.
You'd need someone who manages the cloud infrastructure, and they'll have to do it because GuardDuty needs the cloud trail created along with the VPC logs and everything.
Depending on the breadth of the infrastructure, you could have a small team of people maintaining the solution. The challenge would be that once you operationalize it, and if anything gets flagged or notified, you need people to be able to jump on it. Typically, if you have people in different time zones, a team would help. But this depends on the nature of what comes up in the notifications.
When it comes to looking for threats and catching those early on so that it doesn't lead to something in terms of an incident or a breach, we see a critical ROI. The more and earlier they notify, the better and less painful it is to investigate and take care of things.
GuardDuty only enables accounts in regions where you have an active workload. If there are places where you don't have an active workload, you wouldn't even enable them. That's one area where they could allow you to cut down your cost. In terms of giving you flexibility, the pricing is good. If, for example, I feel that something doesn't need to be in a certain region, I won't enable it. It would help with that whole setup because that model helps save money.
I rate the solution a nine out of ten.
AWS initially interested me more from the architecture and direction perspective, rather than DevOps, for instance. I wanted to gain expertise in the wide range of services they offer, one of which is GuardDuty. It's not my main focus, but it's a good basic threat detection starting point.
Whenever we need some kind of service for threat detection, we go to one of the many options in the vast AWS cloud portfolio. We pick GuardDuty to protect our endpoints, and it's a good first-line solution for quick deployment.
Once we have experience using this AWS offering, we'll likely start looking deeper. We might then go to the marketplace to find another, potentially third-party solution.
For AWS, there are other services online that I would go to and compare features with to determine the best option for my initial needs. The point is, once we need these kinds of services on a larger scale, we probably need a bigger partner or client-customer base to work with.
From my perspective of educational purposes and cloud development approach, it's not there yet. I have some initial insights about helpful features in GuardDuty, but I don't yet have the clientele to apply them to large-scale infrastructure protection. That's where I would explore threat detection and endpoint protection further, especially since global threats.
For vulnerability checking, I have other integrations that help my development pipelines build securely. My images and code are typically scanned every time to ensure I'm not harboring internal vulnerabilities.
However, protecting the external perimeter requires something bigger, and that's where Palo Alto Cortex XDR and similar products come in. Here, for threat detection, my browser has an add-on, which is truly helpful. Every time you access a page, it scans it immediately, flagging potential threats, even false positives, to alert you before you dive deeper into an unfamiliar site.
The problem of scale is very fundamental to me. Over the past five or ten years, since the emergence of cloud infrastructure and the proliferation of distributed software products, I've been focused on developing backends for various solutions. The rise of cyber threats prompted me to consider how to protect the endpoints exposed to clients.
With numerous endpoints today, as we deploy every version of our software, often multiple times a day, ensuring that none of them becomes a target is crucial. For such large-scale infrastructure protection, my preference would be to explore another AWS offering. Specifically, if my deployment is in the Amazon cloud, I would turn to AWS Shield.
I started with AWS about six, maybe seven years ago.
I would rate the stability an eight out of ten.
I would rate the scalability a nine out of ten. For me, it is one of the most scalable thing on the planet.
The customer service and support are good. They need some room for improvement. There are so many people in support. Sometimes, I get someone who is helpful, and sometimes, they are not helpful.
So, I don't expect too much from support. But AWS's support is doing the best they could.
Neutral
I come from working with Microsoft products mainly. Like, starting from, like, desktop applications for office applications and stuff initially. And then, for the clients of the company, I was involved with different industrial kinds of things in, for instance, the Maritime business vertical. This is about shipping and a meter voltage, electrical stuff. So it's basically automation in some way. At the beginning of the century, we were basically doing this in production with Microsoft initially.
At one point in 2006, the cloud emerged. This marked a significant shift in infrastructure management, eliminating the need to purchase racks for data centers on-premises. Instead, we could simply order them from a cloud provider. This paradigm shift caught my attention, leading me to explore the possibilities.
That's why, at some point, I began with the initial cloud provider. Although I also considered others, the first one seemed like a pioneer. Its services evolved into small, versatile solutions for various needs. You don't necessarily have to be familiar with all the services; you can simply explore and find what you need. The landscape is dynamic – today, it looks one way, and next year, it might transform.
The beauty of it lies in its on-demand nature. Minimal installation is required, allowing me to experiment easily. I don't need to know everything upfront; I can go, try, and see what suits your requirements. The cloud provides a flexible and ever-changing environment that aligns with the needs as they evolve over time.
But insights come from looking at what the other vendors are fighting with, and this is where I'm so grateful for the expertise that I see for the future.
AWS is evolving rapidly. When you look at it over a year or the next, it's different because their deployments are constantly changing. AWS is agile, developing rapidly, and features are exchanged regularly. What you did last year might be entirely different today.
One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS.
I prefer to have something on demand for myself. That's why I haven't been paying for GuardDuty specifically. AWS provides a wide range of offerings, especially in the security area. They have various services that integrate into a centralized Security Hub, offering insights into different aspects of security issues, especially in networking and the cloud.
The findings from GuardDuty would be integrated into the Security Hub service, incurring some small costs. I haven't delved into the specifics of these costs, but I know they are minimal. It's like flipping a switch – you integrate GuardDuty to report to the centralized hub, and if something needs attention, you check the GuardDuty findings.
This integration is part of the main central service for security, along with many others, perhaps five or ten. For example, one service scans files in your storage service. Different services may have various agents scanning for different things, like tokens or exposed personal data. It's a unique security issue.
Each service detects findings, and you can integrate them into the Security Hub to keep an eye on all aspects of security. GuardDuty is just one of them. Cost-wise, you pay for what you use, without the need to install or spin up servers. You simply tell the cloud that you want these services integrated for immediate on-demand use.
The pricing may be complex, based on dimensions like the number of findings and protections used. However, maintaining a smaller infrastructure results in fewer findings, reducing costs and eliminating the need for constant investments and running infrastructure all the time, essentially going serverless.
Overall, I would rate the solution a nine out of ten. It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially.
I use AWS GuardDuty to identify, detect, and mitigate any threats within the organization.
The solution provides AWS GuardDuty S3 protection, EKS runtime protection, and malware protection.
The technical support's response time could be improved and made faster. AWS GuardDuty sometimes shows false positives and should have better detection accuracy.
We have different businesses and have to consolidate all the threats into one platform. We need to integrate all the different businesses using AWS GuardDuty and push them into one platform to try to manage the threat from there.
I have been using AWS GuardDuty for two years.
I don't see any issues with the solution's performance, but sometimes we do see false positives.
AWS GuardDuty is a scalable solution. We have businesses which have their own product, and we deploy AWS GuardDuty on top of that. The alerts generated for the business will be pushed into our security team, which comprises the end users of these alerts. The solution is used by around 30 people in the security team, which manages the whole firm.
The solution’s technical support is good.
Positive
The solution’s initial setup is very easy.
One person can deploy AWS GuardDuty in a couple of minutes.
I assume our firm has seen a return on investment with AWS GuardDuty because we are pretty satisfied with the product and continue to use it.
We generally look for alerts and push them into our SIEM tool. We then publish them into our ticket managing system to understand and deal with the threat.
Most security threats are based on API costs or unsecured S3 buckets. There are a lot of ways in which we identify different aspects. We are trying to leverage as much as possible whatever cloud value AWS GuardDuty offers.
The integration of AWS GuardDuty with other AWS services is not over-complicated but has its challenges. Most complications arise from the business units on how we operate and integrate. Different businesses within the firm use different AWS products, and the architectural issue complicates it.
We have been alerted of instances where an S3 bucket is not encrypted and is open to the public. We use AWS GuardDuty to remediate it as soon as possible.
Overall, I rate AWS GuardDuty an eight out of ten.
We primarily used Amazon GuardDuty for threat detection because we have AWS accounts we wanted to monitor and we wanted a solution that could detect any kind of threat. We ended up leveraging the native tool of AWS which was Amazon GuardDuty, and we used it for monitoring our AWS accounts. It was used for looking for any kind of malicious activity, and any workloads that might have any malicious activity, and it was also used for reporting purposes. Amazon GuardDuty helped in our whole security incident response process. We were analyzing logs with it, for example, the event logs. We were reviewing any kind of potential risks that we might face and would need to accordingly take action on, through Amazon GuardDuty.
What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away.
Some of the pain points in Amazon GuardDuty was the cost. When compared to some of the other services, depending on how many we had to monitor, if we had a huge range of accounts, as our accounts increased, we had a cost factor that came into play.
Sometimes there were issues, for example, with findings that came up, we wanted to add notes and there were issues back then where notes couldn't be entered properly. If we wanted to leave a note such as "Okay, we have assessed this and this is how we feel", or "This is a false positive", Amazon GuardDuty wasn't allowing us to do that. Even with the suppression of certain findings, there was some issue that we had faced at one time.
Those were some of the pain points of the solution.
I have four and a half years of experience with Amazon GuardDuty.
Amazon GuardDuty was fairly stable. Except for those few pain points, it was fairly stable because we were constantly checking for things that would come up and what it would flag, even when we had to reach out to Amazon support for certain things, they were fairly responsive. There wasn't any outage or any significant downtime while we were using Amazon GuardDuty. There might have been just a little bit of performance degradation, but it wasn't a complete "black hole".
Amazon GuardDuty is a scalable product. It manages to scale accounts. I don't recall the exact number of accounts, but my company definitely had way more accounts. Over time, Amazon GuardDuty matured as a product. In the beginning, it wasn't as scalable as you would expect, but over time, the way the product was improved, it was able to meet kind of any kind of scaling demands. The environment in my company was also growing and had more accounts getting added to it, so my company needed Amazon GuardDuty to accommodate everything, and in my experience, I have not faced any issues, even when I had a much larger coverage done. The product is designed to meet decent scaling demands, at least.
The technical support for Amazon GuardDuty was pretty responsive. Compared to many other vendors that I've used, AWS support, in terms of the SLA, has been fairly good about getting back on that. AWS claims to provide 24/7 access to customer service, so typically, whenever I've reached out, I've received a response fairly quickly. The support team acknowledges the request and will act on it. I've never had any trouble. I hardly remember ever escalating to the customer support manager, some specific, or some general support issue. There was rarely a case where an escalation had to happen, and for the most part, it was working out.
The initial setup for Amazon GuardDuty was straightforward. I don't remember it being complex at all. One had to sign in to the AWS Management Console, for example, my company had this audit account I would sign into, then I would navigate into the Amazon GuardDuty console, then I would just choose the account that I wanted to be added to as part of that, and then it will be managed and monitored by the Amazon GuardDuty admin account. I remember it being fairly straightforward. The setup wasn't difficult.
In terms of ROI from Amazon GuardDuty, we're getting threat detection or intelligent threat detection, and that's the key thing. As we are in a security environment, our customers are also demanding for better security posture. We can't put ROI quantitatively into words, but qualitatively, the ROI from Amazon GuardDuty goes towards improving our overall security posture. There's ROI from the solution because it would translate into the improvement in security posture which then translates into the trust we gain from our customers, so more customers would be interested and potentially get services or solutions from us, resulting in a win-win situation.
In terms of the costs associated with Amazon GuardDuty, it was $1 per GB from what I recall. Pricing was based on per gigabyte. For example, for the first five hundred gigabytes per month, it'll be $1 per GB, so it'll be $500. If your usage was greater, there's another bracket, for example, the next two thousand GB, then there's an add-on cost of 50 cents per GB. That's how Amazon GuardDuty pricing slowly goes up. I can't remember if there was any kind of additional cost apart from standard licensing for the solution. Nothing else that at least comes to mind.
What the service was charging was worth it. That was one good thing when using Amazon GuardDuty because my company could be in a certain tier for a certain period. My company wasn't under a licensing model where it could overestimate its usage and under-utilize its usage and pay much more. This was what made the pricing model for Amazon GuardDuty better.
I'm working with different solutions, and right now, I'm dealing with software composition analysis solutions, static application security testing tools, and even dynamic application security testing tools. I'm also working with API security or cloud security solutions. There's a range of tools I'm working with, including Amazon GuardDuty.
Ten to fifteen people use Amazon GuardDuty in my company. It's not a huge number of people, but there's a given number of people with access to the solution, who'll be able to go in and check. The users are mostly system administrators who can take action. My company goes by role-based access control in the environment, using the principle of least privilege in every case. It's to make sure whoever is given access is based on what he or she does, and based on user responsibilities. Access to Amazon GuardDuty is limited to a small group of people, or just certain users, specifically, people you'll reach out to if something happens, such as system administrators, IT administrators, and security administrators.
My advice to others looking into implementing Amazon GuardDuty is to try to add coverage over all your AWS accounts. I would recommend the solution for every AWS account that anyone owns or uses. It's best to get all your accounts centralized and added under the coverage of Amazon GuardDuty because you want to protect those accounts, check for any malicious activity, and add those accounts to continuous monitoring. Never skip out on anything. The solution also gives you one place where you can go in and find out how many AWS accounts you have, what kind of accounts you have, and whether you want to shut down accounts that are no longer in use. There's a lot of security that Amazon GuardDuty can provide, and it also helps in maintaining security hygiene.
I would rate Amazon GuardDuty eight out of ten because I did not face that many issues while using it, and if someone is leveraging AWS, then Amazon GuardDuty is one of the first solutions they should use.
My company has a partnership with AWS as it has a cloud offering that's based on AWS, though it's not a reseller of Amazon products.
I use AWS GuardDuty to monitor AWS accounts and investigate security threats continuously. It enhances the security of AWS infrastructures and applications, ensuring compliance with regulations like HIPAA and GDPR.
AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten.
The solution's machine learning capabilities help identify threats by continuously collecting data such as IP addresses, user agents, API calls, and network traffic patterns. This data is used to train machine learning models, which can then identify normal activity patterns and detect variations that indicate security threats. AWS GuardDuty is crucial in identifying security threats in the AWS environment.
The product needs to improve its cost-efficiency since it is expensive.
I have been using the product for more than two years.
I haven't had any issues with the tool's stability.
I haven't had any issues with the solution's scalability.
The tool's deployment is easy.
The tool's licensing model is pay-as-you-go.
I rate the overall solution an eight out of ten. I would recommend AWS GuardDuty to others. It’s a great tool that helps you stay ahead of threats. It keeps you alert.
Protect your accounts, data, and assets across diverse AWS computing environments, encompassing Amazon Elastic Compute Cloud (Amazon EC2), serverless operations, and container workloads, including those utilizing AWS Fargate.
AWS GuardDuty enhances organizational security by providing automated threat detection, easy integration with other AWS services, centralized monitoring of security findings, cost-effective security, and scalability.
The product has automated protection powered by ML, which is now far more powerful than before. It uses ML in its detection algorithm, providing fast and quick results.
If someone attempts to attack our tools, especially through brute force attacks, we receive notifications. This applies even if such attempts originate from within our teams, engaging in malicious activities.
AWS GuardDuty's integration with other AWS services, such as email addresses and support IDs helps our team members to stay informed about the activities in the account and the necessary actions to take when it triggers an alert.
It has been instrumental in identifying issues, particularly instances where EC2 instances had their ports (e.g., 22 and 3389) exposed publicly. This has helped us stay vigilant against potential attacks, and the severity classification allows us to prioritize addressing critical issues.
AWS GuardDuty has introduced several new features, including malware protection and continuous monitoring.
There is currently no insightful dashboard for AWS GuardDuty. It would be helpful if they could provide a dashboard based on severity levels (high, medium, low) and offer insights account-wise.
I have been using the product for two years.
I rate the product's stability a nine out of ten.
GuardDuty's scalability is beneficial for organizations with dynamic and growing cloud environments. It can handle increased data volumes, adapt to changes in network traffic, and effectively analyze logs from various AWS sources. The service is designed to maintain its effectiveness as your AWS deployment scales up, making it suitable for both small and large organizations.
The technical support is good. If I create any ticket, they reach out to us through chat or call, and they are available for support within a few minutes. I think that's great support from the AWS team.
Positive
The tool's initial deployment is easy. Anyone can do it, and it can be accomplished with just one click.
80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security.
The responsibility also lies with the customer. We obtain written confirmation from them, stating that if they choose not to use it, they accept responsibility for any potential attacks. In such cases, we refrain from enabling it, and any financial repercussions resulting from incidents are their own accountability.
I rate the overall product a nine out of ten. Within our organization policy, AWS GuardDuty is designated as a mandatory service. Its utilization proves beneficial in the event of an intrusion into the account or servers. With AWS GuardDuty in place, you can promptly identify a compromised server, account, or user, enabling us to take necessary actions.
