AWS GuardDuty vs Threat Stack Cloud Security Platform [EOL] comparison

Amazon Web Services (AWS) and F5 are both solutions in the Cloud Workload Protection Platforms (CWPP) category. Additionally, 91% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 88% of F5 users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on May 4, 2025

Threat Stack Cloud Security Platform EOL and AWS GuardDuty are competing in the cloud security domain. AWS GuardDuty has the upper hand with its comprehensive integration capabilities and robust automation features, although Threat Stack offers competitive pricing and support.

Features: Threat Stack provides extensive workload monitoring, anomaly detection, and compliance reporting. AWS GuardDuty focuses on automated threat detection, deep integration with AWS services, and leveraging machine learning for comprehensive security insights.

Room for Improvement: Threat Stack could improve by expanding its automation capabilities and enhancing its integration with more cloud environments. AWS GuardDuty may benefit from broadening its support for non-AWS services and offering more user-friendly interfaces for customization and configuration. Additionally, AWS GuardDuty could lower its cost to be more affordable for smaller businesses.

Ease of Deployment and Customer Service: Threat Stack is noted for its simple deployment and strong initial setup support. AWS GuardDuty, designed for seamless AWS integration, offers quick activation and vast AWS support resources, facilitating easier deployment in AWS-centric environments compared to Threat Stack's more hands-on model.

Pricing and ROI: Threat Stack is praised for its cost-effectiveness and customizable pricing, providing significant ROI through tailored spending. AWS GuardDuty, albeit more costly, justifies expenses with efficient automation and integration, which promises long-term ROI through enhanced scalability and functionality.

To learn more, read our detailed Cloud Workload Protection Platforms (CWPP) Report (Updated: June 2025).

Buyer's Guide

Cloud Workload Protection Platforms (CWPP)

June 2025

Download the complete report

Helped 862,077 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

SentinelOne Singularity Clo...

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Terence Dube

AWS Cloud Engineer at Standard Telephones and Cables

Comprehensive threat detection simplifies security management

GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be useful, including more granular details in findings, such as specific user actions or historical comparisons, would be beneficial. Furthermore, managing global AWS environments requires setting up additional tools for viewing GuardDuty findings across multiple regions. A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.

Read full review

Vincent Romney

Director of Information Security at Younique, LLC

Pivotal for SOX and Sarbanes-Oxley compliance as well as security in AWS, but needs work on the application layer side

It certainly has a lot of capabilities and we're not using much of what it can do. That's something that, as we mature as an organization, we'll expand into. The one thing that we know they're working on, but we don't have through the tool, is the application layer. As we move to a serverless environment, with AWS Fargate or direct Lambda, that's where Threat Stack does not have the capacity to provide feed. Those are areas that it's blind to now, so that's the biggest area for improvement. They're currently looking at changing that with an acquisition, but as it stands right now, that's the only spot that I consider weak.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's helped free up staff time so that they can work on other projects."

"The management console is highly intuitive to comprehend and operate."

"The compliance monitoring feature of SentinelOne Singularity Cloud Security gives us a report with a compliance score to ensure we meet certain regulatory standards."

"As a frequently audited company, we value SentinelOne Singularity Cloud Security's compliance monitoring features. They give us a report with a compliance score for how well we meet certain regulatory standards, like HIPAA. We can show our compliance as a percentage. It's also a way to show that we are serious about security."

"Cloud Native Security is user-friendly. Everything in the Cloud Native Security tool is straightforward, including detections, integration, reporting, etc. They are constantly improving their UI by adding plugins and other features."

"The solution's most valuable features are its ability to detect vulnerabilities inside AWS resources and its ability to rescan after a specific duration set by the administrator."

"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."

"The user interface is well-designed and easy to navigate."

More SentinelOne Singularity Cloud Security pros

"It helps us detect brute-force attacks based on machine learning."

"The correlation back end is the solution's most valuable feature."

"AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten."

"GuardDuty is extensive in terms of configuration and security compliance."

"With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks."

"GuardDuty's comprehensive threat detection does not only monitor data - it also detects a wide range of security threats."

"The out-of-band malware detection from the EBS volumes. It's really cool. No agents or anything needed, it automatically finds and correlates based on malware."

"One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS."

More AWS GuardDuty pros

"It is scalable. It deploys easily with curl and yum."

"The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in production... We're constantly monitoring to make sure that no one is violating that. Threat Stack is what allows us to do that."

"Technical support is very helpful."

"Threat Stack has connectivity."

"An important feature of this solution is monitoring. Specifically, container monitoring."

"It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts... We just went through a SOX audit and those were pivotal."

"Every other security tool we've looked is good at containers, or at Kubernetes, is good at AWS, or at instance monitoring. But nobody is good at tying all of those things together, and that's really where Threat Stack shines."

"There has been a measurable decrease in the meantime to remediation... because we have so many different tech verticals already collated in one place, our ability to respond is drastically different than it used to be."

More Threat Stack Cloud Security Platform [EOL] pros

Cons

"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."

"SentinelOne Singularity Cloud Security could be improved with easier integrations to the Singularity Data Lake, particularly for various vendors."

"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."

"I would like additional integrations."

"The area of improvement is the cost, which is high compared to other traditional endpoint protections."

"SentinelOne Singularity Cloud Security is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see SentinelOne Singularity Cloud Security develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."

"I'd like to see better onboarding documentation."

"It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better."

More SentinelOne Singularity Cloud Security cons

"Some of the pain points in Amazon GuardDuty was the cost. When compared to some of the other services, depending on how many we had to monitor, if we had a huge range of accounts, as our accounts increased, we had a cost factor that came into play. Sometimes there were issues, for example, with findings that came up, we wanted to add notes and there were issues back then where notes couldn't be entered properly. If we wanted to leave a note such as "Okay, we have assessed this and this is how we feel", or "This is a false positive", Amazon GuardDuty wasn't allowing us to do that. Even with the suppression of certain findings, there was some issue that we had faced at one time. Those were some of the pain points of the solution."

"GuardDuty is limited to AWS environments."

"While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved."

"Amazon GuardDuty could be better enriched in threat intelligence data."

"I think that some detections in container environments such as container runtime, and on services such as AWS container service, Fargate service or EKS service could be improved."

"AWS GuardDuty sometimes shows false positives and should have better detection accuracy."

"Cost changes. It's very expensive. If you turn on every feature, it's more than most commercial vendors. For smaller orgs, that doesn't make sense."

"There is currently no consolidated dashboard for AWS GuardDuty. It would be helpful if they could provide a dashboard based on severity levels (high, medium, low) and offer insights account-wise, especially for users utilizing automation structures."

More AWS GuardDuty cons

"It shoots back a lot of alerts."

"The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead."

"The one thing that we know they're working on, but we don't have through the tool, is the application layer. As we move to a serverless environment, with AWS Fargate or direct Lambda, that's where Threat Stack does not have the capacity to provide feed. Those are areas that it's blind to now..."

"They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter."

"The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area... The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there."

"The user interface can be a little bit clunky at times... There's a lot of information that needs to be waded through, and the UI just isn't great."

"I would like further support of Windows endpoint agents or the introduction of support for Windows endpoint agents."

"The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it."

More Threat Stack Cloud Security Platform [EOL] cons

Pricing and Cost Advice

"It's a fair price for what you get. We are happy with the price as it stands."

"The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments."

"It's not cheap, but it is worth the price."

"It is cost-effective compared to other solutions in the market."

"PingSafe is affordable."

"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."

"SentinelOne Singularity Cloud Security is costly."

"It was reasonable pricing for me."

More SentinelOne Singularity Cloud Security pricing and cost advice

"The tool's licensing model is pay-as-you-go."

"Pricing is determined by the number of events sent."

"The tool has no subscription charges."

"It can get very expensive. If you turn on every feature, it can turn into hundreds of thousands of dollars."

"GuardDuty only enables accounts in regions where you have an active workload. If there are places where you don't have an active workload, you wouldn't even enable them. That's one area where they could allow you to cut down your cost."

"I don't have all the details in terms of licensing for Amazon GuardDuty, but my organization does have a license set up for it."

"I have heard that the solution's price is quite high."

"The pricing model is pay as you go and is based on the number of events per month."

More AWS GuardDuty pricing and cost advice

"It is a cost-effective choice versus other solutions on the market."

"What we're paying now is somewhere around $15 to $20 per agent per month, if I recall correctly. The other cost we have is SecOps."

"It came in cheaper than Trend Micro when we purchased it a few years ago."

"We find the licensing and pricing very easy to understand and a good value for the services provided."

"Pricing seems to be in line with the market structure. It's fine."

"It is very expensive compared to some other products. The pricing is definitely high."

"I'm happy with the amount that we spend for the product that we get and the overall service that we get. It's not cheap, but I'm still happy with the spend."

See which vendors are best for you

Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.

See recommendations

862,077 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

16%

Computer Software Company

14%

Manufacturing Company

Government

Computer Software Company

18%

Real Estate/Law Firm

14%

Manufacturing Company

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

See all answers

What is your experience regarding pricing and costs for PingSafe?

I don't handle the price part, but it isn't more expensive than Palo Alto Prisma Cloud. It's not cheap, but it is wor...

See all answers

What needs improvement with PingSafe?

There is scope for more application security posture management features. Additionally, the runtime protection needs ...

See all answers

What do you like most about Amazon GuardDuty?

With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavi...

See all answers

What is your experience regarding pricing and costs for Amazon GuardDuty?

I don't worry much about the pricing, but I think it is a good price for what they deliver. This cost is cheaper beca...

See all answers

What needs improvement with Amazon GuardDuty?

I think that some detections in container environments such as container runtime, and on services such as AWS contain...

See all answers

Ask a question

Earn 20 points

Comparisons

Wiz vs SentinelOne Singularity Cloud Security

Compared 20% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 16% of the time

Microsoft Defender for Cloud vs SentinelOne Singularity Cloud Security

Compared 7% of the time

Check Point CloudGuard CNAPP vs SentinelOne Singularity Cloud Security

Compared 5% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 4% of the time

More SentinelOne Singularity Cloud Security Competitors

Microsoft Defender for Cloud vs AWS GuardDuty

Compared 49% of the time

CrowdStrike Falcon Cloud Security vs AWS GuardDuty

Compared 13% of the time

Wiz vs AWS GuardDuty

Compared 10% of the time

Prisma Cloud by Palo Alto Networks vs AWS GuardDuty

Compared 6% of the time

Check Point CloudGuard CNAPP vs AWS GuardDuty

Compared 2% of the time

More AWS GuardDuty Competitors

Microsoft Defender for Cloud Apps vs Threat Stack Cloud Security Platform [EOL]

Compared 30% of the time

Netskope vs Threat Stack Cloud Security Platform [EOL]

Compared 25% of the time

Cisco IOS Security vs Threat Stack Cloud Security Platform [EOL]

Compared 23% of the time

BMC Helix Cloud Security vs Threat Stack Cloud Security Platform [EOL]

Compared 23% of the time

More Threat Stack Cloud Security Platform [EOL] Competitors

Product Reports

Buyer's Guide

SentinelOne Singularity Cloud Security

June 2025

SentinelOne Singularity Cloud Security report

Download SentinelOne Singularity Cloud Security product report

Buyer's Guide

AWS GuardDuty

July 2025

Download AWS GuardDuty product report

Buyer's Guide

Threat Stack Cloud Security Platform [EOL]

June 2025

Threat Stack Cloud Security Platform [EOL] report

Download Threat Stack Cloud Security Platform [EOL] product report

Also Known As

PingSafe

No data available

Threat Stack, CSP,

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

SentinelOne

Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.

Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.

GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.

GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.

Users can access GuardDuty via:

AWS SDKs: Amazon provides users with several software development kits (SDKs) that are made up of libraries and sample code of numerous popular programming languages and platforms, such as Android, iOS, Java, .Net, Python, and Ruby. The SDKs make it easier to develop programmatic access to GuardDuty.
GuardDuty HTTPS API: This allows users to issue HTTPS requests directly to the service.
GuardDuty Console: This is a browser-based intuitive dashboard interface where users can access and use GuardDuty.

Amazon Elastic Kubernetes Service (Amazon EKS)

Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).

When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.

Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.

As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.

Amazon Simple Cloud Storage (S3) Protection

Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.

Reviews from Real Users

“The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services

Amazon Web Services (AWS)

Threat Stack Cloud Security Platform [EOL] offers robust security features including endpoint monitoring, rule customization, and integration capabilities, with easy connectivity to cloud services like Docker and AWS.

Threat Stack Cloud Security Platform [EOL] provides tools for enhancing security visibility across cloud infrastructure. It supports AWS and Docker integration, facilitating efficient threat detection and management. Users appreciate its capability to configure customizable alerts and monitor endpoints, sessions, API interactions, and cloud services. However, there are areas needing improvement, such as better serverless environment support and reduced alert frequency. The platform services smaller organizations by compensating for limited security resources with its comprehensive monitoring and auditing tools.

What are the key features?

Easy Cloud Service Integration: Streamlined connectivity with Docker and AWS for efficient monitoring.
Customizable Rule Sets: Tailor security rules to meet specific organizational needs.
Email Alerts: Receive timely notifications about security events and threats.
Interactive Session Monitoring: Track live sessions for suspicious activities.
API Integration: Connect effortlessly with third-party tools for an enhanced security posture.
SecOps Support: Assistance for organizations lacking dedicated security teams.

What are the benefits and ROI features?

Streamlined Threat Detection: Effective process monitoring to identify potential threats.
Cost Efficiency: Serves companies with limited resources by providing essential security functions.
Comprehensive Audits: Helps in regular examinations of cloud infrastructure, enhancing compliance.
Visibility into Cloud Operations: Offers a detailed dashboard for threat visibility and monthly vulnerability assessments.

In specific industries, Threat Stack Cloud Security Platform [EOL] is utilized for its strength in monitoring cloud infrastructure and preventing unauthorized access. Organizations in fields where cloud operations are critical use it for regular audits and monitoring. Its capabilities in threat management are leveraged to maintain secure operations and compliance, especially where there is no dedicated security team.

Sample Customers

Information Not Available

autodesk, mapbox, fico, webroot

StatusPage.io, Walkbase, Spanning, DNAnexus, Jobcase, Nextcapital, Smartling, Veracode, 6sense

Buyer's Guide

Cloud Workload Protection Platforms (CWPP)

June 2025

Download Free Report

Find out what your peers are saying about Wiz, Microsoft, Amazon Web Services (AWS) and others in Cloud Workload Protection Platforms (CWPP). Updated: June 2025.

DOWNLOAD NOW

862,077 professionals have used our research since 2012.

See our list of best Cloud Workload Protection Platforms (CWPP) vendors.

We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.