AWS GuardDuty Reviews

Name: AWS GuardDuty
Brand: Amazon Web Services (AWS)
Rating: 4.0 (21 reviews)

4.0 out of 5

21 reviews
90% willing to recommend

275 followers

What is AWS GuardDuty?

Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.

Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.

GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.

Get the AWS GuardDuty Buyer's Guide and find out what your peers are saying about AWS GuardDuty, Wiz, Microsoft Defender for Cloud and more!

AWS GuardDuty is the #5 ranked solution in Cloud Workload Protection Platforms. PeerSpot users give AWS GuardDuty an average rating of 8.0 out of 10. Based on the analysis of the 21 most recent AWS GuardDuty reviews, the overall sentiment is positive, with a sentiment score of 7.8. AWS GuardDuty is most commonly compared to Wiz: AWS GuardDuty vs Wiz. AWS GuardDuty is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.

Helped 816,406 peers since 2012

Featured reviews

Betika Brandon

Cloud Engineer at Epsilon

AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten. The solution's machine learning capabilities help identify threats by continuously collecting data such as IP addresses, user agents, API calls, and network traffic patterns. This data is used to train machine learning models, which can then identify normal activity patterns and detect variations that indicate security threats. AWS GuardDuty is crucial in identifying security threats in the AWS environment.

Read full review

Agron Demiraj

Cloud System Specialist at a financial services firm with 51-200 employees

It helps us detect brute-force attacks based on machine learning. It alerts the security team for possible attacks as well The product detects 100% brute force attacks using all legitimate testing methods. It gives the exact source IP of the attacks. The product's most valuable feature is…

Read full review

Pratik-Savla

Security and Compliance Architect at a manufacturing company with 1,001-5,000 employees

Because it's a threat detection service, they need to keep up with the various threat factors because new threat factors and attack factors come up all the time. Sometimes they may detect a certain behavior. But if that behavior morphs into something else, GuardDuty may not pick up on that specifically if something new comes up which hasn't been found or uncovered before. If Amazon doesn't update the service to reflect that or address that or factor that in, it may not detect the threat. The end user then is obviously at the mercy of whatever it flags. GuardDuty must ensure they cover everything, including the latest threats.

Read full review

AWS GuardDuty mindshare

As of November 2024, the mindshare of AWS GuardDuty in the Cloud Workload Protection Platforms (CWPP) category stands at 9.9%, down from 10.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cloud Workload Protection Platforms (CWPP)

Key learnings from peers

Last updated Nov 20, 2024

Valuable Features

AWS GuardDuty's most valuable features include threat detection across multiple AWS accounts, seamless data collection from CloudTrail and VPC Flow Logs, and effective alert mechanisms. It excels in monitoring for malicious activities and integrates deeply with AWS services, providing S3 protection, EKS runtime protection, and malware detection. The automated, machine learning-driven anomaly detection offers timely notifications, aiding in threat identification and remediation. Users appreciate its ease of use and comprehensive coverage of AWS resources.

"GuardDuty is extensive in terms of configuration and security compliance."
"GuardDuty is extensive in terms of configuration and security compliance."
"AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten."

Room for Improvement

AWS GuardDuty requires enhancements like a mobile version, a comprehensive dashboard for visual security layers, and better integration with services like QuickSight and AppFlow. Users seek improvements in threat detection, cost efficiency, and automation capabilities. The presentation of findings should be clearer, and reports should offer actionable insights. Enhancing the interface, allowing note-taking on alerts, and addressing false positives are additional needs. Technical support response time and better cost visibility are also desired.

"I would like to see more integration with other AWS provided services."
"The product needs to improve its cost-efficiency since it is expensive."
"There is currently no consolidated dashboard for AWS GuardDuty. It would be helpful if they could provide a dashboard based on severity levels (high, medium, low) and offer insights account-wise, especially for users utilizing automation structures."

ROI

AWS GuardDuty enhances security posture with intelligent threat detection, gaining customer trust and attracting more business. Early threat notifications reduce investigation time, decreasing the risk of incidents or breaches. Users report satisfaction with the system, continuing its use due to its effective threat detection and attack prevention capabilities. GuardDuty's quick notifications improve response times, significantly saving time, aligning with increased return on investment expectations.

Pricing

Enterprise buyers evaluating AWS GuardDuty report a pricing model that's pay-as-you-go, based on usage metrics like gigabytes monitored or events processed. Some find it cost-effective, especially smaller organizations, with prices often ranging from $5 to $50 monthly. The flexibility to enable GuardDuty only in regions with active workloads helps manage costs. While some users rate the pricing moderately expensive compared to functionalities, the model ensures organizations pay only for what they use, aiding budget predictability.

"The tool's licensing model is pay-as-you-go."
"80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security."
"It can get very expensive. If you turn on every feature, it can turn into hundreds of thousands of dollars."

Popular Use Cases

Organizations primarily use AWS GuardDuty for monitoring AWS environments, detecting threats, securing cloud infrastructure, and analyzing logs to identify anomalies. It assists with compliance by providing additional login capabilities and fills security gaps with AI-enhanced threat detection. GuardDuty alerts on suspicious activities, unauthorized access, and potential security risks, playing a crucial role in monitoring assets, ensuring data protection, and enhancing the security of AWS infrastructures and applications.

Service and Support

AWS GuardDuty customer service and support are described as responsive and effective. Many users haven't needed to contact support frequently, but those who have report quick resolutions and a variety of contact options like chat and phone. While some experience variability in support quality, enterprise plan holders receive prioritized service. Support is generally rated highly, with comprehensive documentation aiding setup and configuration. Occasional delays occur when connecting with technical staff via phone.

Deployment

AWS GuardDuty's initial setup is generally seen as straightforward and easy, often involving a simple one-touch system. Many users find the deployment process quick, taking just a few minutes. Complexities arise mainly with specific architectural integrations or when employing infrastructure as code. For large organizations managing multiple AWS accounts, the deployment is streamlined by using the master account feature. Overall, minimal technical expertise is needed, making deployment accessible to various teams.

Scalability

AWS GuardDuty demonstrates notable scalability, effectively supporting organizations transitioning to the cloud. It smoothly accommodates numerous accounts and users, adapting to increased data and network changes. Users find it straightforward in AWS environments, with scalability ratings high across various cases. Despite initial challenges, enhancements over time have ensured its ability to handle diverse scaling needs, making it favorable for both small and large-scale deployments without infrastructure concerns.

Stability

AWS GuardDuty is recognized for its stability and dependability, often rated between eight and ten out of ten. Users report minimal outages or downtime. GuardDuty efficiently manages multiple accounts and allows easy delegation of administrative tasks. Users appreciate its reliable performance and integration with other AWS services, although some mention occasional false positives. Many organizations highlight its responsiveness and effectiveness in production environments, confidently comparing it to other platforms like Azure and GCP.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our AWS GuardDuty Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

16%

Manufacturing Company

Government

Healthcare Company

Retailer

Insurance Company

Energy/Utilities Company

Comms Service Provider

University

Educational Organization

Media Company

Transportation Company

Non Profit

Construction Company

Real Estate/Law Firm

Legal Firm

Outsourcing Company

Recreational Facilities/Services Company

Wholesaler/Distributor

Pharma/Biotech Company

Performing Arts

Consumer Goods Company

Logistics Company

Hospitality Company

Sports Company

Marketing Services Firm

Compare AWS GuardDuty with alternative products

Learn more about AWS GuardDuty

GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.

Users can access GuardDuty via:

AWS SDKs: Amazon provides users with several software development kits (SDKs) that are made up of libraries and sample code of numerous popular programming languages and platforms, such as Android, iOS, Java, .Net, Python, and Ruby. The SDKs make it easier to develop programmatic access to GuardDuty.
GuardDuty HTTPS API: This allows users to issue HTTPS requests directly to the service.
GuardDuty Console: This is a browser-based intuitive dashboard interface where users can access and use GuardDuty.

Amazon Elastic Kubernetes Service (Amazon EKS)

Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).

When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.

Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.

As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.

Amazon Simple Cloud Storage (S3) Protection

Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.

Reviews from Real Users

“The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services