AWS GuardDuty Reviews

We are only using it for a client's requirements; we are simply building it and selling it to the client.

Amazon GuardDuty is used on private infrastructure for our clients. The application is not publicly accessible; it is hosted internally.

GuardDuty has been used to set the CloudWatch alarms. Assume that both scans are detected, or something similar, we have just enabled CloudWatch alarms for those use cases so that any such use case is detected. The alert will be triggered, and we have configured and integrated Amazon GuardDuty with all of the other seven accounts to have the central HPU.

The correlation back end is the solution's most valuable feature. Like in the backend, it is collecting all the data, which I think is pretty interesting, and coordinating everything, which is another good thing.

While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved.

For example, suppose you want to know when an alert is sent to your mailbox. The information is in JSON format. It would be helpful if that could be sent to the mailbox in a human-readable format.

I believe it can be improved in a variety of ways. If we can build our own use cases instead of using Microsoft Sentinel alone, that would be ideal.

I have been using Amazon GuardDuty for two to three years.

I have used it for the last 12 months.

Amazon GuardDuty is a stable product.

Amazon GuardDuty is scalable.

We have not had any issues that required us to contact the GuardDuty AWS vendor. It's straightforward and effective.

The initial setup is straightforward. We simply click on the app, and that's it.

The deployment can be done in a few minutes. We don't have to spend a lot of time there. It will take some time, to integrate everything one by one, which is why we did it manually, otherwise everything else was straightforward.

Pricing is determined by the number of events sent. It's fine, and it's not a problem from our perspective.

My recommendation is to go for the master setup that will be beneficial to you.

There are some limitations where we cannot modify use cases to meet our needs; we must do additional work, such as setting up CloudWatch alarms and SNS, and things are not patched. There are some restrictions. I'll just suggest that you have some skilled resources with patching knowledge.

It's good, I would rate Amazon GuardDuty a seven out of ten.

Amazon GuardDuty is an AWS Managed Service. The product finds information related to potential security risks and detects our environment related findings. It is a service that helps administrators find anomalies in their environment, rectify those issues and make the environment more secure and safe.

For example, consider some S3 buckets; we have X server access login disabled and certain configurations which are recommended that we are not following that are certain IAM user regulates such as monitoring from the background. Amazon GuardDuty will give us anomaly data for that particular IAM user, advising that certain activity was suspicious.

In our environment, the most valuable feature is discovering the anomalous sign users because we have configured single sign-on in our environment, but there are some IAM users. Since our environment is cloud-based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing. Finding anything suspicious with AWS recommendations is helpful.

Amazon GuardDuty is limited to certain services. The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA. By being integrated with these services, it would be handy for users and save time.

I have been using Amazon GuardDuty for six months.

Amazon GuardDuty is service based not user-based. I can have a number of users in my system because the user management is turning the different services in AWS AIM direct access management.

We have four users of the solution. It is used by system administrators, cloud administrators, and architects. 

Amazon GuardDuty is an extra security measure. We have other security measures also implemented in our environment, such as our on-premise environment and network related securities. 

The initial setup of Amazon GuardDuty is fairly easy without much complexity.

Licensing of GuardDuty is part of the AWS license. The pricing model is pay as you go and is based on the number of events per month. When you first look at the price it seems reasonable but if you look at it holistically the cost can be improved.

At a very basic level, Amazon GuardDuty is a good tool. If you are looking for advanced security that would provide higher checks to secure their environment, this may not be enough. 

Certain checks only related to the AWS environment are good, but if you are integrated with other services like Salesforce or MuleSoft it is not a good solution.

I would rate GuardDuty a six out of 10 overall. 

My company uses AWS GuardDuty to develop the software and provide services to clients. I use the solution to monitor the service on the AWS workload or AWS instance and monitor threats or vulnerabilities.

AWS GuardDuty is easy to use and configure. I use AWS GuardDuty to check whether we are under attack or not. The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action.

I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use. The operation team can use a single desktop to monitor.

I have been using AWS GuardDuty for less than one month.

In my department, around seven to eight users are using AWS GuardDuty.

I previously used Google Cloud for three to four years. AWS GuardDuty has more features and can be customized more than Google Cloud.

I have heard that the solution's price is quite high. Sometimes, they need to fine-tune the service on AWS. For example, Amazon Simple Storage Service (S3) is used for static content because it is cheaper.

Overall, I rate AWS GuardDuty an eight out of ten.

We have over 1,000 employees, and we monitor their activity through AWS GuardDuty.

The solution's user interface could be improved because it will help users to understand multiple options. Currently, we have multiple options on AWS GuardDuty, which may confuse new users.

I have been using AWS GuardDuty for two years.

We faced some issues with AWS GuardDuty because sometimes we don't get proper loss from the solution.

I rate the solution an eight out of ten for stability.

I rate the solution ten out of ten for scalability.

The solution’s initial setup is not very difficult.

We have a whole bunch of information on various things in AWS GuardDuty.

Overall, I rate the solution a nine out of ten.

The main use cases of GuardDuty, when combined with AWS Security, are to offer in-depth security issue detection, such as identifying brute force attacks or unauthorized SSH attempts into your infrastructure, as well as other anomalous behaviors. GuardDuty serves as a threat detection and intelligence service.

GuardDuty is extensive in terms of configuration and security compliance. It integrates with threat detection, offering end-to-end visibility. The best thing is that it notifies you immediately when something goes wrong, allowing quick response to threats. Our infrastructure is continuously monitored, safeguarding it against threats. Even internal threats are easy to identify. AWS monitors user behavior, which helps detect compromised credentials.

I would like to see more integration with other AWS provided services. Currently, GuardDuty provides integrations with RDS and S3, however, further integration with services like API Gateway would be beneficial.

I have been using GuardDuty for more than a year.

The stability of GuardDuty is extremely reliable. There is no downtime, and it has proven to be very dependable.

You don't have to scale it or worry about the infrastructure or the security service being down. It remains consistent in its performance.

We have never felt the need to escalate any questions to the technical support about GuardDuty.

Positive

Before GuardDuty, I worked with Microsoft and used their cloud workload protection solution, Microsoft Defender. While it is more detailed and extensive, the UI and UX of Microsoft Defender are tricky and not as user-friendly as AWS, which prompted the switch.

The initial setup of GuardDuty was straightforward. The only prerequisite was having Security Hub enabled; from there, it was just a few clicks.

The ROI is now improved. I don't have those details. Overall, the average time saved is significant. AWS notifies quickly, which improves response time.

Once you configure GuardDuty clearly based on your organization's needs, it operates in a setup-and-forget mode. On a scale of one to ten, I would rate GuardDuty as an eight.