Try our new research platform with insights from 80,000+ expert users
Subhada Shubhalaxmi - PeerSpot reviewer
Security Consultant at EY GDS
Real User
Collects and coordinates data, but the modification of use cases has limitations
Pros and Cons
  • "The correlation back end is the solution's most valuable feature."
  • "While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved."

What is our primary use case?

We are only using it for a client's requirements; we are simply building it and selling it to the client.

Amazon GuardDuty is used on private infrastructure for our clients. The application is not publicly accessible; it is hosted internally.

GuardDuty has been used to set the CloudWatch alarms. Assume that both scans are detected, or something similar, we have just enabled CloudWatch alarms for those use cases so that any such use case is detected. The alert will be triggered, and we have configured and integrated Amazon GuardDuty with all of the other seven accounts to have the central HPU.

What is most valuable?

The correlation back end is the solution's most valuable feature. Like in the backend, it is collecting all the data, which I think is pretty interesting, and coordinating everything, which is another good thing.

What needs improvement?

While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved.

For example, suppose you want to know when an alert is sent to your mailbox. The information is in JSON format. It would be helpful if that could be sent to the mailbox in a human-readable format.

I believe it can be improved in a variety of ways. If we can build our own use cases instead of using Microsoft Sentinel alone, that would be ideal.

For how long have I used the solution?

I have been using Amazon GuardDuty for two to three years.

I have used it for the last 12 months.

Buyer's Guide
AWS GuardDuty
November 2024
Learn what your peers think about AWS GuardDuty. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

What do I think about the stability of the solution?

Amazon GuardDuty is a stable product.

What do I think about the scalability of the solution?

Amazon GuardDuty is scalable.

How are customer service and support?

We have not had any issues that required us to contact the GuardDuty AWS vendor. It's straightforward and effective.

How was the initial setup?

The initial setup is straightforward. We simply click on the app, and that's it.

The deployment can be done in a few minutes. We don't have to spend a lot of time there. It will take some time, to integrate everything one by one, which is why we did it manually, otherwise everything else was straightforward.

What's my experience with pricing, setup cost, and licensing?

Pricing is determined by the number of events sent. It's fine, and it's not a problem from our perspective.

What other advice do I have?

My recommendation is to go for the master setup that will be beneficial to you.

There are some limitations where we cannot modify use cases to meet our needs; we must do additional work, such as setting up CloudWatch alarms and SNS, and things are not patched. There are some restrictions. I'll just suggest that you have some skilled resources with patching knowledge.

It's good, I would rate Amazon GuardDuty a seven out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Hemant Paralkar - PeerSpot reviewer
Lead Consultant at Saama
Real User
Helps administrators find anomalies but is limited to certain services
Pros and Cons
  • "Since our environment is cloud based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing."
  • "The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA."

What is our primary use case?

Amazon GuardDuty is an AWS Managed Service. The product finds information related to potential security risks and detects our environment related findings. It is a service that helps administrators find anomalies in their environment, rectify those issues and make the environment more secure and safe.

For example, consider some S3 buckets; we have X server access login disabled and certain configurations which are recommended that we are not following that are certain IAM user regulates such as monitoring from the background. Amazon GuardDuty will give us anomaly data for that particular IAM user, advising that certain activity was suspicious.

What is most valuable?

In our environment, the most valuable feature is discovering the anomalous sign users because we have configured single sign-on in our environment, but there are some IAM users. Since our environment is cloud-based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing. Finding anything suspicious with AWS recommendations is helpful.

What needs improvement?

Amazon GuardDuty is limited to certain services. The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA. By being integrated with these services, it would be handy for users and save time.

For how long have I used the solution?

I have been using Amazon GuardDuty for six months.

What do I think about the scalability of the solution?

Amazon GuardDuty is service based not user-based. I can have a number of users in my system because the user management is turning the different services in AWS AIM direct access management.

We have four users of the solution. It is used by system administrators, cloud administrators, and architects. 

Which solution did I use previously and why did I switch?

Amazon GuardDuty is an extra security measure. We have other security measures also implemented in our environment, such as our on-premise environment and network related securities. 

How was the initial setup?

The initial setup of Amazon GuardDuty is fairly easy without much complexity.

What's my experience with pricing, setup cost, and licensing?

Licensing of GuardDuty is part of the AWS license. The pricing model is pay as you go and is based on the number of events per month. When you first look at the price it seems reasonable but if you look at it holistically the cost can be improved.

What other advice do I have?

At a very basic level, Amazon GuardDuty is a good tool. If you are looking for advanced security that would provide higher checks to secure their environment, this may not be enough. 

Certain checks only related to the AWS environment are good, but if you are integrated with other services like Salesforce or MuleSoft it is not a good solution.

I would rate GuardDuty a six out of 10 overall. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
AWS GuardDuty
November 2024
Learn what your peers think about AWS GuardDuty. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
reviewer2333235 - PeerSpot reviewer
IT Controller at a outsourcing company with 11-50 employees
Real User
Top 20
An easy-to-use and easy-to-configure solution that helps monitor threats or vulnerabilities
Pros and Cons
  • "The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action."
  • "I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use."

What is our primary use case?

My company uses AWS GuardDuty to develop the software and provide services to clients. I use the solution to monitor the service on the AWS workload or AWS instance and monitor threats or vulnerabilities.

What is most valuable?

AWS GuardDuty is easy to use and configure. I use AWS GuardDuty to check whether we are under attack or not. The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action.

What needs improvement?

I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use. The operation team can use a single desktop to monitor.

For how long have I used the solution?

I have been using AWS GuardDuty for less than one month.

What do I think about the scalability of the solution?

In my department, around seven to eight users are using AWS GuardDuty.

Which solution did I use previously and why did I switch?

I previously used Google Cloud for three to four years. AWS GuardDuty has more features and can be customized more than Google Cloud.

What's my experience with pricing, setup cost, and licensing?

I have heard that the solution's price is quite high. Sometimes, they need to fine-tune the service on AWS. For example, Amazon Simple Storage Service (S3) is used for static content because it is cheaper.

What other advice do I have?

Overall, I rate AWS GuardDuty an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Haroon-Rasheed - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees
Real User
Top 20
Used to monitor the activity of over 1,000 employees
Pros and Cons
  • "We have over 1,000 employees, and we monitor their activity through AWS GuardDuty."
  • "The solution's user interface could be improved because it will help users to understand multiple options."

What is most valuable?

We have over 1,000 employees, and we monitor their activity through AWS GuardDuty.

What needs improvement?

The solution's user interface could be improved because it will help users to understand multiple options. Currently, we have multiple options on AWS GuardDuty, which may confuse new users.

For how long have I used the solution?

I have been using AWS GuardDuty for two years.

What do I think about the stability of the solution?

We faced some issues with AWS GuardDuty because sometimes we don't get proper loss from the solution.

I rate the solution an eight out of ten for stability.

What do I think about the scalability of the solution?

I rate the solution ten out of ten for scalability.

How was the initial setup?

The solution’s initial setup is not very difficult.

What other advice do I have?

We have a whole bunch of information on various things in AWS GuardDuty.

Overall, I rate the solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Syeda Masarath Zaidi - PeerSpot reviewer
DevOps Engineer at a consultancy with 10,001+ employees
Real User
Top 10
Quick threat detection with immediate notifications and extensive threat monitoring
Pros and Cons
  • "GuardDuty is extensive in terms of configuration and security compliance."
  • "GuardDuty is extensive in terms of configuration and security compliance."
  • "I would like to see more integration with other AWS provided services."

What is our primary use case?

The main use cases of GuardDuty, when combined with AWS Security, are to offer in-depth security issue detection, such as identifying brute force attacks or unauthorized SSH attempts into your infrastructure, as well as other anomalous behaviors. GuardDuty serves as a threat detection and intelligence service.

What is most valuable?

GuardDuty is extensive in terms of configuration and security compliance. It integrates with threat detection, offering end-to-end visibility. The best thing is that it notifies you immediately when something goes wrong, allowing quick response to threats. Our infrastructure is continuously monitored, safeguarding it against threats. Even internal threats are easy to identify. AWS monitors user behavior, which helps detect compromised credentials.

What needs improvement?

I would like to see more integration with other AWS provided services. Currently, GuardDuty provides integrations with RDS and S3, however, further integration with services like API Gateway would be beneficial.

For how long have I used the solution?

I have been using GuardDuty for more than a year.

What do I think about the stability of the solution?

The stability of GuardDuty is extremely reliable. There is no downtime, and it has proven to be very dependable.

What do I think about the scalability of the solution?

You don't have to scale it or worry about the infrastructure or the security service being down. It remains consistent in its performance.

How are customer service and support?

We have never felt the need to escalate any questions to the technical support about GuardDuty.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before GuardDuty, I worked with Microsoft and used their cloud workload protection solution, Microsoft Defender. While it is more detailed and extensive, the UI and UX of Microsoft Defender are tricky and not as user-friendly as AWS, which prompted the switch.

How was the initial setup?

The initial setup of GuardDuty was straightforward. The only prerequisite was having Security Hub enabled; from there, it was just a few clicks.

What was our ROI?

The ROI is now improved. I don't have those details. Overall, the average time saved is significant. AWS notifies quickly, which improves response time.

What other advice do I have?

Once you configure GuardDuty clearly based on your organization's needs, it operates in a setup-and-forget mode. On a scale of one to ten, I would rate GuardDuty as an eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free AWS GuardDuty Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free AWS GuardDuty Report and get advice and tips from experienced pros sharing their opinions.