Try our new research platform with insights from 80,000+ expert users

AWS GuardDuty vs Threat Stack Cloud Security Platform [EOL] comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 29, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Container Security (3rd), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
AWS GuardDuty
Average Rating
8.2
Reviews Sentiment
7.9
Number of Reviews
22
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (3rd)
Threat Stack Cloud Security...
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Terence Dube - PeerSpot reviewer
Comprehensive threat detection simplifies security management
GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be useful, including more granular details in findings, such as specific user actions or historical comparisons, would be beneficial. Furthermore, managing global AWS environments requires setting up additional tools for viewing GuardDuty findings across multiple regions. A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.
SC
SecOps program for us, as a smaller company, is amazing; they know what to look for
They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter. Even as part of the SecOps Program, that could be helpful; a quick analysis. They're analyzing our whole infrastructure and saying, "You have one VPC and that doesn't make a lot of sense, that should be multiple VPCs and here's why." The architecture of the servers in whatever cloud-hosting provider you're on could be helpful. Other than that, they should continue to expand on their notifications and on what's a vulnerability. They do a great job of that and we want them to continue to do that. It would be cool, since the agent is already deployed and they know about the server, they know the IP address, and they know what vulnerability is there, for them to test the vulnerability and see if they can actually exploit it. Or, once we patch it, they could double-check that it can't be. I don't know how hard that would be to build. Thinking on it off the top off my head, it could be a little challenging but it could also be highly interesting. It would also be great if we could test a couple of other features like hammering a server with 100 login attempts and see what happens. Real test scenarios could be really helpful. That is probably more something close to what they do with the SOC 2 audit or the report. But more visualization of that, being able to test things out on our infrastructure to make sure we can or can't hit this box could be interesting.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features are automated threat response, AI detection, and static and dynamic detection."
"Visibility is the most important aspect."
"SentinelOne Singularity Cloud Security is excellent, and I highly recommend it."
"SentinelOne is far superior to our previous solution, Accops, due to its seamless updates, effortless maintenance, and user-friendly interface and dashboard."
"Singularity Cloud Workload Security provides us with better security detection and more visibility. It is another resource that we can use to detect vulnerabilities in our company's systems. For example, it can help us detect new file processes that we are not familiar with, which could be used by attackers to exploit our systems. Singularity Cloud Workload Security can also help us diagnose and analyze data to determine whether it is malicious or not. Singularity Cloud Workload Security is like another pair of eyes that can help us protect our systems from cyberattacks."
"The most valuable aspect of Singularity Cloud Security is its unified dashboard."
"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub."
"GuardDuty is extensive in terms of configuration and security compliance."
"It is a highly scalable solution since it is a service by AWS. Scalability-wise, I rate the solution a ten out of ten."
"The product has automated protection powered by AI/ML, which is now far more powerful than before. It uses AI/ML in its detection algorithm, providing fast and quick results."
"What I like most about Amazon GuardDuty is that you can monitor your AWS accounts across, but you don't have to pay the additional cost. You can get all your CloudTrail VPC flow logs and DNS logs all in one, and then you get the monitoring with that. A lot of times, if you had a separate tool on-premise, you would have to set up your DNS logs, so usually, Amazon GuardDuty helps with all your additional networking requirements, so I utilize it for continuous monitoring because you can't detect anything if you're not monitoring, and the solution fills that gap. If you don't do anything else first, you can deploy your firewall, and then you've got your Route 53 DNS and DNSSEC, but then Amazon GuardDuty fills that, and then you have audit requirements in AU that says, "Hey, what are your additional logs?", so you can just say, "Hey, we utilize Amazon GuardDuty." You're getting your CloudTrail, your VPC flow logs, and all your DNS logs, and those are your additional logs right there, so the solution meets a lot of requirements. Now, everything comes with a cost, but I also like that the solution also provides threat response and remediation. It's a pretty good product. I've just used it more for log analysis and that's where the value is at, the niche value. Once you do threat detection, it goes into a lot of other integrations you need to implement, so threat detection is only good as the integration, as the user that knows the tools itself, and the architecture and how it's all set up and the rules that you set within that."
"GuardDuty's comprehensive threat detection does not only monitor data - it also detects a wide range of security threats."
"The solution provides AWS GuardDuty S3 protection, EKS runtime protection, and malware protection."
"We have over 1,000 employees, and we monitor their activity through AWS GuardDuty."
"One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS."
"Every other security tool we've looked is good at containers, or at Kubernetes, is good at AWS, or at instance monitoring. But nobody is good at tying all of those things together, and that's really where Threat Stack shines."
"An important feature of this solution is monitoring. Specifically, container monitoring."
"The rules are really great. They give us more visibility and control over what's being triggered. There's a large set of rules that come out-of-the-box. We can customize them and we can create our own rules based on the traffic patterns that we see."
"The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in production... We're constantly monitoring to make sure that no one is violating that. Threat Stack is what allows us to do that."
"With Threat Stack, we quickly identified some AWS accounts which had services that would potentially be exposed and were able to remediate them prior to release of products."
"Threat Stack has connectivity."
"It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts... We just went through a SOX audit and those were pivotal."
"Technical support is very helpful."
 

Cons

"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"One potential drawback is the cost of SentinelOne Singularity Cloud Security, which may be prohibitive for smaller businesses or startups, particularly those in regions with lower average incomes, such as India."
"They can add more widgets to its dashboard. A centralized dashboard with numerous metrics would improve user understanding."
"There's room for improvement in the graphic explorer."
"Whenever I view the processes and the process aspect, it takes a long time to load."
"In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of critical severity, whereas they are not critical or of high severity. There is a mismatch of severities. They need to work on severity management."
"When we request any changes, they must be reflected in the next update."
"The area of improvement is the cost, which is high compared to other traditional endpoint protections."
"One improvement I would suggest for AWS GuardDuty is the ability to assign findings to specific users or groups, facilitating better communication and follow-up actions."
"I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use."
"GuardDuty is limited to AWS environments."
"AWS GuardDuty needs to be more customer-oriented."
"Cost changes. It's very expensive. If you turn on every feature, it's more than most commercial vendors. For smaller orgs, that doesn't make sense."
"Improvement-wise, Amazon GuardDuty should have an overall dashboard analytics function so we could see what's in the current environment, and then in addition to that, provide best practices and recommendations, particularly to provide some type of observability, and then figure out the login side of it, based on our current environment, in terms of what we're not monitoring and what we should monitor. The solution should also give us a sample code configuration to implement that added feature or feature request. What I'd like to see in the next release of Amazon GuardDuty are more security analytics, reporting, and monitoring. They should provide recommendations and additional options that answer questions such as "Hey, what can we see in our environment?", "What should we implement within the environment?", What's recommended?" We know that cost will always be associated with that, but Amazon GuardDuty should show us the increased costs or decreased costs if we implement it or don't implement it, and that would be a good feature request, particularly with all products within AWS, just for cloud products in general because there are times features are implemented, but once they're deployed, they don't tell you about costs that would be generated along with those features. After features are deployed, there should a summary of the costs that would be generated, and projected based on current usage, so they would give us the option to figure out how long we're going to use those features and the option to keep those on or turn those off. If more services were like that, a lot more people would use those on the cloud."
"An improvement would be to have a mobile version where remote workers can log in and monitor and fix issues."
"While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved."
"It shoots back a lot of alerts."
"The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead."
"I would like further support of Windows endpoint agents or the introduction of support for Windows endpoint agents."
"They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter."
"The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area... The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there."
"The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it."
"The user interface can be a little bit clunky at times... There's a lot of information that needs to be waded through, and the UI just isn't great."
"The compliance and governance need improvement."
 

Pricing and Cost Advice

"It is cheap."
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."
"It is cost-effective compared to other solutions in the market."
"PingSafe is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less."
"While I'm slightly out of touch with pricing, I know SentinelOne is much cheaper than other products."
"It was reasonable pricing for me."
"PingSafe is priced reasonably for our workload."
"Pricing is determined by the number of events sent."
"I prefer to have something on demand for myself. That's why I haven't been paying for GuardDuty specifically. AWS provides a wide range of offerings, especially in the security area."
"The platform is inexpensive."
"In terms of the costs associated with Amazon GuardDuty, it was $1 per GB from what I recall. Pricing was based on per gigabyte. For example, for the first five hundred gigabytes per month, it'll be $1 per GB, so it'll be $500. If your usage was greater, there's another bracket, for example, the next two thousand GB, then there's an add-on cost of 50 cents per GB. That's how Amazon GuardDuty pricing slowly goes up. I can't remember if there was any kind of additional cost apart from standard licensing for the solution. Nothing else that at least comes to mind. What the service was charging was worth it. That was one good thing when using Amazon GuardDuty because my company could be in a certain tier for a certain period. My company wasn't under a licensing model where it could overestimate its usage and under-utilize its usage and pay much more. This was what made the pricing model for Amazon GuardDuty better."
"80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security."
"It can get very expensive. If you turn on every feature, it can turn into hundreds of thousands of dollars."
"The tool has no subscription charges."
"The tool's licensing model is pay-as-you-go."
"It came in cheaper than Trend Micro when we purchased it a few years ago."
"It is a cost-effective choice versus other solutions on the market."
"Pricing seems to be in line with the market structure. It's fine."
"We find the licensing and pricing very easy to understand and a good value for the services provided."
"I'm happy with the amount that we spend for the product that we get and the overall service that we get. It's not cheap, but I'm still happy with the spend."
"It is very expensive compared to some other products. The pricing is definitely high."
"What we're paying now is somewhere around $15 to $20 per agent per month, if I recall correctly. The other cost we have is SecOps."
report
Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
8%
Government
6%
Computer Software Company
20%
Real Estate/Law Firm
11%
Manufacturing Company
10%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
What do you like most about Amazon GuardDuty?
With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavi...
What is your experience regarding pricing and costs for Amazon GuardDuty?
GuardDuty is very cheap and operates on a pay-as-you-go basis. It's priced around a dollar per million requests, maki...
What needs improvement with Amazon GuardDuty?
GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be usef...
Ask a question
Earn 20 points
 

Also Known As

PingSafe
No data available
Threat Stack, CSP,
 

Overview

 

Sample Customers

Information Not Available
autodesk, mapbox, fico, webroot
StatusPage.io, Walkbase, Spanning, DNAnexus, Jobcase, Nextcapital, Smartling, Veracode, 6sense
Find out what your peers are saying about Wiz, Microsoft, Amazon Web Services (AWS) and others in Cloud Workload Protection Platforms (CWPP). Updated: March 2025.
845,406 professionals have used our research since 2012.