AWS GuardDuty vs Threat Stack Cloud Security Platform [EOL] comparison

AWS GuardDuty vs. Threat Stack Cloud Security Platform [EOL]

Download the complete report

Helped 831,997 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

SentinelOne Singularity Clo...

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Terence Dube

AWS Cloud Engineer at Standard Telephones and Cables

Comprehensive threat detection simplifies security management

GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be useful, including more granular details in findings, such as specific user actions or historical comparisons, would be beneficial. Furthermore, managing global AWS environments requires setting up additional tools for viewing GuardDuty findings across multiple regions. A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.

Read full review

Skyler Cain

Software Development Manager at Rent Dynamics

SecOps program for us, as a smaller company, is amazing; they know what to look for

They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter. Even as part of the SecOps Program, that could be helpful; a quick analysis. They're analyzing our whole infrastructure and saying, "You have one VPC and that doesn't make a lot of sense, that should be multiple VPCs and here's why." The architecture of the servers in whatever cloud-hosting provider you're on could be helpful. Other than that, they should continue to expand on their notifications and on what's a vulnerability. They do a great job of that and we want them to continue to do that. It would be cool, since the agent is already deployed and they know about the server, they know the IP address, and they know what vulnerability is there, for them to test the vulnerability and see if they can actually exploit it. Or, once we patch it, they could double-check that it can't be. I don't know how hard that would be to build. Thinking on it off the top off my head, it could be a little challenging but it could also be highly interesting. It would also be great if we could test a couple of other features like hammering a server with 100 login attempts and see what happens. Real test scenarios could be really helpful. That is probably more something close to what they do with the SOC 2 audit or the report. But more visualization of that, being able to test things out on our infrastructure to make sure we can or can't hit this box could be interesting.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The agentless vulnerability scanning is great."

"Cloud Native Security's evidence-based reporting allows us to prioritize issues by understanding their impact, helping us resolve the most important problems first."

"It has a user-friendly dashboard that I can access without any difficulty."

"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."

"We use the infrastructure as code scanning, which is good."

"It saves time, makes your environment more secure, and improves compliance. PingSafe helps with audits, ensuring that you are following best practices for cloud security. You don't need to be an expert to use it and improve your security."

"PingSafe's most valuable feature is its unified console."

"Cloud Native Security has helped us with our risk posture and securing our agenda. It has been tremendous in terms of supporting growth."

More SentinelOne Singularity Cloud Security pros

"With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks."

"GuardDuty is extensive in terms of configuration and security compliance."

"What I like most about Amazon GuardDuty is that you can monitor your AWS accounts across, but you don't have to pay the additional cost. You can get all your CloudTrail VPC flow logs and DNS logs all in one, and then you get the monitoring with that. A lot of times, if you had a separate tool on-premise, you would have to set up your DNS logs, so usually, Amazon GuardDuty helps with all your additional networking requirements, so I utilize it for continuous monitoring because you can't detect anything if you're not monitoring, and the solution fills that gap. If you don't do anything else first, you can deploy your firewall, and then you've got your Route 53 DNS and DNSSEC, but then Amazon GuardDuty fills that, and then you have audit requirements in AU that says, "Hey, what are your additional logs?", so you can just say, "Hey, we utilize Amazon GuardDuty." You're getting your CloudTrail, your VPC flow logs, and all your DNS logs, and those are your additional logs right there, so the solution meets a lot of requirements. Now, everything comes with a cost, but I also like that the solution also provides threat response and remediation. It's a pretty good product. I've just used it more for log analysis and that's where the value is at, the niche value. Once you do threat detection, it goes into a lot of other integrations you need to implement, so threat detection is only good as the integration, as the user that knows the tools itself, and the architecture and how it's all set up and the rules that you set within that."

"It helps us detect brute-force attacks based on machine learning."

"The solution is easy to use."

"AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten."

"Deployment is great, and we didn't face any big challenges."

More AWS GuardDuty pros

"The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in production... We're constantly monitoring to make sure that no one is violating that. Threat Stack is what allows us to do that."

"The rules are really great. They give us more visibility and control over what's being triggered. There's a large set of rules that come out-of-the-box. We can customize them and we can create our own rules based on the traffic patterns that we see."

"Threat Stack has connectivity."

"With Threat Stack, we quickly identified some AWS accounts which had services that would potentially be exposed and were able to remediate them prior to release of products."

"It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts... We just went through a SOX audit and those were pivotal."

"We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity."

"An important feature of this solution is monitoring. Specifically, container monitoring."

"We're using it on container to see when activity involving executables happens, and that's great."

More Threat Stack Cloud Security Platform [EOL] pros

Cons

"The areas with room for improvement include the cost, which is higher compared to other security platforms. The dashboard can also be laggy."

"When we request any changes, they must be reflected in the next update."

"The resolution suggestions could be better, and the compliance features could be more customizable for Indian regulations. Overall, the compliance aspects are good. It gives us a comprehensive list, and its feedback is enough to bring us into compliance with regulations, but it doesn't give us the specific objects."

"We'd like to have better notifications. We'd like them to happen faster."

"I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations."

"A vulnerability alert would appear, and we'd fix it, but then the same alert would return the next day."

"I would like PingSafe's detections to be openly available online instead of only accessible through their portal. Other tools have detections that are openly available without going through the tool."

"Bugs need to be disclosed quickly."

More SentinelOne Singularity Cloud Security cons

"The solution's user interface could be improved because it will help users to understand multiple options."

"It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially."

"For the next release, they could provide IPS features as well."

"For me, I would say just the presentation of findings, like the dashboards and other stuff, could be improved a bit."

"Improvement-wise, Amazon GuardDuty should have an overall dashboard analytics function so we could see what's in the current environment, and then in addition to that, provide best practices and recommendations, particularly to provide some type of observability, and then figure out the login side of it, based on our current environment, in terms of what we're not monitoring and what we should monitor. The solution should also give us a sample code configuration to implement that added feature or feature request. What I'd like to see in the next release of Amazon GuardDuty are more security analytics, reporting, and monitoring. They should provide recommendations and additional options that answer questions such as "Hey, what can we see in our environment?", "What should we implement within the environment?", What's recommended?" We know that cost will always be associated with that, but Amazon GuardDuty should show us the increased costs or decreased costs if we implement it or don't implement it, and that would be a good feature request, particularly with all products within AWS, just for cloud products in general because there are times features are implemented, but once they're deployed, they don't tell you about costs that would be generated along with those features. After features are deployed, there should a summary of the costs that would be generated, and projected based on current usage, so they would give us the option to figure out how long we're going to use those features and the option to keep those on or turn those off. If more services were like that, a lot more people would use those on the cloud."

"The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA."

"AWS GuardDuty sometimes shows false positives and should have better detection accuracy."

"We currently find Lacework to be much better at detecting vulnerabilities than AWS GuardDuty. The engines of AWS GuardDuty have to be improved."

More AWS GuardDuty cons

"The user interface can be a little bit clunky at times... There's a lot of information that needs to be waded through, and the UI just isn't great."

"I would like further support of Windows endpoint agents or the introduction of support for Windows endpoint agents."

"The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead."

"Some features do not work as expected."

"They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter."

"The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area... The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there."

"It shoots back a lot of alerts."

"The compliance and governance need improvement."

More Threat Stack Cloud Security Platform [EOL] cons

Pricing and Cost Advice

"It is cheap."

"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."

"Its pricing is okay. It is in line with what other providers were providing. It is not cheap. It is not expensive."

"SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal."

"I wasn't sure what to expect from the pricing, but I was pleasantly surprised to find that it was a little less than I thought."

"It's not expensive. The product is in its initial growth stages and appears more competitive compared to others. It comes in different variants, and I believe the enterprise version costs around $55 per user per year. I would rate it a five, somewhere fairly moderate."

"The cost for PingSafe is average when compared to other CSPM tools."

"Singularity Cloud Workload Security's pricing is good."

More SentinelOne Singularity Cloud Security pricing and cost advice

"I prefer to have something on demand for myself. That's why I haven't been paying for GuardDuty specifically. AWS provides a wide range of offerings, especially in the security area."

"In terms of the costs associated with Amazon GuardDuty, it was $1 per GB from what I recall. Pricing was based on per gigabyte. For example, for the first five hundred gigabytes per month, it'll be $1 per GB, so it'll be $500. If your usage was greater, there's another bracket, for example, the next two thousand GB, then there's an add-on cost of 50 cents per GB. That's how Amazon GuardDuty pricing slowly goes up. I can't remember if there was any kind of additional cost apart from standard licensing for the solution. Nothing else that at least comes to mind. What the service was charging was worth it. That was one good thing when using Amazon GuardDuty because my company could be in a certain tier for a certain period. My company wasn't under a licensing model where it could overestimate its usage and under-utilize its usage and pay much more. This was what made the pricing model for Amazon GuardDuty better."

"The pricing model is pay as you go and is based on the number of events per month."

"The tool's licensing model is pay-as-you-go."

"GuardDuty only enables accounts in regions where you have an active workload. If there are places where you don't have an active workload, you wouldn't even enable them. That's one area where they could allow you to cut down your cost."

"The platform is inexpensive."

"The price of the solution is exactly right."

"80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security."

More AWS GuardDuty pricing and cost advice

"What we're paying now is somewhere around $15 to $20 per agent per month, if I recall correctly. The other cost we have is SecOps."

"It is very expensive compared to some other products. The pricing is definitely high."

"Pricing seems to be in line with the market structure. It's fine."

"I'm happy with the amount that we spend for the product that we get and the overall service that we get. It's not cheap, but I'm still happy with the spend."

"It came in cheaper than Trend Micro when we purchased it a few years ago."

"It is a cost-effective choice versus other solutions on the market."

"We find the licensing and pricing very easy to understand and a good value for the services provided."

See which vendors are best for you

Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.

See recommendations

831,997 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

17%

Computer Software Company

15%

Manufacturing Company

Government

Computer Software Company

20%

Financial Services Firm

10%

Real Estate/Law Firm

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

What is your experience regarding pricing and costs for PingSafe?

SentinelOne is relatively cheap. If ten is the most expensive, I would rate it a seven.

What needs improvement with PingSafe?

The areas with room for improvement include the cost, which is higher compared to other security platforms. The dashb...

What do you like most about Amazon GuardDuty?

With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavi...

What is your experience regarding pricing and costs for Amazon GuardDuty?

GuardDuty is very cheap and operates on a pay-as-you-go basis. It's priced around a dollar per million requests, maki...

What needs improvement with Amazon GuardDuty?

GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be usef...

Wiz vs SentinelOne Singularity Cloud Security

Ask a question

Earn 20 points

Comparisons

Compared 27% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 23% of the time

Microsoft Defender for Cloud vs SentinelOne Singularity Cloud Security

Compared 7% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 6% of the time

Check Point CloudGuard CNAPP vs SentinelOne Singularity Cloud Security

Compared 4% of the time

More SentinelOne Singularity Cloud Security Competitors

Microsoft Defender for Cloud vs AWS GuardDuty

Compared 50% of the time

CrowdStrike Falcon Cloud Security vs AWS GuardDuty

Compared 12% of the time

Wiz vs AWS GuardDuty

Compared 11% of the time

Prisma Cloud by Palo Alto Networks vs AWS GuardDuty

Compared 7% of the time

Orca Security vs AWS GuardDuty

Compared 2% of the time

More AWS GuardDuty Competitors

Microsoft Defender for Cloud Apps vs Threat Stack Cloud Security Platform [EOL]

Compared 24% of the time

BMC Helix Cloud Security vs Threat Stack Cloud Security Platform [EOL]

Compared 23% of the time

Netskope vs Threat Stack Cloud Security Platform [EOL]

Compared 19% of the time

Cisco IOS Security vs Threat Stack Cloud Security Platform [EOL]

Compared 17% of the time

Darktrace vs Threat Stack Cloud Security Platform [EOL]

Compared 17% of the time

More Threat Stack Cloud Security Platform [EOL] Competitors

Product Reports

SentinelOne Singularity Cloud Security

Download SentinelOne Singularity Cloud Security product report

SentinelOne Singularity Cloud Security report

AWS GuardDuty

Download AWS GuardDuty product report

Threat Stack Cloud Security Platform [EOL]

Download Threat Stack Cloud Security Platform [EOL] product report

Threat Stack Cloud Security Platform [EOL] report

Also Known As

PingSafe

No data available

Threat Stack, CSP,

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

SentinelOne

Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.

Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.

GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.

GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.

Users can access GuardDuty via:

AWS SDKs: Amazon provides users with several software development kits (SDKs) that are made up of libraries and sample code of numerous popular programming languages and platforms, such as Android, iOS, Java, .Net, Python, and Ruby. The SDKs make it easier to develop programmatic access to GuardDuty.
GuardDuty HTTPS API: This allows users to issue HTTPS requests directly to the service.
GuardDuty Console: This is a browser-based intuitive dashboard interface where users can access and use GuardDuty.

Amazon Elastic Kubernetes Service (Amazon EKS)

Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).

When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.

Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.

As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.

Amazon Simple Cloud Storage (S3) Protection

Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.

Reviews from Real Users

“The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services

Amazon Web Services (AWS)

Threat Stack Cloud Security Platform [EOL] offers robust security features including endpoint monitoring, rule customization, and integration capabilities, with easy connectivity to cloud services like Docker and AWS.

Threat Stack Cloud Security Platform [EOL] provides tools for enhancing security visibility across cloud infrastructure. It supports AWS and Docker integration, facilitating efficient threat detection and management. Users appreciate its capability to configure customizable alerts and monitor endpoints, sessions, API interactions, and cloud services. However, there are areas needing improvement, such as better serverless environment support and reduced alert frequency. The platform services smaller organizations by compensating for limited security resources with its comprehensive monitoring and auditing tools.

What are the key features?

Easy Cloud Service Integration: Streamlined connectivity with Docker and AWS for efficient monitoring.
Customizable Rule Sets: Tailor security rules to meet specific organizational needs.
Email Alerts: Receive timely notifications about security events and threats.
Interactive Session Monitoring: Track live sessions for suspicious activities.
API Integration: Connect effortlessly with third-party tools for an enhanced security posture.
SecOps Support: Assistance for organizations lacking dedicated security teams.

What are the benefits and ROI features?

Streamlined Threat Detection: Effective process monitoring to identify potential threats.
Cost Efficiency: Serves companies with limited resources by providing essential security functions.
Comprehensive Audits: Helps in regular examinations of cloud infrastructure, enhancing compliance.
Visibility into Cloud Operations: Offers a detailed dashboard for threat visibility and monthly vulnerability assessments.

In specific industries, Threat Stack Cloud Security Platform [EOL] is utilized for its strength in monitoring cloud infrastructure and preventing unauthorized access. Organizations in fields where cloud operations are critical use it for regular audits and monitoring. Its capabilities in threat management are leveraged to maintain secure operations and compliance, especially where there is no dedicated security team.

Sample Customers

Information Not Available

autodesk, mapbox, fico, webroot

StatusPage.io, Walkbase, Spanning, DNAnexus, Jobcase, Nextcapital, Smartling, Veracode, 6sense

AWS GuardDuty vs. Threat Stack Cloud Security Platform [EOL]