AWS Cloud Engineer at Standard Telephones and Cables
Real User
Top 10
2024-11-21T19:23:09Z
Nov 21, 2024
Overall, GuardDuty is a very easy-to-use tool, and I would recommend it even to those who are not tech-savvy. It allows users to simply click and go. I would give GuardDuty a review rating of nine out of ten.
Once you configure GuardDuty clearly based on your organization's needs, it operates in a setup-and-forget mode. On a scale of one to ten, I would rate GuardDuty as an eight.
I rate the overall solution an eight out of ten. I would recommend AWS GuardDuty to others. It’s a great tool that helps you stay ahead of threats. It keeps you alert.
Developer at a sports company with 501-1,000 employees
Real User
Top 5
2024-03-01T07:14:00Z
Mar 1, 2024
GuardDuty helps by flagging unexpected or potentially unauthorized activity in my AWS environment. For instance, it alerts me when there is an API call from an unfamiliar IP address, which might indicate a security threat. However, in some cases, these alerts might be triggered by legitimate actions, such as employees working remotely from different locations using VPNs. I find the anomaly detection and continuous monitoring features of AWS GuardDuty very effective. They give me peace of mind knowing that AWS is actively looking out for any abnormal behavior or traffic in my environment. In the past, for on-premises setups, I relied on different network tools for this, but in the cloud, GuardDuty takes care of it, sparing me from manual tasks like checking VPC logs. Integrating AWS GuardDuty with third-party tools seems straightforward, although I haven't done it yet myself. From what I have seen, getting GuardDuty data into AWS Security Hub appears to be a simple process, allowing for centralized security monitoring across multiple accounts. I'm considering enabling it and trying it out, especially since AWS offers a 30-day trial for Security Hub. Overall, I would rate AWS GuardDuty as a ten out of ten.
Overall, I would rate the solution a nine out of ten. It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially.
At a very basic level, Amazon GuardDuty is a good tool. If you are looking for advanced security that would provide higher checks to secure their environment, this may not be enough. Certain checks only related to the AWS environment are good, but if you are integrated with other services like Salesforce or MuleSoft it is not a good solution. I would rate GuardDuty a six out of 10 overall.
My recommendation is to go for the master setup that will be beneficial to you. There are some limitations where we cannot modify use cases to meet our needs; we must do additional work, such as setting up CloudWatch alarms and SNS, and things are not patched. There are some restrictions. I'll just suggest that you have some skilled resources with patching knowledge. It's good, I would rate Amazon GuardDuty a seven out of ten.
I use the latest and greatest version of Amazon GuardDuty that's available on the market. The number of users of Amazon GuardDuty in my organization is between one to ten. Per my boss, it's a maximum of ten. My advice to someone who wants to use the solution for the first time is that you've got to establish your use case. What are you going to use it for? Focus on that area, and then I would also implement a proof of concept to make sure that it's set up in your staging environment where you can do all your testing and get all your test results. Depending on what you can implement, make sure your integrations work, and the other tools you have you should also integrate with Amazon GuardDuty in your testing, so when you go to production with it, you would understand the ROI for using the tool. A lot of times, you always want to have a centralized view of everything in your environment. What you don't want is when you have to go to this tool and then go to that tool, and it's just so much. You already have to do MFA just to get into it, and then once you're in, you'd want to see your whole environment and just get all your touchpoints, so integration is the key component to test within Amazon GuardDuty. I would rate Amazon GuardDuty seven out of ten because some of the integrations may not work well with it, and depending on the integration that you're working with, the security tools have a lot of requirements to implement. Integration support should be a little bit easier, and it just depends on whether you're doing infrastructure as code versus doing just regular batch scripting, or a formation template. The solution has pros and cons. My organization is a customer of Amazon GuardDuty.
Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs. Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to...
Overall, GuardDuty is a very easy-to-use tool, and I would recommend it even to those who are not tech-savvy. It allows users to simply click and go. I would give GuardDuty a review rating of nine out of ten.
Once you configure GuardDuty clearly based on your organization's needs, it operates in a setup-and-forget mode. On a scale of one to ten, I would rate GuardDuty as an eight.
I rate the overall solution an eight out of ten. I would recommend AWS GuardDuty to others. It’s a great tool that helps you stay ahead of threats. It keeps you alert.
GuardDuty helps by flagging unexpected or potentially unauthorized activity in my AWS environment. For instance, it alerts me when there is an API call from an unfamiliar IP address, which might indicate a security threat. However, in some cases, these alerts might be triggered by legitimate actions, such as employees working remotely from different locations using VPNs. I find the anomaly detection and continuous monitoring features of AWS GuardDuty very effective. They give me peace of mind knowing that AWS is actively looking out for any abnormal behavior or traffic in my environment. In the past, for on-premises setups, I relied on different network tools for this, but in the cloud, GuardDuty takes care of it, sparing me from manual tasks like checking VPC logs. Integrating AWS GuardDuty with third-party tools seems straightforward, although I haven't done it yet myself. From what I have seen, getting GuardDuty data into AWS Security Hub appears to be a simple process, allowing for centralized security monitoring across multiple accounts. I'm considering enabling it and trying it out, especially since AWS offers a 30-day trial for Security Hub. Overall, I would rate AWS GuardDuty as a ten out of ten.
We have a whole bunch of information on various things in AWS GuardDuty. Overall, I rate the solution a nine out of ten.
Overall, I rate AWS GuardDuty an eight out of ten.
Overall, I would rate the solution a nine out of ten. It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially.
I rate AWS GuardDuty an eight out of ten. It is the best detection system for the applications hosted on AWS.
The product is unique to AWS. I would recommend the solution to others. Overall, I rate the product a ten out of ten.
Overall, I rate the solution a six out of ten.
At a very basic level, Amazon GuardDuty is a good tool. If you are looking for advanced security that would provide higher checks to secure their environment, this may not be enough. Certain checks only related to the AWS environment are good, but if you are integrated with other services like Salesforce or MuleSoft it is not a good solution. I would rate GuardDuty a six out of 10 overall.
My recommendation is to go for the master setup that will be beneficial to you. There are some limitations where we cannot modify use cases to meet our needs; we must do additional work, such as setting up CloudWatch alarms and SNS, and things are not patched. There are some restrictions. I'll just suggest that you have some skilled resources with patching knowledge. It's good, I would rate Amazon GuardDuty a seven out of ten.
I use the latest and greatest version of Amazon GuardDuty that's available on the market. The number of users of Amazon GuardDuty in my organization is between one to ten. Per my boss, it's a maximum of ten. My advice to someone who wants to use the solution for the first time is that you've got to establish your use case. What are you going to use it for? Focus on that area, and then I would also implement a proof of concept to make sure that it's set up in your staging environment where you can do all your testing and get all your test results. Depending on what you can implement, make sure your integrations work, and the other tools you have you should also integrate with Amazon GuardDuty in your testing, so when you go to production with it, you would understand the ROI for using the tool. A lot of times, you always want to have a centralized view of everything in your environment. What you don't want is when you have to go to this tool and then go to that tool, and it's just so much. You already have to do MFA just to get into it, and then once you're in, you'd want to see your whole environment and just get all your touchpoints, so integration is the key component to test within Amazon GuardDuty. I would rate Amazon GuardDuty seven out of ten because some of the integrations may not work well with it, and depending on the integration that you're working with, the security tools have a lot of requirements to implement. Integration support should be a little bit easier, and it just depends on whether you're doing infrastructure as code versus doing just regular batch scripting, or a formation template. The solution has pros and cons. My organization is a customer of Amazon GuardDuty.
I'd rate GuardDuty as nine out of ten.