AWS Cloud Engineer at Standard Telephones and Cables
Real User
Top 10
2024-11-21T19:23:09Z
Nov 21, 2024
We mainly use AWS GuardDuty to detect compromised EC2 instances. Primarily, we use it to identify suspicious activity, such as unusual outbound traffic, connections to known malicious IP addresses, or unauthorized attempts to access EC2 instances. This may indicate a compromised instance. Additionally, we use GuardDuty to monitor S3 bucket misconfigurations and for threat detection on Lambda functions. We analyze cloud logs for suspicious API calls and abnormal execution patterns within AWS Lambda functions, helping us identify potential misuse. Another use case is that we use GuardDuty to detect credential stuffing attacks by identifying failed login attempts, particularly from unusual locations or at high frequency, indicating potential credential stuffing attacks or brute force attempts. Furthermore, GuardDuty can also monitor for large-scale data downloads or uploads, potentially indicating data exfiltration attempts by unauthorized actors or malware.
The main use cases of GuardDuty, when combined with AWS Security, are to offer in-depth security issue detection, such as identifying brute force attacks or unauthorized SSH attempts into your infrastructure, as well as other anomalous behaviors. GuardDuty serves as a threat detection and intelligence service.
I use AWS GuardDuty to monitor AWS accounts and investigate security threats continuously. It enhances the security of AWS infrastructures and applications, ensuring compliance with regulations like HIPAA and GDPR.
Protect your accounts, data, and assets across diverse AWS computing environments, encompassing Amazon Elastic Compute Cloud (Amazon EC2), serverless operations, and container workloads, including those utilizing AWS Fargate.
IT Controller at a outsourcing company with 11-50 employees
Real User
Top 20
2024-01-17T07:22:19Z
Jan 17, 2024
My company uses AWS GuardDuty to develop the software and provide services to clients. I use the solution to monitor the service on the AWS workload or AWS instance and monitor threats or vulnerabilities.
AWS initially interested me more from the architecture and direction perspective, rather than DevOps, for instance. I wanted to gain expertise in the wide range of services they offer, one of which is GuardDuty. It's not my main focus, but it's a good basic threat detection starting point. Whenever we need some kind of service for threat detection, we go to one of the many options in the vast AWS cloud portfolio. We pick GuardDuty to protect our endpoints, and it's a good first-line solution for quick deployment. Once we have experience using this AWS offering, we'll likely start looking deeper. We might then go to the marketplace to find another, potentially third-party solution.
AWS GuardDuty is a monitoring solution. The product helps us in threat monitoring. It notifies us of illegitimate users or any other cyber attack scenarios.
Amazon GuardDuty is an AWS Managed Service. The product finds information related to potential security risks and detects our environment related findings. It is a service that helps administrators find anomalies in their environment, rectify those issues and make the environment more secure and safe. For example, consider some S3 buckets; we have X server access login disabled and certain configurations which are recommended that we are not following that are certain IAM user regulates such as monitoring from the background. Amazon GuardDuty will give us anomaly data for that particular IAM user, advising that certain activity was suspicious.
We are only using it for a client's requirements; we are simply building it and selling it to the client. Amazon GuardDuty is used on private infrastructure for our clients. The application is not publicly accessible; it is hosted internally. GuardDuty has been used to set the CloudWatch alarms. Assume that both scans are detected, or something similar, we have just enabled CloudWatch alarms for those use cases so that any such use case is detected. The alert will be triggered, and we have configured and integrated Amazon GuardDuty with all of the other seven accounts to have the central HPU.
Most of the time, Amazon GuardDuty is used to collect additional network login requirements, so it's basically in the compliance setting, particularly if you need to collect additional logs, or you need additional protection for your infrastructure in the cloud. Those are the areas where you can utilize Amazon GuardDuty and have it assist with compliance, as it's one of the authorized services for compliance, and it's more than likely the tool to use. For the most part, my organization uses the solution for additional protection within the cloud and also to assist with any additional login capabilities that you can't get through the other services. Amazon GuardDuty fills those gaps and helps facilitate a lot of gaps that you have.
Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs. Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to...
We mainly use AWS GuardDuty to detect compromised EC2 instances. Primarily, we use it to identify suspicious activity, such as unusual outbound traffic, connections to known malicious IP addresses, or unauthorized attempts to access EC2 instances. This may indicate a compromised instance. Additionally, we use GuardDuty to monitor S3 bucket misconfigurations and for threat detection on Lambda functions. We analyze cloud logs for suspicious API calls and abnormal execution patterns within AWS Lambda functions, helping us identify potential misuse. Another use case is that we use GuardDuty to detect credential stuffing attacks by identifying failed login attempts, particularly from unusual locations or at high frequency, indicating potential credential stuffing attacks or brute force attempts. Furthermore, GuardDuty can also monitor for large-scale data downloads or uploads, potentially indicating data exfiltration attempts by unauthorized actors or malware.
The main use cases of GuardDuty, when combined with AWS Security, are to offer in-depth security issue detection, such as identifying brute force attacks or unauthorized SSH attempts into your infrastructure, as well as other anomalous behaviors. GuardDuty serves as a threat detection and intelligence service.
I use AWS GuardDuty to monitor AWS accounts and investigate security threats continuously. It enhances the security of AWS infrastructures and applications, ensuring compliance with regulations like HIPAA and GDPR.
Protect your accounts, data, and assets across diverse AWS computing environments, encompassing Amazon Elastic Compute Cloud (Amazon EC2), serverless operations, and container workloads, including those utilizing AWS Fargate.
My company uses AWS GuardDuty to develop the software and provide services to clients. I use the solution to monitor the service on the AWS workload or AWS instance and monitor threats or vulnerabilities.
AWS initially interested me more from the architecture and direction perspective, rather than DevOps, for instance. I wanted to gain expertise in the wide range of services they offer, one of which is GuardDuty. It's not my main focus, but it's a good basic threat detection starting point. Whenever we need some kind of service for threat detection, we go to one of the many options in the vast AWS cloud portfolio. We pick GuardDuty to protect our endpoints, and it's a good first-line solution for quick deployment. Once we have experience using this AWS offering, we'll likely start looking deeper. We might then go to the marketplace to find another, potentially third-party solution.
It helps us detect brute-force attacks based on machine learning. It alerts the security team for possible attacks as well.
AWS GuardDuty is a monitoring solution. The product helps us in threat monitoring. It notifies us of illegitimate users or any other cyber attack scenarios.
We use AWS GuardDuty in our company to safeguard our deployment production.
Amazon GuardDuty is an AWS Managed Service. The product finds information related to potential security risks and detects our environment related findings. It is a service that helps administrators find anomalies in their environment, rectify those issues and make the environment more secure and safe. For example, consider some S3 buckets; we have X server access login disabled and certain configurations which are recommended that we are not following that are certain IAM user regulates such as monitoring from the background. Amazon GuardDuty will give us anomaly data for that particular IAM user, advising that certain activity was suspicious.
We are only using it for a client's requirements; we are simply building it and selling it to the client. Amazon GuardDuty is used on private infrastructure for our clients. The application is not publicly accessible; it is hosted internally. GuardDuty has been used to set the CloudWatch alarms. Assume that both scans are detected, or something similar, we have just enabled CloudWatch alarms for those use cases so that any such use case is detected. The alert will be triggered, and we have configured and integrated Amazon GuardDuty with all of the other seven accounts to have the central HPU.
Most of the time, Amazon GuardDuty is used to collect additional network login requirements, so it's basically in the compliance setting, particularly if you need to collect additional logs, or you need additional protection for your infrastructure in the cloud. Those are the areas where you can utilize Amazon GuardDuty and have it assist with compliance, as it's one of the authorized services for compliance, and it's more than likely the tool to use. For the most part, my organization uses the solution for additional protection within the cloud and also to assist with any additional login capabilities that you can't get through the other services. Amazon GuardDuty fills those gaps and helps facilitate a lot of gaps that you have.
I mainly use GuardDuty to check user responses, collect logs, and collect data on who logs in and out and their permission and authorization.