Item: Amazon GuardDuty
Rating: 10
Author: Alex Kranz

Use Cases and Deployment Scope

We have a multi-tenant AWS environment with dozens of AWS account all managed under control tower. We use GuardDuty on every AWS account and it has been incredibly useful for monitoring the security of our AWS accounts.

Pros and Cons

Monitors outgoing connections from AWS resources to known malicious hosts.
Monitors incoming connection to AWS resources from known malicious hosts.
Integrates with other centralized logging solutions.

Does not have the ability to add any custom monitors.

Most Important Features

The automatic and AWS managed threat detection.
The ability to integrate with other centralized logging solutions.

Return on Investment

GuardDuty has helped us prevent possible security incidents multiple times which could have caused substantial damage.

Key Insights

Do you think Amazon GuardDuty delivers good value for the price?

Yes

Are you happy with Amazon GuardDuty's feature set?

Yes

Did Amazon GuardDuty live up to sales and marketing promises?

Yes

Did implementation of Amazon GuardDuty go as expected?

Yes

Would you buy Amazon GuardDuty again?

Yes

Other Software Used

Azure App Service, Azure Blob Storage, Backblaze B2 Cloud Storage

Likelihood to Recommend

In a multi-account/multi-tenant environment, GuardDuty often alerts us to possible malicious traffic before it becomes an issue. The ability to automatically enable GuardDuty creates baseline security which is crucial when an account is first created. It also helps greatly in environments where other users are able to create resources as often GuardDuty alerts us to insecure resources we did not know about. It can however sometimes be a little overzealous with its assessments alerting on benign activity which then requires suppression rules.

GuardDuty is a must have for AWS environments

Overall Satisfaction with Amazon GuardDuty