Amazon GuardDuty is an AWS Managed Service. The product finds information related to potential security risks and detects our environment related findings. It is a service that helps administrators find anomalies in their environment, rectify those issues and make the environment more secure and safe.
For example, consider some S3 buckets; we have X server access login disabled and certain configurations which are recommended that we are not following that are certain IAM user regulates such as monitoring from the background. Amazon GuardDuty will give us anomaly data for that particular IAM user, advising that certain activity was suspicious.
In our environment, the most valuable feature is discovering the anomalous sign users because we have configured single sign-on in our environment, but there are some IAM users. Since our environment is cloud-based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing. Finding anything suspicious with AWS recommendations is helpful.
Amazon GuardDuty is limited to certain services. The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA. By being integrated with these services, it would be handy for users and save time.
I have been using Amazon GuardDuty for six months.
Amazon GuardDuty is service based not user-based. I can have a number of users in my system because the user management is turning the different services in AWS AIM direct access management.
We have four users of the solution. It is used by system administrators, cloud administrators, and architects.
Amazon GuardDuty is an extra security measure. We have other security measures also implemented in our environment, such as our on-premise environment and network related securities.
The initial setup of Amazon GuardDuty is fairly easy without much complexity.
Licensing of GuardDuty is part of the AWS license. The pricing model is pay as you go and is based on the number of events per month. When you first look at the price it seems reasonable but if you look at it holistically the cost can be improved.
At a very basic level, Amazon GuardDuty is a good tool. If you are looking for advanced security that would provide higher checks to secure their environment, this may not be enough.
Certain checks only related to the AWS environment are good, but if you are integrated with other services like Salesforce or MuleSoft it is not a good solution.
I would rate GuardDuty a six out of 10 overall.