Detect threats intelligently to safeguard your data, workloads, and AWS accounts.
What is Amazon GuardDuty?
To help safeguard your AWS accounts, workloads, and data from attacks, Amazon GuardDuty combines AI and ML with integrated threat intelligence from AWS and top third parties.
How it operates
Providing comprehensive security findings for visibility and response, Amazon GuardDuty is a threat detection service that continually scans your AWS accounts and workloads for harmful behavior.
Benfits of Amazon GuardDuty
Continuous monitoring
Maintain the security of your accounts, workloads, and data by keeping an eye out for any threats throughout your AWS environment.
AI/ML-powered threat detection
Use behavioral modeling, AI, ML, threat intelligence, and anomaly detection to quickly identify risks.
Respond faster to threats
Reduce business disturbance by promptly identifying, correlating, and responding to risks with automated analysis and customized repair advice.
Scalable, fully managed threat detection
Use automated analysis to scale threat detection across all accounts in your AWS environment, which will help you spot threats more quickly and with less human labor.
End-to-end visibility into AWS compute workloads
Across serverless workloads, container workloads, including those on AWS Fargate, and Amazon Elastic Compute Cloud (Amazon EC2), protect your accounts, data, and resources.
GuardDuty for AWS workload protection
Find out more about how to use GuardDuty’s extensive threat detection coverage for workloads and resources throughout your AWS environment.
GuardDuty S3 Protection
Every day, GuardDuty can analyze more than a trillion Amazon Simple Storage Service (Amazon S3) events. To identify suspicious activity, such as requests originating from an unusual geolocation, the disabling of preventative controls like Amazon S3 Block Public Access, or API call patterns consistent with an attempt to identify misconfigured bucket permissions, continuously monitor and profile Amazon S3 data access events and S3 configurations.
GuardDuty EKS Protection
By examining Amazon EKS audit logs, GuardDuty EKS Protection keeps an eye on cluster control plane behavior for Amazon Elastic Kubernetes Service (Amazon EKS).
GuardDuty Runtime monitoring
Detect runtime risks from over 30 security discoveries and gain insight into operating system-level and on-host behavior to help safeguard your Amazon EKS clusters, Amazon ECS workloads, including server less operations on AWS Fargate, and Amazon EC2 instances.
GuardDuty Malware Protection for Amazon EC2
When GuardDuty notices that one of your EC2 instances or container workloads running on Amazon EC2 is acting strangely, it will check the EBS volumes connected to those instances for malware.
GuardDuty Malware Protection for Amazon S3
Integrate, scale, and manage malware detection to find potentially dangerous uploads to your Amazon S3 buckets.
GuardDuty RDS Protection
GuardDuty can identify possible vulnerabilities in Amazon Relational Database Service (Amazon RDS), beginning with Amazon Aurora, including high-severity brute force assaults, strange logins, and access by known threat actors, by utilizing customized machine learning models and integrated threat intelligence.
GuardDuty Lambda Protection
Keep an eye on network activity from your serverless workloads, beginning with VPC Flow Logs, to identify dangers like hacked Lambda functions that are interacting with known threat actor servers or maliciously repurposed AWS Lambda functions for illicit bitcoin mining.
Use cases
Detect suspicious multi-stage security threats in your generative AI workloads
Recognize multi-stage attack sequences, such as the use of models, the unusual removal of artificial intelligence (AI) security guardrails, or the use of stolen Amazon EC2 credentials to access self-managed AI workloads, Amazon Bedrock, or Amazon SageMaker APIs.
Accelerate investigations and automate remediation
Automated threat signal correlation and prescriptive remedial solutions speed up threat triage. Use Amazon Detective to identify the underlying reason. Forward results to third-party solutions like AWS Security Hub and Amazon EventBridge.
Protect against ransomware and other types of malware
To find malware, including trojans, cryptocurrency-related activity, and backdoor intrusions, start scanning your Amazon Elastic Block Store (Amazon EBS) volumes linked to your Amazon EC2 instances and container workloads. You can also automatically keep an eye on uploads to Amazon S3 buckets.
Centralize threat detection for AWS container workloads
With a single location to detect, characterize, and handle threats to your AWS container environments across Amazon EKS and Amazon ECS, including instance and server less container workloads, security and application teams can simplify their job.
More easily meet compliance requirements, like PCI DSS
Show that you can fulfill the intrusion detection specifications set out by certain compliance frameworks.
Amazon GuardDuty Pricing
To help safeguard your AWS accounts, workloads, and data, Amazon GuardDuty is a pay-as-you-go threat detection service that continuously scans for harmful activities and unusual behavior. The amount of service logs, events, workloads, or data analyzed determines GuardDuty’s pricing. To learn more about the Amazon GuardDuty pricing details, click here.