Amazon Guard​Duty

Protect your AWS accounts and workloads with intelligent threat detection and continuous monitoring

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in the AWS Cloud. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs. With a few clicks in the AWS Management Console, GuardDuty can be enabled with no software or hardware to deploy or maintain. By integrating with AWS CloudWatch Events, GuardDuty alerts are actionable, easy to aggregate across multiple accounts, and straightforward to push into existing event management and workflow systems.

Introduction to Amazon GuardDuty (2:26)

How it works

product-page-diagram-Amazon-GuardDuty_how-it-works

Benefits

Comprehensive threat identification

GuardDuty identifies threats by continuously monitoring the network activity and account behavior within the AWS environment. Amazon GuardDuty comes integrated with up-to-date threat intelligence feeds from AWS, CrowdStrike, and Proofpoint. Threat intelligence coupled with machine learning and behavior models help you detect activity such as crypto-currency mining, credential compromise behavior, communication with known command-and-control servers, or API calls from known malicious IPs.


Strengthens security through automation

In addition to detecting threats, GuardDuty also makes it easy to automate how you respond to threats, reducing your remediation and recovery time. GuardDuty can perform automated remediation actions by leveraging Amazon CloudWatch events and AWS Lambda. GuardDuty security findings are informative and actionable for security operations, findings include the affected resource’s details and attacker information, such as IP address and geo-location.


Enterprise scale and central management

GuardDuty makes enablement and management across multiple accounts easy. Through the multi-account feature, all member accounts findings can be aggregated with a GuardDuty administrator account. This enables security team to manage all GuardDuty findings from across the organization in one single account. The aggregated findings are also available through CloudWatch Events, making it easy to integrate with an existing enterprise event management system.

Blog posts & articles

No items returned.

600x400_Autodesk_Logo
600x400_Mapbox_Logo
600x400_Netflix_Logo
webroot_logo_600x400

Partners


Meet the AWS APN Partners who have integrated with Amazon GuardDuty. APN Partner products complement the existing AWS services to enable you to deploy a comprehensive security architecture and a more seamless experience across your AWS Cloud and on-premises environment. See a full list of Amazon GuardDuty partners.


Threat intelligence partners

Product-Page_Standard-Icons_01_Product-Features_SqInk
Explore Amazon GuardDuty features

Amazon GuardDuty is a threat detection service that provides you with an accurate and easy way to continuously monitor and protect their AWS accounts and workloads.

Learn more 
Product-Page_Standard-Icons_02_Sign-Up_SqInk
Sign up for a 30-day free trial

Try Amazon GuardDuty for 30-days at no cost. You will receive full access to GuardDuty features and its detection findings during the free trial.

Free trial 
Product-Page_Standard-Icons_03_Start-Building_SqInk
Start building in the console

Get started building with Amazon GuardDuty in the AWS Console.

Sign in