Continuously monitor your AWS accounts, instances, serverless and container workloads, users, databases, and storage for potential threats.
Expose threats quickly using anomaly detection, ML, behavioral modeling, and threat intelligence feeds from AWS and leading third parties.
Mitigate threats early by initiating automated responses.
Quickly and easily scale threat detection across your environment.
How it works
Amazon GuardDuty for AWS workload protection
Amazon GuardDuty analyzes and processes data from foundational data sources to detect anomalies involving AWS Identity and Access Management (IAM) access keys and Amazon Elastic Compute Cloud (Amazon EC2). You can also activate GuardDuty protection plans to analyze additional data from other AWS services in your AWS environment to protect workloads using Amazon S3, Amazon EKS, Amazon RDS, and AWS Lambda.
GuardDuty S3 Protection
Continuously monitor and profile Amazon S3 data access events and Amazon S3 configurations to detect suspicious activities such as requests coming from an unusual geo-location, disabling of preventative controls such as Amazon S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.
GuardDuty EKS Runtime Monitoring
GuardDuty RDS Protection
Using tailored machine learning models and integrated threat intelligence, GuardDuty can detect potential threats in Amazon Relational Database Service (Amazon RDS), starting with Amazon Aurora, such as high-severity brute force attacks, suspicious logins, and access by known threat actors.
GuardDuty Lambda Protection
Continuously monitor network activity, starting with VPC Flow Logs, from your serverless workloads to detect threats such as AWS Lambda functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers.
Improve security operations visibility
Gain insight of compromised credentials, unusual data access in Amazon Simple Storage Service (S3), suspicious logins in Amazon Aurora, and API calls from known malicious IP addresses.
Identify files containing malware
Scan Amazon Elastic Block Store (EBS) for files that might have malware creating suspicious behavior on instance and container workloads running on Amazon Elastic Compute Cloud (EC2).
Detect and mitigate threats in your container environment
Identify and profile possible malicious or suspicious behavior in container workloads by analyzing Amazon EKS audit logs and container runtime activity.
How to get started
Find out how Amazon GuardDuty works
Learn more about the features and capabilities that GuardDuty offers.
Learn about customers using GuardDuty
See how global companies are using GuardDuty to protect their AWS accounts with intelligent threat detection.
Get started with GuardDuty on the AWS Free Tier
Try GuardDuty for 30 days at no cost and get full access to GuardDuty features and detection findings.