Amazon GuardDuty

Protect your AWS accounts, workloads, and data with intelligent threat detection

Benefits of Amazon GuardDuty

Keep your accounts, workloads, and data secure by continuously monitoring for potential threats across your AWS environment.
Rapidly detect threats using anomaly detection, AI, ML, threat intelligence, and behavioral modeling.
Quickly identify, correlate, and respond to threats with automated analysis and tailored remediation recommendations to help minimize business disruption.
Scale threat detection across all accounts in your AWS environment with automated analysis that helps streamline your threat detection and reduces manual effort.
Safeguard your accounts, data, and resources across various AWS compute types, spanning Amazon Elastic Compute Cloud (Amazon EC2), serverless workloads, and container workloads—including those on AWS Fargate.

What is GuardDuty?

Amazon GuardDuty uses AI and ML with integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.

How it works

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

How Amazon GuardDuty works

GuardDuty for AWS workload protection

Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.

GuardDuty for AWS workload protection

Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.

Use cases

Identify multi-stage attack sequences like abnormal removal of artificial intelligence (AI) security guardrails, model usage, or exfiltrated Amazon EC2 credentials being used to call APIs in Amazon Bedrock, Amazon SageMaker, or self-managed AI workloads.

Triage threats more quickly with automated threat signal correlation and prescriptive remediation recommendations. Determine root cause with Amazon Detective. Route findings to AWS Security Hub and Amazon EventBridge or third-party solutions.

Initiate scans of your Amazon Elastic Block Store (Amazon EBS) volumes associated with your Amazon EC2 instances and container workloads, and automatically monitor uploads to Amazon S3 buckets, to detect the presence of malware, such as backdoor intrusions, cryptocurrency-related activity, and trojans.

Remove complexity for security and application teams with a single place to identify, profile, and manage threats to your AWS container environments across Amazon EKS and Amazon ECS—including both instance and serverless container workloads

Demonstrate an ability to meet intrusion detection requirements mandated by certain compliance frameworks.