Amazon GuardDuty serves as a threat detection solution that employs machine learning and various methodologies to detect malevolent activities and unauthorized conduct within your AWS accounts and workloads. By integrating with other AWS security offerings, GuardDuty delivers a complete perspective on your security standing and enables swift responses to security hazards. The service allows you to identify and address numerous security threats, such as account breaches, infrastructure dangers, data leakage, and unsanctioned access to confidential information. GuardDuty persistently scrutinizes your AWS ecosystem, leveraging machine learning techniques to pinpoint potential risks. Upon identifying a threat, the service generates an alert accessible through the AWS Management Console, or delivered via Amazon CloudWatch events and Amazon SNS notifications. GuardDuty seamlessly integrates with other AWS security tools, including Amazon CloudTrail, Amazon VPC Flow Logs, and AWS WAF, ensuring a holistic understanding of your security position.
Read here to see an example of a GuadDuty detection.
The expense associated with using GuardDuty is determined by the quantity of AWS accounts and the volume of data processed. Data processing charges are based on the number of AWS CloudTrail log files processed and the amount of data examined by Amazon GuardDuty. A single GuardDuty deployment in an AWS account is referred to as an active detector. In the case of multiple AWS accounts, GuardDuty must be deployed in each account, and you will incur charges for every active detector.
Costs are usage based and include:
After enabling GuardDuty, it will automatically start analyzing AWS CloudTrail events, Amazon VPC Flow Logs, and DNS logs to identify potential threats in your AWS environment.
Stream Security leads in Cloud Detection and Response, modeling all cloud activities and configurations in real-time to uncover adversary intent. The platform correlates activities by principles, helping security teams connect the dots and understand correlations among cloud operations. It reveals each alert's exploitability and blast radius to predict the adversary's next move, enabling security teams to detect, investigate, and respond with confidence, outpacing the adversary.