Amazon Guard​Duty

Amazon Guard​Duty

Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads

Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.

It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise.

GuardDuty also detects potentially compromised instances or reconnaissance by attackers.

Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk.

GuardDuty identifies suspected attackers through integrated threat intelligence feeds and uses machine learning to detect anomalies in account and workload activity. When a potential threat is detected, the service delivers a detailed security alert to the GuardDuty console and AWS CloudWatch Events.

This makes alerts actionable and easy to integrate into existing event management and workflow systems.

Amazon GuardDuty is cost effective and easy.

It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.


Intelligent threat detection

Amazon GuardDuty gives you intelligent threat detection by collecting, analyzing, and correlating billions of events from AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs across all of your associated AWS accounts.

GuardDuty detections are made more accurate by incorporating threat intelligence (such as lists of known malicious IP addresses provided by AWS Security and 3rd party threat intelligence partners).

GuardDuty also uses machine learning to detect anomalous account and network activities.

For example, GuardDuty will alert you if it detects remote API calls from a known malicious IP address indicating potentially compromised AWS credentials.

GuardDuty also detects direct threats to your AWS environment indicating a compromised instance, such as an Amazon EC2 instance sending encoded data within DNS queries.

Centralize threat detection across accounts

Many organizations use multiple AWS accounts to help provide proper cost allocation, agility, and security.

With a few clicks in the AWS Management Console, you can centralize your threat detection by enabling Amazon GuardDuty across any of your AWS accounts.

With GuardDuty, there is no need to install additional security software or infrastructure to analyze your account and workload activity data.

Your security operations center team can easily manage and triage threats from a single console view and automate security responses using a single security account.

Strengthens security through automation

In addition to detecting threats, Amazon GuardDuty also makes it easy to automate how you respond to these threats, reducing your remediation and recovery time.

You can set up your remediation scripts or AWS Lambda functions to trigger based on GuardDuty findings.

GuardDuty security findings include the affected resource’s details, such as tags, security groups, or credentials.

GuardDuty findings also include attacker information, such as IP address and geo-location.

This makes GuardDuty security findings informative and actionable.

For example, account compromise can be difficult to detect quickly if you are not continuously monitoring account activities in near real-time.

With GuardDuty, when an instance is suspected of having data stolen the service will alert you to be able to automatically create an access control entry restricting outbound access for that instance.

Other Companies Using Amazon Guard​Duty



[object Object]

Cody Swann


Since founding Gunner Technology, Cody has served the company in every aspect of business development and product development.

[object Object]

Dary Merckens


From a contractor to a partner, Dary has been with Gunner since year 1 and embodies the meritocratic spirit and philosophy of Gunner Technology.

[object Object]

Mahdi Huessein

VP / Engineering

Mahdi joined Gunner at age 18 and quickly rose through the ranks to become VP of Engineering

[object Object]

Skyla Frye

Developer III

Skyla is Gunner's go-to engineer when it comes to evaluating new tech. She loves evaluating bleeding edge software and teaching her colleagues what she learns.

[object Object]

Kayden Chan

Developer II

Kayden holds the Gunner Technology record for most straight hours worked at just under 70. He refuses to quit until the job is done and it's done right.

[object Object]

Jeramiah Anthony

VP / Product Development

Jeramiah is a wizard at turning loose requirements into a firm vision with a solid plan.

[object Object]

Ethan Sloan

DevOps Engineer II

Ethan has a mind for infrastructure and a knack for visualizing platform solutions

[object Object]

Nicolas Henderson

DevOps Engineer I

Nicolas' goal is to learn everything. A voracious reader, the only time his nose isn't in a tech book is when he's scripting a new infrastructure.



Related Terms

  • Amazon Web Services

    Amazon Web Services (AWS) is a comprehensive, evolving cloud computing platform provided by Amazon.

  • Security

    The defense of digital information and IT assets against internal and external, malicious and accidental threats.

  • DevOps

    DevOps is the blending of tasks performed by a company's application development and systems operations teams.

Give us a try free for 30 days!

Don't take our word for it. New clients get to try our services free for 30 days.

We'll put together a team of analysts, developers and designers to partner with you and get to work.

To get started, just fill out the form below.

They show a passion for understanding our business objectives

They show a passion for understanding our business objectives

They get the job done on time and are quite adept at using open source technology, which saves us money. Gunner balances pragmatism and perfectionism, which is important to us. After using them for both short term and long term projects, we cannot give a higher recommendation

Sam Petteway - CEO

5348 Vegas Drive
Las Vegas, NV 89108
GSA: GS-35F-306GA | CAGE: 7Q6F5 | DUNS: 078818362
© 2020 Gunner Technology
Privacy Policy | Terms of Use