Skip to main content

HAQM GuardDuty
Start your 30-day free trial with the AWS Free Tier

HAQM GuardDuty

Protect your AWS accounts, workloads, and data with intelligent threat detection

Create an AWS Account

Benefits of HAQM GuardDuty

Keep your accounts, workloads, and data secure by continuously monitoring for potential threats across your AWS environment.
Rapidly detect threats using anomaly detection, AI, ML, threat intelligence, and behavioral modeling.
Quickly identify, correlate, and respond to threats with automated analysis and tailored remediation recommendations to help minimize business disruption.
Scale threat detection across all accounts in your AWS environment with automated analysis that helps streamline your threat detection and reduces manual effort.
Safeguard your accounts, data, and resources across various AWS compute types, spanning HAQM Elastic Compute Cloud (HAQM EC2), serverless workloads, and container workloads—including those on AWS Fargate.

What is GuardDuty?

HAQM GuardDuty uses AI and ML with integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.

How it works

HAQM GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

Missing alt text value

GuardDuty for AWS workload protection

Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.

GuardDuty is capable of analyzing over a trillion HAQM Simple Storage Service (HAQM S3) events per day. Continuously monitor and profile HAQM S3 data access events and S3 configurations to detect suspicious activities such as requests coming from an unusual geolocation, disabling of preventative controls like HAQM S3 Block Public Access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.

Learn more »

GuardDuty EKS Protection monitors HAQM Elastic Kubernetes Service (HAQM EKS) cluster control plane activity by analyzing HAQM EKS audit logs

Learn more »

Gain visibility into on-host, operating system-level activity and detect runtime threats from over 30 security findings to help protect your HAQM EKS clusters, HAQM ECS workloads—including serverless workloads on AWS Fargate and HAQM EC2 instances.

Learn more about GuardDuty EKS Runtime Monitoring, ECS Runtime Monitoring, and EC2 Runtime Monitoring.

Scan EBS volumes attached to HAQM EC2 instances for malware when GuardDuty detects that one of your EC2 instances or container workloads running on HAQM EC2 is doing something suspicious.

Learn more »

GuardDuty for AWS workload protection

Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.

Detect potentially harmful uploads to your HAQM S3 buckets with integrated, scalable, and fully managed malware scanning.

Learn more »

Using tailored ML models and integrated threat intelligence, GuardDuty can detect potential threats in HAQM Relational Database Service (HAQM RDS), starting with HAQM Aurora, such as high-severity brute force attacks, suspicious logins, and access by known threat actors.

Learn more »

Continuously monitor network activity, starting with VPC Flow Logs, from your serverless workloads to detect threats such as AWS Lambda functions maliciously repurposed for unauthorized cryptocurrency mining or compromised Lambda functions that are communicating with known threat actor servers.

Learn more »

Use cases

Identify multi-stage attack sequences like abnormal removal of artificial intelligence (AI) security guardrails, model usage, or exfiltrated HAQM EC2 credentials being used to call APIs in HAQM Bedrock, HAQM SageMaker, or self-managed AI workloads.

Triage threats more quickly with automated threat signal correlation and prescriptive remediation recommendations. Determine root cause with HAQM Detective. Route findings to AWS Security Hub and HAQM EventBridge or third-party solutions.

Initiate scans of your HAQM Elastic Block Store (HAQM EBS) volumes associated with your HAQM EC2 instances and container workloads, and automatically monitor uploads to HAQM S3 buckets, to detect the presence of malware, such as backdoor intrusions, cryptocurrency-related activity, and trojans.

Remove complexity for security and application teams with a single place to identify, profile, and manage threats to your AWS container environments across HAQM EKS and HAQM ECS—including both instance and serverless container workloads

Demonstrate an ability to meet intrusion detection requirements mandated by certain compliance frameworks.