--- title: "Optimizing cloud security: amazon guardduty and Sumo Logic" page_name: "Optimizing Cloud Security: Amazon GuardDuty and Sumo Logic" type: "blog" slug: "cloud-security-guardduty" published_at: "2017-11-29" modified_at: "2026-01-30" url: "https://www.sumologic.com/blog/cloud-security-guardduty" canonical: "https://www.sumologic.com/blog/cloud-security-guardduty" markdown_url: "https://www.sumologic.com/blog/cloud-security-guardduty.md" lang: "en" excerpt: "Our GuardDuty app with pre-built dashboards, leverages and optimizes Amazon GuardDuty findings to show trends and outliers over time to simplify management and monitoring security and compliance in AWS cloud environments." taxonomy_blog_category: - "AWS" - "Compliance" - "SecOps & Security" --- [ All blogs ](https://www.sumologic.com/blog "blog")[AWS](https://www.sumologic.com/blog/aws), [Compliance](https://www.sumologic.com/blog/compliance), [SecOps & Security](https://www.sumologic.com/blog/secops-security) # Optimizing Cloud Security: Amazon GuardDuty and Sumo Logic [Mike Reinhart](#blog-author-block-230) November 29, 2017 3 min read [AWS](https://www.sumologic.com/blog/aws), [Compliance](https://www.sumologic.com/blog/compliance), [SecOps & Security](https://www.sumologic.com/blog/secops-security) ##### Table of contents **Security concerns and skill shortages continue to impede cloud adoption** Migration to the cloud is still being hampered by the security concerns this new frontier poses to these organizations and due to the same cybersecurity skills gaps already present in many if not most of these organizations today. This was highlighted in a 2017 survey by Forbes where 49% of respondents stated that they were delaying cloud deployment due to a cyber security skills gap. And even with adequate staffing, those organizations who have adopted some facet of cloud into their organization, express concerns in their abilities to monitor and manage these new environments. **Sumo Logic and Amazon GuardDuty to the rescue** Sumo Logic was founded over seven years ago, by security industry professionals, as a secure, cloud-native, machine data analytics platform, to convert machine data into real-time continuous intelligence, providing organizations with the full-stack visibility, analytics and insights they need to build, run and secure their modern applications and cloud infrastructures. The Sumo Logic platform provides security analytics and visibility across the entire AWS environment with context derived from details such as user access, platform configurations, changes, and with the ability to generate audit trails to demonstrate compliance with industry standards. Sumo Logic also correlates analytics from Crowdstrike threat intelligence to identify risks and threats in the AWS environment such as communications with malicious IPs, URLs, or Domains. At AWS’ annual re:Invent 2017 conference in Las Vegas this week, they announced the availability of **Amazon GuardDuty**. GuardDuty, provides AWS users with a continuous security monitoring and threat detection service. And due to Sumo Logic’s strong, and long standing relationship with AWS, Sumo Logic was provided early access to the beta version of GuardDuty, which allowed the team to develop, announce and release in parallel with Amazon, the complimentary **Sumo Logic Amazon GuardDuty App**. [](/wp-content/uploads/GuardDutyOverview-2.png)Click to enlarge **The way GuardDuty works** is by gathering log data from three distinct areas of the AWS cloud environment including: - **AWS Virtual Private Cloud (VPC) “flow logs”** - **AWS CloudTrail “event logs”** - **AWS Route 53 DNS “query logs”** Along with the log data above, AWS provides additional sources of context (including threat intel associated with the AWS environment) to provide users with identification of potential threats in their environments. These potential threats are called “***findings***” by GuardDuty. Each “finding” provides users with details about each of the threats identified so that they can take any necessary action as needed. **“Findings” details** include to following information: - - **Last seen** – the time at which the activity took place that prompted the finding. - **Count** – the number of times the finding was generated. - **Severity** – the severity level (High, Medium, or Low) - ***High*** – recommendation to take immediate remediation steps. - ***Medium*** – investigate the implicated resource at your earliest convenience. - ***Low*** – suspicious or malicious activity blocked. No immediate action needed. - **Finding Type – details and include the:** - *Threat Purpose* (more details available in the GuardDuty User Guide): - - - Backdoor - Behavior - Cryptocurrency - Pentest - Recon - Stealth - Trojan - UnauthorizedAccess - ***Resource Type Affected: with the initial release of GuardDuty “only EC2 instances and IAM users (and their credentials) can be identified in findings as affected resources”*** - Threat Family Name: the overall threat or potential malicious activity detected. - Threat Family Variant: the specific variant of the Threat Family detected. - Artifact: a specific resource owned by a tool used in the attack. - **Region** – the region in which the finding was generated. - **Account ID** – the ID of the AWS account in which the activity took place t - **Resource ID** – the ID of the AWS resource against which the activity took place - **Target** – the area of your AWS infrastructure where GuardDuty detected potentially malicious or anomalous activity - **Action** – the activity that GuardDuty perceived to be potentially malicious or anomalous. - **Actor** – the user that engaged in the potentially malicious or unexpected activity **The Sumo Logic Amazon GuardDuty App** **Value-Add** **Pre-built Sumo Logic GuardDuty dashboards**: Sumo Logic provides a single pane of glass to reduce the complexity of managing multiple environments, with pre-configured, user friendly and customizable dashboards that take GuardDuty’s linear data format and layers-on rich graphical reporting and depictions of trends over time. [](/wp-content/uploads/guardDuty_groupDetails_wide-1.png)Click to enlarge **Click to Fix:** The Sumo Logic Amazon GuardDuty App allows users to rapidly, and visually identify “findings”, ranked by their severity levels (high, medium, and low), and can simply click on any of them to be automatically routed to their AWS environment to take any necessary actions for remediation. **Value-added Context:** The Sumo Logic Amazon GuardDuty App adds additional sources of analytics for deeper and wider visibility in the AWS environment and context across the organization including full stack visibility into application/infra logs, Application/Elastic Load Balancer (ALB/ELB) performance, and supplemental threat intel provided by Crowdstrike with no additional fees. The new Amazon GuardDuty offering along with capabilities from Sumo Logic’s tightly integrated GuardDuty App provides organizations with the tools they need to more simply and effectively manage and monitor their AWS cloud environments. And with the visibility for more rapid detection and remediation of real and potential threats to mission critical resources in those environments. - Get the [Sumo Logic Amazon GuardDuty App](https://www.sumologic.com/app-catalog/aws-guardduty) - [Sign up for Sumo Logic instantly and for free](https://www.sumologic.com/sign-up/) - Watch the [Sumo Logic product overview video.](http://sumolo.gs/18SQCQ0) ### Article Tags - [AWS](https://www.sumologic.com/blog/aws) - [Compliance](https://www.sumologic.com/blog/compliance) - [SecOps & Security](https://www.sumologic.com/blog/secops-security) Mike Reinhart Mike Reinhart serves as Sumo Logic’s director of product marketing for cloud security & compliance and brings decades of leadership experience in global technology companies from some of the world’s largest corporations to the early stage start-ups, focused on cloud, SaaS, communications and security service offerings. His background includes defining, developing, new markets and leading the go-to-market strategies and efforts for these new security and technology offerings. Mike holds a Bachelor of Science degree in Information Systems Management and is regularly sought after to speak at security industry, compliance and technology events worldwide. [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Optimizing%20Cloud%20Security%3A%20Amazon%20GuardDuty%20and%20Sumo%20Logic&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fcloud-security-guardduty "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fcloud-security-guardduty "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fcloud-security-guardduty "Linkedin") [Previous blog Monitoring k8s-powered Apps with Sumo Logic](https://www.sumologic.com/blog/k8s-monitoring)[Next blog Finding and Debugging Memory Leaks with Sumo](https://www.sumologic.com/blog/memory-leaks-finding-debugging) People who read this also enjoyed [ Eight best practices for a successful cloud migration strategy June 16, 2026 ](https://www.sumologic.com/blog/best-practices-for-cloud-migration-strategy)[ OCSF for Security Hub: Sumo Logic and AWS speaking the same language September 30, 2025 ](https://www.sumologic.com/blog/sumo-logic-aws-ocsf-security-hub)[ Enhance your cloud security visibility with the updated AWS CloudTrail app July 16, 2025 ](https://www.sumologic.com/blog/enhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app)[ How to create and monitor an AWS Lambda function in Java 11 April 15, 2025 ](https://www.sumologic.com/blog/how-to-write-aws-lambda-function-in-java8) [AI Instructions](https://www.sumologic.com/ai-instructions.md)