Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
N/A
Trend Micro TippingPoint
Score 8.0 out of 10
N/A
Trend Micro TippingPoint is an intrusion detection and prevention system.
In a multi-account/multi-tenant environment, GuardDuty often alerts us to possible malicious traffic before it becomes an issue. The ability to automatically enable GuardDuty creates baseline security which is crucial when an account is first created. It also helps greatly in environments where other users are able to create resources as often GuardDuty alerts us to insecure resources we did not know about. It can however sometimes be a little overzealous with its assessments alerting on benign activity which then requires suppression rules.
The inspection of data packets before they enter the firewall is a really beneficial to our security team. It segments the data from the LAN and really adds a great layer of security on top of our firewall. The technical support is very responsive and knowledgeable in use case of the product
Tipping point had a very nice GUI interface that sat on top of snort rules. It was easy to access, had nice customization of dashboards and output to syslog for SIEM solutions.
It was easy to configure rule sets, allow groups or singular allow/blocks or white-listing.
Security rule sets could be tweaked up or down and allow/drops signatures could be configured to help increase performance.
Biggest qualms I had with TippingPoint was that it was just a tad on the expensive side for what you get. Nowadays everything has gone UTM in firewalls and they do it all including IPS as part of the basic functionality so really, TP is losing a massive market share.
Don't see a future in the roadmap with so many other vendors getting onto the "unified" wagon and adding IPS as part of their service and at a cheaper price.
