What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Security Tools Compared: GuardDuty, Security Hub, Config, and More

AWS's security service portfolio can be disorienting. There's GuardDuty, which does threat detection. There's Security Hub, which aggregates findings. There's Config, which tracks configuration compliance. There's Inspector for vulnerability scanning. There's Macie for data classification. There's Detective for investigation. Each overlaps with others in ways that aren't obvious from the product names or marketing descriptions.

This comparison clarifies what each service does, what gaps remain when using only that service, and how the services fit together in a complete security monitoring stack.

AWS GuardDuty

What it does: Machine learning-based threat detection analyzing CloudTrail management events, VPC Flow Logs, and DNS query logs. Detects active threats: credential compromise, unauthorized EC2 usage, malware communication, and account reconnaissance. Generates findings for specific detected threats.

What it doesn't do: GuardDuty doesn't evaluate security configuration or compliance. It won't tell you that your S3 bucket is public, your security groups are overly permissive, or that you haven't enabled MFA on IAM users. It detects active threats, not configuration weaknesses.

Limitations: GuardDuty requires time to establish behavioral baselines. New accounts generate more false positives as GuardDuty learns normal patterns. Finding volume can be high in complex environments, requiring suppression rule management. Regional — must be enabled in every region separately.

AWS Config

What it does: Tracks AWS resource configuration continuously, evaluates configuration against managed and custom rules, and maintains a configuration history for every resource. Identifies compliance drift: resources that were configured correctly but have changed to a non-compliant state.

What it doesn't do: Config doesn't detect active threats or analyze behavior — it evaluates configuration state. It won't tell you whether your CloudTrail logs show suspicious activity; it evaluates whether CloudTrail is enabled.

Limitations: Config can generate findings faster than they can be remediated in large environments, leading to alert fatigue. Not all AWS resources are supported as Config resource types. Conformance packs provide pre-built rule sets but require mapping to your specific compliance requirements.

AWS Security Hub

What it does: Aggregates findings from GuardDuty, Config, Inspector, Macie, and third-party partners into a single pane of glass. Applies Security Standards (AWS Foundational Security Best Practices, CIS Benchmarks) that generate compliance findings across your account. Provides a unified findings view and enables cross-service investigation.

What it doesn't do: Security Hub doesn't generate its own threat detection findings — it aggregates and correlates findings from other services. Without GuardDuty, Config, and Inspector enabled, Security Hub has little to aggregate. Security Hub shows you findings; it doesn't fix them.

When to enable: Security Hub provides the most value when you have multiple AWS security services enabled and want unified visibility. For small environments with few services, the aggregation value may not justify the cost.

AWS Inspector

What it does: Vulnerability scanning for EC2 instances, ECR container images, and Lambda functions. Identifies CVEs in OS packages and application dependencies. Integrates with ECR for continuous image scanning as new vulnerabilities are published.

What it doesn't do: Inspector doesn't detect active threats or evaluate security configuration. It identifies that a software vulnerability exists; it doesn't tell you whether it's being actively exploited.

Amazon Macie

What it does: Automated sensitive data discovery in S3 buckets. Identifies personally identifiable information (PII), financial data, health records, and credentials stored in S3 objects. Evaluates bucket security configuration (encryption, public access, access logging) and alerts on sensitive data in under-protected buckets.

What it doesn't do: Macie is S3-specific. It doesn't scan other data stores (RDS, DynamoDB, EBS). Automated discovery analyzes object samples — it may miss sensitive data in large datasets or unusual file formats.

AWS Detective

What it does: Automated investigation tool that ingests CloudTrail, VPC Flow Logs, and GuardDuty findings to build behavioral graphs. When a GuardDuty finding fires, Detective shows the full context: what the affected entity (IP, role, instance) was doing before and during the incident, what other entities it interacted with.

What it doesn't do: Detective doesn't generate findings or detect threats — it helps investigate findings from other services. Without GuardDuty generating findings, Detective's investigation value is limited.

Building a Coherent Stack

A complete AWS security monitoring stack for production environments:

GuardDuty: Threat detection (enable in all regions)
Config: Configuration compliance (enable in all regions)
Security Hub: Aggregation and Security Standards (enable for unified visibility)
Inspector: Vulnerability management for compute and container images
Macie: Data classification for S3 (enable for environments with sensitive data)
Detective: Investigation (enable for environments with active security operations)
CloudTrail: Audit logging (foundational — required for GuardDuty and Detective)

Beyond native AWS services, specialized tools like Vigilare provide additional coverage: account-level risk scoring that aggregates all these signals plus billing anomalies, proactive suspension prevention monitoring, and MSP-scale management that native services don't support natively.

FAQ

Do I need Security Hub if I already have GuardDuty and Config?

Security Hub adds value primarily through cross-service aggregation and the Security Standards checks. If you're managing GuardDuty and Config findings separately and finding the context-switching manageable, Security Hub's aggregation benefit may not justify the cost. For larger teams, organizations with multiple accounts, or environments where Security Standards compliance is required, Security Hub becomes more valuable.

Which of these services is most important to enable first?

GuardDuty first — it requires no configuration decisions and immediately starts detecting active threats. Config second — start with a small set of critical rules (encrypted storage, public access, CloudTrail enabled) and expand from there. Inspector third, specifically for any public-facing EC2 instances or production container images. The others provide incremental value on top of these core three.

Do these services work across AWS accounts?

All of them support multi-account deployment via AWS Organizations delegated administrator pattern. GuardDuty, Config, Security Hub, Macie, and Inspector all support centralized management with findings aggregated to a security account. Enable organization-level deployment for all services to ensure consistent coverage across all accounts.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO