A recent press release reports, “Today, Amazon Web Services Inc., an Amazon.com company, announced the general availability of Amazon Detective, a new security service that makes it easy for customers to conduct faster and more efficient investigations into security issues across their AWS workloads. Amazon Detective automatically collects log data from a customer’s resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that help customers analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. There are no additional charges or upfront commitments required to use Amazon Detective, and customers pay only for data ingested from AWS CloudTrail, Amazon Virtual Private Cloud (VPC) Flow Logs, and Amazon GuardDuty findings. To get started with Amazon Detective, visit https://aws.amazon.com/detective/.”
The release continues, “When customers face a security issue like compromised user credentials or unauthorized access to a resource, security teams must conduct an investigation to understand the cause, assess the impact, and determine the remediation steps. Before an investigation can even begin, customers must first collect and combine terabytes of potentially relevant data from network, application, and security monitoring systems, and make it available in a way that allows their security analysts to infer related anomalies. In order to explore the data, analysts rely on data scientists and engineers to turn seemingly simple questions like “is this normal?” into mathematical models and queries that can help produce answers. Customers then typically build custom dashboards that analysts use to validate, compare, and correlate the data to reach their conclusions. Security teams must continually re-establish baselines of normal behavior, understand new patterns of activity, and revisit application configurations as resources, accounts, and applications are added or updated in an environment. These complex and time-consuming tasks impede security teams’ ability to quickly investigate and respond to security issues.”
Read more at press.aboutamazon.com.
Image used under license from Shutterstock.com