Amazon Web Services (AWS) has announced the general availability of Amazon Detective, a new security service that would make it easy for customers to conduct faster and more efficient investigations into security issues across their AWS workloads.
When organizations face a cloud security issue like compromised user credentials or unauthorized access to a resource, security teams must conduct an investigation to understand the cause, assess the impact, and determine the remediation steps. Before an investigation can even begin, security teams must first collect and combine terabytes of potentially relevant data from network, application, and security monitoring systems, and make it available in a way that allows their security analysts to infer related anomalies.
Amazon Detective helps security teams conduct “faster and more effective” investigations. Amazon Detective automatically collects log data from a user’s resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that help users analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
There would be no additional charges or upfront commitments required to use Amazon Detective, and customers would pay only for data ingested from AWS CloudTrail, Amazon Virtual Private Cloud (VPC) Flow Logs, and Amazon GuardDuty findings.
Cloud Security Investigations
“Even when customers tell us their security teams have the tools and information to confidently detect and remediate issues, they often say they need help when it comes to understanding what caused the issues in the first place,” said Dan Plastina, Vice President for Security Services at AWS. “Gathering the information necessary to conduct effective security investigations has traditionally been a burdensome process, which can put crucial in-depth analysis out of reach for smaller organizations and strain resources for larger teams. Amazon Detective takes all of that extra work off of the customer’s plate, allowing them to focus on finding the root cause of an issue and ensuring it doesn’t happen again.”
Amazon Detective is available today in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with more regions coming soon.