Amazon Web Services (AWS) has announced the general availability of Amazon Detective, a new security service that makes it easy for customers of the cloud platform to conduct faster and more efficient investigations into security issues across their AWS workloads.
Amazon Detective automatically collects log data from a customer’s resources to help customers analyse, investigate, and quickly identify the root cause of potential security issues or suspicious activities. There are no additional charges or upfront commitments required to use Amazon Detective, and customers pay only for ingested data.
Once enabled with a few clicks in the AWS Management Console, Amazon Detective automatically begins distilling and organising data from AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty findings into a graph model that summarises resource behaviours and interactions observed across a customer’s AWS environment.
Using machine learning, statistical analysis, and graph theory, Amazon Detective produces tailored visualisations to help customers answer questions such as, “is this an unusual API call?” or “is this spike in traffic from this instance expected?” without having to organise any data or develop, configure, or tune their own queries and algorithms.
According to Amazon, these visualisations can provide the details, context, and guidance to help analysts quickly determine the nature and extent of issues identified by AWS security services like Amazon GuardDuty and AWS Security Hub. Amazon Detective’s graph model and analytics are continuously updated as new telemetry becomes available from a customer’s AWS resources, allowing security teams to spend less time tending to constantly changing data sources. By letting the Amazon Detective service perform the necessary data sifting, security teams can more quickly move on to remediation.
Dan Plastina, vice president for Security Services at AWS, said: “Even when customers tell us their security teams have the tools and information to confidently detect and remediate issues, they often say they need help when it comes to understanding what caused the issues in the first place.
“Gathering the information necessary to conduct effective security investigations has traditionally been a burdensome process, which can put crucial in-depth analysis out of reach for smaller organisations and strain resources for larger teams. Amazon Detective takes all of that extra work off of the customer’s plate, allowing them to focus on finding the root cause of an issue and ensuring it doesn’t happen again.”
One such customer is media and entertainment giant, WarnerMedia, which creates and distributes premium and popular content to global audiences.
Chris Farris, who leads public cloud security for WarnerMedia and teaches Cloud Security for the SANS Institute, said: “Large security organisations are tasked with protecting huge environments with diverse workloads from a multitude of threats, while the smaller organisations I talk to often don’t have the resources to replicate the tooling and expertise of their bigger counterparts.
”Amazon Detective will help both of these groups reach faster, better-informed conclusions to their security investigations. It does the hard work of aggregating and analysing high-volume telemetry sources like VPC Flow logs and CloudTrail. Larger organisations will see major efficiencies, and small teams will have access to information and tooling that they’d have a hard time collecting and building on their own.”