Amazon Detective Is on the Case, Helped by Machine Learning

Amazon Web Services announced Amazon Detective, a new security service that uses machine learning and other technology to improve sleuthing.

"Amazon Detective is a new service in Preview that makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities," the company said in a post published during its re:Invent conference. "Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations."

How Amazon Detective Works
[Click on image for larger view.] How Amazon Detective Works (source:AWS).

While in preview, it will be available in select major AWS regions, including US-East (N. Virginia), US-East (Ohio), US-West (Oregon), EU (Ireland), and Asia Pacific (Tokyo).

"Amazon Detective can analyze trillions of events from multiple data sources such as Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon GuardDuty, and automatically creates a unified, interactive view of your resources, users, and the interactions between them over time," AWS said. "With this unified view, you can visualize all the details and context in one place to identify the underlying reasons for the findings, drill down into relevant historical activities, and quickly determine the root cause. "

AWS said the tool provides easy-to-use visualizations to help users more easily answer questions such as:

  • "Is this normal for this role to have so many failed API calls?"
  • "Is this spike in traffic from this instance expected?"

Complete documentation is available here.

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube