Machine Learning-Powered Amazon Detective Exits Preview
The Amazon Detective managed security service became generally available this week, after being in preview since December.
First announced at the 2019 re:Invent conference, Amazon Detective uses machine learning to investigate security events across a user's entire Amazon Web Services (AWS) environment. It mines information from multiple AWS data stores -- such as AWS CloudTrail, AWS GuardDuty and Amazon VPC Flow Logs -- and creates visualizations that show the origins and effects of specific security events.
Unlike other AWS services like Macie and GuardDuty that simply identify security weaknesses and send alerts, Amazon Detective is designed for situations in which it's necessary to analyze "large quantities of AWS log data to determine the cause and impact of a security issue," wrote Sébastien Stormacq, AWS developer evangelist, in a blog post Tuesday.
Such situations normally require significant scripting work, the use of ETL and SIEM tools, and proficiency in data science to organize and contextualize all the relevant information. Amazon Detective, Stormacq explained, automates that process.
"Amazon Detective uses machine learning models to produce graphical representations of your account behavior and helps you to answer questions such as 'is this an unusual API call for this role?' or 'is this spike in traffic from this instance expected?'" he wrote. "You do not need to write code, to configure or to tune your own queries."
Users can run Amazon Detective across as many as 1,000 AWS accounts, giving them a comprehensive view of their entire cloud environment. They can also keep data visualizations for up to one year, useful for tracking log behaviors over a long term.
Amazon Detective is currently available in these 14 regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Canada (Central), and South America (São Paulo). More information is available here.
Gladys Rama (@GladysRama3) is the editor of Redmondmag.com, RCPmag.com and AWSInsider.net, and the editorial director of Converge360.