Amazon Web Services (AWS) has announced the general availability of Amazon Detective, a new offering which aims to help customers remediate security issues across their AWS workloads more easily.
Amazon Detective, which was launched in preview at re:Invent last year, automatically collects log data from a customer's resources and uses machine learning and statistical analysis to build interactive visualisations which customers can use to deduce security anomalies.
Sebastien Stormacq, Amazon senior developer advocate, noted in a blog post how customer demands had changed from five years ago, when AWS released a solution which automatically analysed AWS CloudTrail data to generate alerts around sensitive API usage.
"Today, when a security issue is detected, such as compromised credentials or unauthorised access to a resource, security analysts cross-analyse several data logs to understand the root cause of the issue and its impact on the environment," wrote Stormacq. "In-depth analysis often requires scripting and ETL to connect the dots between data generated by multiple siloed systems.
"To further complicate matters, new AWS accounts, and new applications are constantly introduced, forcing analysts to constantly reestablish baselines of normal behaviour, and to understand new patterns of activities every time they evaluate a new security issue," added Stormacq.
Among the customers rolling out with Detective are T-Systems and Warner Media, with the product available in 14 AWS regions upon launch. There are no additional charges or upfront commitments to customers, the company added.
This can be seen as another step in the largest cloud vendors giving customers a helping hand around the ever-thorny issue of security. Yet the element of give-and-take has to remain. Take the launch of Amazon S3 Block Public Access in late 2018, which enabled extra controls to ensure S3 buckets did not become misconfigured. The year before, the company updated its dashboard so public buckets were signified with bright orange indicators. As cloud workloads become more complex, security needs to adapt with it – which is what AWS is aiming for here.
You can read the full blog post here.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.