By Nicola Wright
Amazon Detective, a new AWS service that helps log and visualize security anomalies across AWS workloads, is now publicly available.
The tool, which was announced at AWS re:Invent last year and rolled out in preview in December, automatically collates log data from resources and uses machine learning and analysis to generate interactive visualizations.
Customers can then use these visualizations to detect anomalies and improve security processes.
Sebastien Stormacq, Amazon senior developer advocate, outlined in a blog post why such a tool was necessary to facilitate faster, more effective investigations in today’s cloud environments.
When a security issue is detected, said Stormacq, analysts have to analyze many data logs to understand the cause and the broader impact of the problem.
This can be a time and source-heavy task, including scripting and ETL, to get a full picture of the data generated by multiple siloed systems.
Add to that new accounts and apps being continuously launched, and analysts face a daunting task just to establish a baseline of what normal looks like in a cloud environment.
Amazon Detective was developed to take care of some of the laborious admin involved in processing log data.
A fully managed, multi-account service, Detective allows users to automate the processing, refining, and structuring of vast chunks of log data from disparate services like AWS CloudTrail, Amazon VPC Flow Logs, and AWS Guard Duty.
According to AWS, Amazon Detective can analyze trillions of events from these sources, across up to 1,000 AWS accounts.
It then funnels this data into a graph model and highlights patterns in behaviors and interactions across the whole AWS environment.
The service utilizes machine learning models to help users determine what is unusual and what is expected behavior, allowing them to hone in on legitimate threats and suspicious occurrences—without the need to code, configure, or tune queries themselves.
Amazon Detective can be launched from the AWS Management Console now.
There are no additional charges to use Amazon Detective for AWS customers, and no upfront commitments—you only pay for the data ingested from other services.
Pricing starts at $2 per GB, per region, per month, dropping to $0.25 for upwards of 10,000 GB.
The tool is currently available in 14 AWS regions and is already being utilized by the likes of T-Systems and Warner Media.
The Jefferson Frank Salary Survey provides a unique insight into the Amazon Web Services community. Get your free copy now.
AWS Insights Now