Amazon announces Detective, the tool to resolve security incident cases
Amazon Detective is a new tool announced by Amazon to reconstruct infrastructure behavior on AWS and trace the origin of security problems. It works by analyzing logs with artificial intelligence.
Amazon has announced the availability of Amazon Detective. This tool uses machine learning techniques to identify anomalies in customer resources by putting together log data and various tools already made available by Amazon as AWS Guard Duty. Announced as a preview last year, Amazon Detective helps large and small businesses identify the problems causing security incidents.
Amazon Detective, the Sherlock to find security problems
It is no coincidence that Amazon has chosen to call this solution ” Detective “: the work of identifying the problems that led to a security incident is much more similar to that of an investigator than you think, since it requires looking for clues within the logs and to follow the various tracks to trace the flaw that led to the problem.
This work is very tiring and requires time and resources that not all companies have: small businesses do not have access to staff or tools to conduct an investigation of this type, while large businesses still have to face a titanic enterprise in the analysis of the enormous amount of data.
Amazon Detective collects the logs of the resources present on AWS and includes AWS Guard Duty, AWS CloudTrail, and Virtual Private Cloud Flow Logs to build an interactive graph (a graph, to be precise) that allows you to have a visual representation of the interaction between the various components. In this way, it is possible to trace the root of the problems, identifying unexpected interactions or incorrect configurations.
To achieve this, Amazon Detective uses a large amount of data, covering up to a year of time, correlating them, and providing a history. For example, Detective can provide information on a specific API call to evaluate whether it has been used for malicious purposes in the past by reconstructing its usage history.
The functionality is available for multiple accounts and allows you to concentrate the data of up to 1,000 accounts to get an overview of what is happening in a company’s AWS environment.
Amazon says there are no specific costs for using Detective and that there is a flat fee for each GB of data processed from Cloud Duty, CloudTrail, and Virtual Private Cloud Flow Logs. Further details can be found in the official announcement of the availability of the service.