Amazon’s Detective service for investigating security incidents now generally available
Amazon Web Services Inc. said today its new security service Amazon Detective is now generally available, three months after it was launched in preview.
Announced at the AWS re:Invent conference in Las Vegas in December, Amazon Detective uses artificial intelligence, statistical analysis and graph theory to boost alert systems.
It does so by providing details about the size and scope of security breaches, and by helping customers to reconstruct the methods and targets of those attacks. That, in turn, helps customers to visualize and conduct faster and more efficient security investigations. The service helps companies to identify the root cause of security incidents and eliminates the need to collect logs from different data sources, Amazon said.
Amazon Detective can analyze trillions of events from data sources such as IP traffic and virtual private cloud flow logs, as well as Amazon services such as AWS CloudTrail and AWS GuardDuty. It then generates an interactive view of resources and users and their interactions with each other, and continuously updates that as more data becomes available. That enables users to identify exactly what’s behind any malicious activity they encounter and work out the best way to mitigate it.
In one example, Amazon said the service can investigate an unusual Console Login API call discovered by AWS GuardDuty and provide more details about API call trends and user login attempts on a geolocation map.
“Amazon Detective uses machine learning models to produce graphical representations of your account behavior and helps you to answer questions such as ‘is this an unusual API call for this role?’ or is this spike in traffic from this instance expected?’” Amazon’s senior developer advocate Sébastien Stormacq wrote in a blog post announcing the service. “You do not need to write code, to configure or to tune your own queries.”
Amazon said the service is priced according to the amount of data ingested from its AWS CloudTrail, VPC Flow Logs and AWS GuardDuty findings. Detective is able to maintain up to a year’s worth of aggregated data, it said.
The service is now generally available in Amazon’s US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with more to come.
In other AWS news today, Amazon also announced a new capability for its AutoGluon service, which is an open-source library that helps developers to write machine learning-based applications that use image, text or tabular datasets, with just a few lines of code.
The new capability is called AutoGluon-Tabular, and enables users to train machine learning models on tabular datasets from sources such as database tables and spreadsheets, Amazon said. Developers have been applying statistical techniques to tabular data for many years to build predictive models or gather summary statistics, the company said, but it’s a tough task.
AutoGluon-Tabular enables developers to input and assemble tabular data into models automatically, saving them from spending hours doing this manually, Amazon said. And because the services automates only the best machine learning practices sourced directly from expert data scientists, it uses every model it trains. That, Amazon claimed, means AutoGluon can produce more accurate models in far less time than other AutoML tools.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.