Amazon’s Detective service for investigating security incidents now generally available
Amazon Web Services Inc. said today its new security service Amazon Detective is now generally available, three months after it was launched in preview.
Announced at the AWS re:Invent conference in Las Vegas in December, Amazon Detective uses artificial intelligence, statistical analysis and graph theory to boost alert systems.
It does so by providing details about the size and scope of security breaches, and by helping customers to reconstruct the methods and targets of those attacks. That, in turn, helps customers to visualize and conduct faster and more efficient security investigations. The service helps companies to identify the root cause of security incidents and eliminates the need to collect logs from different data sources, Amazon said.
Amazon Detective can analyze trillions of events from data sources such as IP traffic and virtual private cloud flow logs, as well as Amazon services such as AWS CloudTrail and AWS GuardDuty. It then generates an interactive view of resources and users and their interactions with each other, and continuously updates that as more data becomes available. That enables users to identify exactly what’s behind any malicious activity they encounter and work out the best way to mitigate it.
In one example, Amazon said the service can investigate an unusual Console Login API call discovered by AWS GuardDuty and provide more details about API call trends and user login attempts on a geolocation map.
“Amazon Detective uses machine learning models to produce graphical representations of your account behavior and helps you to answer questions such as ‘is this an unusual API call for this role?’ or is this spike in traffic from this instance expected?’” Amazon’s senior developer advocate Sébastien Stormacq wrote in a blog post announcing the service. “You do not need to write code, to configure or to tune your own queries.”
Amazon said the service is priced according to the amount of data ingested from its AWS CloudTrail, VPC Flow Logs and AWS GuardDuty findings. Detective is able to maintain up to a year’s worth of aggregated data, it said.
The service is now generally available in Amazon’s US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with more to come.
In other AWS news today, Amazon also announced a new capability for its AutoGluon service, which is an open-source library that helps developers to write machine learning-based applications that use image, text or tabular datasets, with just a few lines of code.
The new capability is called AutoGluon-Tabular, and enables users to train machine learning models on tabular datasets from sources such as database tables and spreadsheets, Amazon said. Developers have been applying statistical techniques to tabular data for many years to build predictive models or gather summary statistics, the company said, but it’s a tough task.
AutoGluon-Tabular enables developers to input and assemble tabular data into models automatically, saving them from spending hours doing this manually, Amazon said. And because the services automates only the best machine learning practices sourced directly from expert data scientists, it uses every model it trains. That, Amazon claimed, means AutoGluon can produce more accurate models in far less time than other AutoML tools.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We are holding our third cloud startup showcase on Sept. 22. Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.