Last year, Accenture Plc mistakenly allowed four Amazon Web Services Inc. S3 databases containing customer information and confidential application program interface data to be exposed to public download. Fortunately, the exposure was caught in September and the assets were secured, but the incident was a sharp reminder that the cloud carries cybersecurity risks of its own.

The need for vigilance in cloud security was highlighted at AWS re:Invent conference two months after the Accenture exposure though a series of announcements involving the cloud provider’s partners. Sumo Logic Inc., Datrium Inc. and ExtraHop Networks Inc. all announced new solutions for the AWS platform that were designed to bolster security and enhance data recovery.

“Security has always been an afterthought when it comes to workloads and data in the cloud,” said Ramin Sayar (pictured), president and chief executive officer of Sumo Logic, in reference to the approach taken by many information technology customers. “When they move from the traditional world to this new world of cloud, there’s uncertainty about what to do.”

Sayar visited the set of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and spoke with host Lisa Martin (@LuccaZara) and guest host Keith Townsend (@CTOAdvisor) during the AWS re:Invent conference in Las Vegas, Nevada.

In separate interviews during the event, Craig Nunes, vice president of marketing at Datrium and Sazzala Reddy, Datrium’s co-founder, spoke with theCUBE host John Walls (@JohnWalls21) and guest host Justin Warren (@jpwarren); and Eric Thomas, director of solutions architecture at ExtraHop spoke with Walls and Townsend. The interview discussions focused on major announcements regarding AWS security and recovery tools during the conference and the growth of analytics-driven companies for enterprise IT support. (* Disclosure below.)

GuardDuty watches the cloud gate

One of the new AWS tools, GuardDuty, is a threat detection service that utilizes machine learning. The new service monitors cloud data streams, scanning for unusual account practices, such as launching an application in a region of the world where a company has not done business. Because GuardDuty also watches for misconfigurations, the opening of an S3 bucket (such as in the Accenture situation) would presumably be caught and subjected to further scrutiny.

When GuardDuty generates alerts, these can also be directed to third-party services like Sumo Logic. “We’ve been pushing Amazon to really up their game on security, so we designed the GuardDuty service to really start to provide a lens into threat intelligence with respect to cloud data,” Sayar said.

Sumo Logic’s threat analysis model is based on the emerging security principle of continuous intelligence, using machine learning to gain knowledge from every scan and then reapply that to the enterprise. The goal is to gain a better understanding of what a normal pattern of IT usage is and what it’s not.

“We evaluate everything from your source code control system to your continuous release and deployment to your downstream monitoring,” Sayar explained. “We surface that up into a very salient view in terms of dashboards and alerts.”

Watch the complete video interview with Ramin Sayar below:

ExtraHop drives real-time analytics

Another announcement that emerged from the gathering in Las Vegas was a new release from ExtraHop that has been integrated into the AWS platform. ExtraHop, a specialist in real-time analytics, announced that it would provide enhanced visibility for AWS CloudTrail, CloudWatch and VPC Flow log data.

Criminal hackers aren’t slowing down, and ExtraHop has found an engaged audience with AWS and customers who are constantly under attack from ransomware threats and phishing scams. The company recently helped a county hospital in Ohio beat back a ransomware attack by quickly analyzing log data and finding the precise click-through that injected malware into the network. The company’s approach is to find the attack source within seconds.

“Some vendors say real-time means 15 or 10 minutes,” Thomas said. “That’s not really enough to try and find a ransomware infection and stop it.”

ExtraHop has focused extensively on security for wire data, the continuous flow of network and business information across the infrastructure. As microservices and other abstractions become more entrenched in the enterprise application layer, the need for tracking and finding security anomalies becomes even more of a challenge.

“We auto-discover systems and services running across virtual or physical networks, which means you don’t have to configure things ahead of time,” Thomas said. “We see services spin up, spin down, move across availability zones, and we just track all of that as it happens.”

Watch the complete video interview with Eric Thomas below:

Datrium transitions onsite recovery to cloud

Mounting security threats have also placed more pressure on IT organizations to maintain effective backup and recovery systems. During AWS re:Invent, Datrium announced availability of its DVX recovery service as a cloud-based solution for virtual machines hosted on AWS.

Offered as a software as a service implementation, the Datrium product provides incremental backups and deduplication as a way to provide cloud-based recovery for lower cost. “The numbers just haven’t been there in terms of the economics of [cloud-based recovery],” Nunes said. “We felt like we could do something about that with some innovative technology.”

The concept behind Datrium’s global deduplication model is to provide IT customers with a way to backup machines within the hyperconverged infrastructure. Using the public cloud for offsite recovery has been a challenge because backup datasets can be large and are usually driven by a consistent full-scale schedule.

“We extended global deduplication all the way to the cloud,” Reddy said. “Over the wire transfer is very convenient and very cheap.”

Watch the complete video interview with Craig Nunes and Sazzala Reddy below:

Rise of the analytics economy

The integration of new security monitoring and recovery tools with AWS foreshadows the rise of what Sumo Logic’s Sayar described as the “analytics economy.” As enterprise security concerns grow, the need for continual threat monitoring combined with machine learning tools to become more adept at spotting anomalies has created an ecosystem of companies to provide new services, both on-premises and in the cloud. Data, analytics and partnerships form the common bond.

“All of this technology, all of this power that’s being delivered and announced [in November] is empowering a slew of new use cases that have not been yet addressed,” Sayar said. “We feel like we’re the forerunner for that.”

Be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: Sumo Logic Inc., Datrium Inc. and ExtraHop Networks Inc. sponsored this segment of theCUBE. Neither Sumo Logic, Datrium, ExtraHop nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE