Amazon Detective, a new AWS service, is now available to the public. It logs and visualizes security anomalies across AWS workloads.
The tool, which was first announced at AWS Re:Invent last year, was rolled out in preview by Amazon in December. It automatically collects log data from resources, and uses machine learning and analytics to generate interactive visualizations.
These visualizations can be used by customers to detect anomalies or improve security processes.
Sebastien Stormacq is an Amazon senior developer advocate. He explained in a blog post why such tools are necessary to facilitate faster and more effective investigations in today’s cloud environments.
Stormacq said that analysts must analyze many data logs in order to determine the root cause and the wider impact of security issues.
This task can be time-consuming and resource-intensive, and may include scripting and ETL to get a complete picture of data generated by multiple siloed system.
Analysts face a daunting task to establish a baseline for what normal looks like in the cloud environment.
Amazon Detective was created to automate some of the tedious admin involved in processing log data.
Detective is a fully managed multi-account service that allows users to automate the processing and refining of large chunks of log data coming from different services such as AWS CloudTrail and Amazon VPC Flow Logs.
Amazon Detective, according to AWS, can analyze trillions events from these sources across up to 1000 AWS accounts.
The graph model then funnels the data into a graph model, which highlights patterns in behaviors or interactions across the entire AWS environment.
The service uses machine learning models to help users identify unusual and expected behavior. This allows them to focus in on legitimate threats or suspicious occurrences without the need to code, configure, tune queries.
Amazon Detective can now be launched from the AWS Management console.
Amazon Detective is free for AWS customers. There are no upfront commitments and there are no additional charges. You only pay for data that you have ingested from other services.
Pricing starts at $2 perGB, per region, and per month, dropping down to $0.25 for more than 10,000 GB.
The tool is available in 14 AWS regions currently and is being used by Warner Media and T-Systems.
What should you pay for AWS professionals? The Jefferson Frank Salary Survey gives you an exclusive insight into the Amazon Web Services community. Get your copy now.
Download the report
