Amazon Web Services (AWS) has launched Amazon Detective, a cloud service designed to help organizations investigate security incidents across their AWS workloads. The Amazon Detective release comes after AWS unveiled the service in December 2019.
Amazon Detective collects log data from an organization's resources and uses machine learning, statistical analysis and graph theory to build interactive visualizations, AWS stated. In doing so, Amazon Detective helps organizations analyze, investigate and identify the root cause of potential security issues or suspicious activities.
In addition, Amazon Detective automatically distills and organizes data from AWS CloudTrail, Amazon Virtual Private Cloud (VPC) Flow Logs and Amazon GuardDuty findings into a graph model that summarizes resource behaviors and interactions across their AWS environments, AWS noted. It also provides details, context and guidance to help organizations determine the nature and extent of issues identified by AWS security services.
Amazon Detective: Security Partner Integrations
Several cybersecurity companies have already incorporated Amazon Detective into their offerings, including:
- Expel: Ingests customer events and log data from AWS to detect security issues and suspicious activities.
- Barracuda Networks: Offers security threat insights to Barracuda Cloud Security Guardian users.
- Check Point Software Technologies: Provides cloud security intelligence, analytics and visualizations to Check Point CloudGuard Log.ic users.
- McAfee: Helps MVISION Cloud users explore ways to accelerate incident response and remediation and determine the appropriate tools to deploy during incident investigations.
Amazon Detective is available without any additional charges or upfront commitments required. To use Amazon Detective, customers pay only for data ingested from AWS CloudTrail, Amazon VPC Flow Logs and Amazon GuardDuty findings.
Public Clouds and Security Services
in addition to AWS, key rivals such as Microsoft Azure and Google Cloud Platform have been building various security services for MSSPs, MSPs and end-customers.
Key examples include:
- Microsoft Azure Sentinel: The cloud-native security information and event management (SIEM) tool launched in September 2019 with some MSSP partners on Day One.
- Google Chronicle: The security analytics platform has threat detection capabilities and multiple MSSP backers.