Amazon today announced that Amazon Detective, a service that automatically collates data from customers’ Amazon Web Services (AWS) resources and taps AI, statistical analysis, and graph theory to build a data set for cybersecurity investigations, is now generally available following a preview. It’s designed to help suss out the root cause of findings while eliminating the need to collect logs from separate data sources, a desirable goal in light of the fact that data breaches exposed 4.1 billion records in the first six months of 2019, according to Risk Based Security.
Amazon Detective analyzes trillions of events from multiple data sources including IP traffic, Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon GuardDuty to generate an interactive view of resources, users, and the interactions between them over time. Within this view, which is continuously updated as new data becomes available, admins can see the details in one place to identify the underlying reasons for malicious activity, drill down into relevant historical activities, and determine the root cause.
For example, an Amazon GuardDuty finding, like an unusual Console Login API call, can be investigated in Amazon Detective with details about the API call trends over time and user login attempts on a geolocation map. Furthermore, Detective can help answer questions like “Is it normal for this role to have so many failed API calls?” or “Is this spike in traffic from this instance expected?” without requiring development, configuration, or tuning of queries and algorithms.
There are no additional charges or upfront commitments required to use Amazon Detective, says Amazon, and customers pay only for data ingested from AWS CloudTrail, VPC Flow Logs, and Amazon GuardDuty findings. Detective maintains up to a year of aggregated data that shows changes in the type and volume of activity over a selected time window, and it links those changes to security findings.
Amazon Detective is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with more regions coming soon.
Detective’s wide debut follows the launch of Amazon’s new AI-powered fraud detection and code review products, expanded machine learning experimentation and development studio, and dedicated instance for AI inferencing workloads, all of which were unveiled at the tech giant’s re:Invent 2019 conference in Las Vegas. That’s not to mention Amazon Transcribe Medical, a service that’s designed to transcribe medical speech for clinical staff in primary care settings.