Introducing Amazon Detective: Here’s What MSSPs Need to Know
Amazon Detective, an Amazon Web Services (AWS) offering designed to help organizations analyze and visualize security data and identify security issues, is now being previewed to partners and customers. The company announced the preview at this week’s AWS re:Invent 2019 conference in Las Vegas, Nevada.
Amazon Detective starts collecting log data as soon as it is enabled and provides visual summaries and analytics related to ingested data, according to the company. It also provides comparisons of recent activity against historical baselines which are established after two weeks of account monitoring.
Furthermore, Amazon Detective analyzes trillions of security events from multiple data sources, including Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail and Amazon GuardDuty, the company said. It automatically creates a unified view of resources, users and the interactions between them and enables security teams to visualize relevant details and context.
We’re watching to see if or how MSSPs (managed security services providers), security analysts and corporate security operations centers (SOCs) potentially leverage Detective in their businesses.
Amazon Detective Security Integrations: Initial Technology Partners
Meanwhile, several cybersecurity companies have announced Amazon Detective security integrations, including:
- Barracuda Networks: Barracuda Cloud Security Guardian users can leverage Amazon Detective to gain insights into security threats or violations.
- Check Point Software Technologies: Check Point CloudGuard Log.ic users can leverage Amazon Detective to access cloud security intelligence, analytics and visualizations related to potential security incidents.
- McAfee: MVISION Cloud users can leverage Amazon Detective to explore ways to accelerate incident response and remediation, as well as determine the appropriate tools to deploy during incident investigations.
Amazon Detective is currently available in preview at no cost to those approved for access. The preview is available across the following AWS regions: US-East (Northern Virginia), US-East (Ohio), US-West (Oregon), EU (Ireland) and Asia Pacific (Tokyo).