Cloud Security, Content

Amazon Detective: AWS Cloud Security Service Launches

Amazon Web Services (AWS) has launched Amazon Detective, a cloud service designed to help organizations investigate security incidents across their AWS workloads. The Amazon Detective release comes after AWS unveiled the service in December 2019.

Amazon Detective collects log data from an organization's resources and uses machine learning, statistical analysis and graph theory to build interactive visualizations, AWS stated. In doing so, Amazon Detective helps organizations analyze, investigate and identify the root cause of potential security issues or suspicious activities.

In addition, Amazon Detective automatically distills and organizes data from AWS CloudTrail, Amazon Virtual Private Cloud (VPC) Flow Logs and Amazon GuardDuty findings into a graph model that summarizes resource behaviors and interactions across their AWS environments, AWS noted. It also provides details, context and guidance to help organizations determine the nature and extent of issues identified by AWS security services.

Amazon Detective: Security Partner Integrations

Several cybersecurity companies have already incorporated Amazon Detective into their offerings, including:

  • ExpelIngests customer events and log data from AWS to detect security issues and suspicious activities.
  • Barracuda NetworksOffers security threat insights to Barracuda Cloud Security Guardian users.
  • Check Point Software TechnologiesProvides cloud security intelligence, analytics and visualizations to Check Point CloudGuard Log.ic users.
  • McAfee: Helps MVISION Cloud users explore ways to accelerate incident response and remediation and determine the appropriate tools to deploy during incident investigations.

Amazon Detective is available without any additional charges or upfront commitments required. To use Amazon Detective, customers pay only for data ingested from AWS CloudTrail, Amazon VPC Flow Logs and Amazon GuardDuty findings.

Public Clouds and Security Services

in addition to AWS, key rivals such as Microsoft Azure and Google Cloud Platform have been building  various security services for MSSPs, MSPs and end-customers.

Key examples include:

  • Microsoft Azure Sentinel: The cloud-native security information and event management (SIEM) tool launched in September 2019 with some MSSP partners on Day One.
  • Google Chronicle: The security analytics platform has threat detection capabilities and multiple MSSP backers.
Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.