AWS has now made its security service Detective generally available. With Detective, companies can use artificial intelligence (AI), statistical analysis and graph theory to make security alert systems even more alert.
AWS Detective was already launched as a preview during AWS re:Invent in December 2019, but has now been made generally available. The service makes alerts for possible security breaches even more alert by giving more details about the scope and purpose of security incidents. In addition, it helps customers to reconstruct hacking methods and targets.
In this way they can then visualise these attacks and thus conduct faster investigations. This then helps them to determine the cause of the incidents and the need to obtain information from different sources, according to the tech giant.
Operation AWS Detective
Detective analyses billions of security incidents via data sources such as IP traffic and from errors in VPC Flow logs. It also scans the services of AWS itself for incidents, such as AWS CloudTrail and AWS GuardDuty.
The security service then generates an interactive overview of sources and end users. Subsequently, these overviews are combined with each other and enables mutual interaction. These overviews are constantly updated because more data becomes available. This makes it possible for customers to see exactly what lies behind a malicious action they encounter. This enables them to determine the best way to solve the problem.
More specifically, Amazon Detective uses machine learning to create graphical examples of account behavior and ask questions about whether certain traffic is normal. Customers then do not have to create special scripts or algorithms for this and therefore do not have to write code.
Cost and availability
The costs for AWS Detective depend on how much data is used from AWS CloudTrail, VPC Flow logs and results from AWS GuardDuty. The service can support up to one year of created data.
The security service is now available in the AWS regions US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo). Other regions will be added.