AWS enables intelligent security investigations

Dan Berthiaume
Senior Editor, Technology
Dan Berthiaume profile picture

Amazon Web Services (AWS) is applying artificial intelligence to help users discover the root cause of security incidents.

AWS is launching Amazon Detective, a new security service that automatically collects log data from a user’s resources and uses machine learning, statistical analysis and graph theory to build interactive visualizations that help customers analyze, investigate and identify the underlying cause of potential security issues or suspicious activities. 

Customers pay only for data ingested from the AWS CloudTrail risk auditing solution, Amazon Virtual Private Cloud (VPC) flow logs, and Amazon GuardDuty threat detection solution findings. AWS is an on-demand cloud platform which operates as a subsidiary of Amazon.

Once enabled from the AWS management console, Amazon Detective begins distilling and organizing data from AWS CloudTrail, Amazon VPC flow logs, and Amazon GuardDuty findings into a graph model that summarizes resource behaviors and interactions observed across a customer’s AWS environment. Using machine learning, statistical analysis, and graph theory, Amazon Detective produces tailored visualizations to help customers answer questions like “is this an unusual API call?” or “is this spike in traffic from this instance expected?”

Amazon Detective’s visualizations provide the details, context, and guidance to help analysts determine the nature and extent of issues identified by AWS security services. The graph model and analytics are continuously updated as new telemetry becomes available from a customer’s AWS resources, allowing security teams to spend less time tending to constantly changing data sources. By letting the Amazon Detective service perform the necessary data sifting, security teams can more quickly move on to remediation.

“Even when customers tell us their security teams have the tools and information to confidently detect and remediate issues, they often say they need help when it comes to understanding what caused the issues in the first place,” said Dan Plastina, VP for Security Services at AWS. “Gathering the information necessary to conduct effective security investigations has traditionally been a burdensome process, which can put crucial in-depth analysis out of reach for smaller organizations and strain resources for larger teams. Amazon Detective takes all of that extra work off of the customer’s plate, allowing them to focus on finding the root cause of an issue and ensuring it doesn’t happen again.”