It applies machine learning, statistical analysis, and graph theory to log data, building interactive visualisations to help customers analyse, investigate, and identify the root causes of potential security issues or suspicious activities.
Once enabled, Amazon Detective automatically begins distilling and organizing data from AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty findings into a graph model, and produces tailored visualisations to help customers answer questions like "is this an unusual API call?" or "is this spike in traffic from this instance expected?" without having to organise any data or develop, configure, or tune their own queries and algorithms.
Amazon Detective's visualisations help analysts quickly determine the nature and extent of issues identified by AWS security services.
Its graph model and analytics are continuously updated as new data becomes available, allowing security teams concentrate on remediation rather than data wrangling.
"Even when customers tell us their security teams have the tools and information to confidently detect and remediate issues, they often say they need help when it comes to understanding what caused the issues in the first place," said AWS vice president for security services Dan Plastina.
"Gathering the information necessary to conduct effective security investigations has traditionally been a burdensome process, which can put crucial in-depth analysis out of reach for smaller organisations and strain resources for larger teams. Amazon Detective takes all of that extra work off of the customer's plate, allowing them to focus on finding the root cause of an issue and ensuring it doesn't happen again."
WarnerMedia public cloud security leader Chris Farris (who also teaches cloud security for the SANS Institute) said "Large security organisations are tasked with protecting huge environments with diverse workloads from a multitude of threats, while the smaller organisations I talk to often don't have the resources to replicate the tooling and expertise of their bigger counterparts.
"Amazon Detective will help both of these groups reach faster, better-informed conclusions to their security investigations. It does the hard work of aggregating and analysing high-volume telemetry sources like VPC Flow logs and CloudTrail. Larger organisations will see major efficiencies, and small teams will have access to information and tooling that they'd have a hard time collecting and building on their own."
Amazon Detective is available today in various AWS regions including Asia Pacific (Sydney) and Asia Pacific (Singapore).
The only additional charge for using Amazon Detective is for data ingestion from AWS CloudTrail, Amazon Virtual Private Cloud (VPC) Flow Logs, and Amazon GuardDuty findings.