Amazon Detective to investigate security issues within workloads

Also announced under the security banner is AWS IAM Access Analyze and AWS Nitro Enclaves.
Written by Asha Barbaschow, Contributor

Amazon Web Services (AWS) has announced three new security services: Amazon Detective, AWS IAM Access Analyzer, and AWS Nitro Enclaves.

The first is being touted as making it easy for customers to conduct faster and more efficient investigations into security issues across their workloads.

Amazon Detective is available in preview, with the company saying security investigations are made faster and easier with machine learning, statistical analysis, and graph theory.

"Before an investigation can even begin, customers must first collect and combine terabytes of potentially relevant data from network, application, and security monitoring systems and make it available in a way that allows their security analysts to infer related anomalies," AWS explained during day one of AWS re:Invent in Las Vegas.

See also: How Amazon Web Services runs security at a global scale  

"In order to explore the data, analysts rely on data scientists and engineers to turn seemingly simple questions like 'is this normal?' into mathematical models and queries that can help produce answers."

Security teams must continually re-establish baselines of normal behavior, and as AWS explained, they also then need to determine new patterns of activity and revisit application configurations as resources, accounts, and applications are added or updated.

The cloud giant believes its new offering will reduce the time-consuming tasks and allow security teams to more quickly investigate and respond to security issues.


AWS IAM Access Analyzer, meanwhile, is a new AWS Identity and Access Management (IAM) capability that the company said makes it simpler for security teams and administrators to audit resource policies for unintended access.

Rounding out the security announcements is AWS Nitro Enclaves, a new Amazon EC2 capability for customers to process highly sensitive data by partitioning compute and memory resources within an instance to create an isolated compute environment.

AWS Nitro Enclaves will be available in preview early 2020.

See also: re:Invent 2019: Amazon is all-in on custom silicon (TechRepublic)

"Security leaders often tell us that one of the things that excites them most about the cloud is the potential to drastically reduce the amount of time and resources their teams dedicate to chores that aren't central to the goal of building and operating a secure environment," AWS CISO Steve Schmidt said.

"Each of the offerings we introduced today represents a different approach to helping customers be more secure, but they're all designed to decrease the amount of time security teams spend on tasks like checking configurations, aggregating data, and devising custom solutions to remove needless churn from crucial security processes.

"This will help customers move sensitive workloads to the cloud more easily, protect their resources more efficiently, and unburden their security teams to focus on the high-judgement work that makes them indispensable."

Asha Barbaschow travelled to re:Invent as a guest of AWS.

Editorial standards