Introduction to Amazon Detective Service

Introduction to Amazon Detective Service

5 mins read519 Views Comment
clickHere
Updated on Oct 20, 2022 09:39 IST

Amazon Detective is intended to automatically collect log data from customers’ AWS resources and use various technologies to assist users in visualizing and conducting timely and accurate protection inquiries.

2022_03_detective.jpg

Amazon Detective simplifies the analysis, investigation, and rapid identification of potential security issues. It is the AWS family’s newest security service. Amazon Detective makes it simple to investigate the root cause of security issues.

Amazon Detective detects potentially dangerous actions and security concerns. It combines statistical analysis, machine learning, and graph theory with AWS resource log data. It automatically ingests security data. Hence, there is no need to organize data, set up and tune queries, or script any algorithms to supervise security alerts. 

There are also no upfront costs for data collection and no extra software memberships or applications to deploy. You start paying for the security alerts that the Detective analyses.

In this article, we will discuss Amazon Detective in great detail. But, before proceeding further, let’s go through the topics that we will be covering in this article:

  1. How does Amazon Detective work?
  2. Features of Detective
  3. Benefits of Detective
  4. Key concepts of Amazon Detective
  5. Pricing of Detective

How does Amazon Detective work?

Detective automatically extracts time-based events from AWS CloudTrail and Amazon VPC flow logs, such as API calls, login attempts, and network traffic. It also consumes GuardDuty-detected findings.

Detective creates a baseline to determine whether API calls are normal for the role or not. It also determines traffic spikes from a specific instance are out of character. Detective gathers and integrates terabytes of log data, transforms it for analysis, and provides visualizations to detect anomalies.

It employs machine learning models to generate graphical representations of account behavior. This also assists in answering questions like “Is this a custom API call for this role?”.

There is no need to write a unique script or customize your queries. And, hence this is how Amazon Detective enables you to conduct investigations more rapidly and efficiently.

Let’s try to understand the working of Detective using the figure shown below:

2022_03_dete-2.jpg

Features of Detective

There are many features of Amazon Detective. Some of those are:

  • Simple deployment requires no upfront payment: No upfront costs for data collection and no extra software memberships or applications to deploy. You start paying for the security alerts that the Detective analyses.
  • Integrate seamlessly to investigate a security finding: Amazon Detective works with AWS security services such as Amazon GuardDuty, AWS Security Hub, and others. This aids in the rapid investigation of security issues discovered in these services.
  • For example, from an Amazon GuardDuty discovery, you can launch Amazon Detective by selecting “Investigate,” which provides instant insight regarding the particular activity.
  • Data collection is done automatically across your AWS accounts: Amazon Detective gathers and analyses events from data sources such as Amazon GuardDuty and VPC Flow Log. It stores combined data for up to a year for analysis.
  • Consolidates various events into a graph model: Amazon Detective can display the data graphically. This dramatically improves the user’s understanding of the data. The graph provides context and relationships.

For example, the representation of an IP address connected to an EC2 instance and an API call issued by a role in a specific period.

Benefits of Detective

There are many benefits of Detective. Some of those are:

  • Supports easy-to-use visualizations: Detective generates visualizations containing the data you need to examine and respond to threat findings. It keeps up to a year’s worth of combined data that shows changes over a specified time and links those changes to threat findings.
  • Provides continuous data updates that save time and effort: Detective automatically processes terabytes of event data such as IP traffic, AWS management operations, and other topics. As a result, it reduces the time and effort required to complete these tasks manually.
  • Allows faster and effective investigations: Detective provides a centralized view of user and asset interactions over time. All context and details are in one place, to assist you in quickly analyzing and determining the root cause of a threat found.

Check Out the Best Online Courses

Key concepts of Amazon Detective

Some of the key components of Amazon Detective are:

  • Behaviour Graph: A behaviour graph is a linked set of data generated from Amazon Detective source data. This source data is ingested from one or more AWS accounts. The behavior graph uses the source data. This allows you to create a comprehensive picture of your systems, users, and interactions over time.
  • Profile Panel Visualizations: Profile panels provide an analyst with answers to specific questions about a finding. This is done by visualizing data and providing supporting guidance.
  • Scope Time: The scope time is a time frame that surrounds the security incident. Typically beginning when the questionable activity was found and ending when it stopped.

Explore Free Online Courses with Certificates

Pricing of Detective

A 30-day free trial of Amazon Detective is available. During the 30-day free trial period, you will have access to the full Detective feature set.

Let’s have a look at the pricing for the Asia Pacific (Mumbai) per account/region/month:

Usage Cost
First 1,000 GB $2.50 per GB
Next 4,000 GB $1.25 per GB
Next 5,000 GB $0.63 per GB
Next 10,000 GB $0.31 per GB

Conclusion:

In today’s article, we went over the Amazon Detective in great detail. I hope that by writing this article, I was able to dispel some of your concerns.

If you are looking for a comprehensive course in Cloud Computing, then these cloud courses may be useful. This program assists interested students who want to become full-fledged Cloud professionals.

Top Trending Tech Articles:
Career Opportunities after BTech | Online Python Compiler | What is Coding | Queue Data Structure | Top Programming Language | Trending DevOps Tools | Highest Paid IT Jobs | Most In Demand IT Skills | Networking Interview Questions | Features of Java | Basic Linux Commands | Amazon Interview Questions

Recently completed any professional course/certification from the market? Tell us what liked or disliked in the course for more curated content.

Click here to submit its review with Shiksha Online.

FAQs

What is Amazon Detective?

Amazon Detective detects potentially dangerous actions and security concerns while making it easy to analyze the potential cause of security issues.

What are the advantages of using Amazon Detective?

Amazon Detective's advantages are that it supports easy-to-use visualizations, provides continuous data updates that save time and effort, allows faster and more effective investigations, etc.

What are the features of Amazon Detective?

Amazon Detective's features are that its simple deployment requires no upfront payment, integrates seamlessly to investigate a security finding, data collection is done automatically across your AWS accounts, consolidates various events into a graph model, etc.

What are the key concepts of Amazon detective?

Amazon Detective's key concepts are Behavior Graph, Profile Panel Visualizations, Scope Time, etc.

About the Author

This is a collection of insightful articles from domain experts in the fields of Cloud Computing, DevOps, AWS, Data Science, Machine Learning, AI, and Natural Language Processing. The range of topics caters to upski... Read Full Bio

Comments