We all need some level of security both in real life and in the virtual space. Having in mind the vast development of cloud computing and technology, we need to be aware of the fact that the threats are also evolving. Especially those that can be placed in the global network. As an experienced Solutions Architect, I must admit that designing a good architecture security solution is one of the interesting things to do. So let me dive deep into one of the most useful services of AWS, which is currently one of my favourites.
Amazon Detective — it’s a security service, that helps in tracking down and detecting potentially dangerous activities and security issues in your environment. So, why it’s so special you ask? Simply because of the use of machine learning, statistical analysis and graph theory in combination with AWS cloud. What makes it so effective is the fact that it can be used with such services as AWS CloudTrail, VPC Flow Logs and Amazon GuardDuty. That means integration is one easy thing.
The mechanism behind the service is quite simple. Firstly, you need to launch it on your AWS console and then the investigation begins! The service pulls out all the data and puts them into order on a graph model. What’s worth to mention is that the graph is continuously updated. Then that's to the integration with AWS services and custom security solutions we can investigate all the findings screened out during the process. And finally, we get the report with the exact data with potentially unsafe behaviours and actions. The scheme below shows the described process of investigation.
What are the benefits of implementing such a service? In the beginning, the speed of analyzed data and the exact information we get where the causes of danger are located is pretty impressive. All the context and details in one place and ready for your action. Secondly, Amazon Detective produces visualizations. I don’t know about you, but I like to see why my unexpected traffic is where it wouldn't suppose to be. And one more feature that is great, the service storages the aggregated data for a year. So it’s possible for you to check the changes in the type and volume of activity over the selected time window. And the last one, based on DevOps assumptions it provides us with continuous updates of operations, and malicious or unauthorized activity. That is a game-changer when time is money and we all know that’s the old-fashioned truth :).
To sum up, all the mentioned benefits in combination with the price based on the volume of data ingested from the used services — Amazon GuardDuty, AWS CloudTrail and VPC Flow Logs (charges per GB) is a pretty good deal.