Amazon Detective – Now Generally Available

Businessman holding magnifying glass analyzing folder password
Amazon Detective

This week, AWS announced general availability of Amazon Detective.  To save you doing the detective work to figure out what Amazon Detective can do for you, I’ve outlined everything you need to know.

What is Amazon Detective?

Amazon Detective is a new log analytics and visualization service that helps AWS customers identify and investigatesecurity issues across their AWS workloads and accounts.  Amazon Detective collects log data from various sources including:

  • AWS CloudTrail (logs aws account activity)
  • Amazon VPC Flow Logs (Virtual Private Cloud network traffic logs)
  • Amazon Guard Duty (Threat Detection service)

Amazon Detective then uses machine learning, statistical analysis and graph theory to automatically build out interactive visualizations.  These visualizations help customers to analyze, investigate and identify the root cause of potential security breaches or other suspicious activity.  

For example, Amazon Detective can display a geo-location map showing activity coming from new locations that has not been previously observed.  If all of a sudden you have lots of failed logins from a new location that is not associated with your business, chances are this is an attempted breach.

Why do You Need it?

Amazon Detective removes the burden of gathering the information required to conduct effective security investigations.  If you’ve put off such investigations in the past due to the complexity of gathering the data, then Amazon Detective could well be the solution for you.

How Do you Set Up Amazon Detective?

Amazon Detective can be enabled via API call or via the AWS console.  You need to configure a master account where the data will be collected, and tell Detective which accounts you wish to collect data from.  Amazon Guard Duty needs to have been enabled at least 48 hours before setting up Amazon Detective.

No agents need to be installed as Amazon Detective gets it’s data directly from the AWS resources.

What does Amazon Detective Cost?

Amazon Detective is priced per GB per month, based on the amount of data ingested per account and per region from CloudTrail, VPC Flow Logs and GuardDuty.  Up to a year’s worth of aggregated data is retained for analysis, although raw logs cannot be exported.  There is no additional charge for the analysis of the data by Amazon Detective.

As with many AWS services, the pricing varies by region.  The cost per GB also decreases with increased data volume.

Pricing for Europe (London) is as follows:

  • First 1000 GB /account/region/month – $2.50 per GB
  • Next 4000 GB /account/region/month – $1.25 per GB
  • Next 5000 GB /account/region/month – $0.63 per GB
  • Over 10,000 GB /account/region/month – $.031 per GB

The cheapest regions are the US, Ireland and Stockholm where the first 1000GB will cost you $2.00 and over 10,000GB $0.25 per GB.  Sao Paulo is the most expensive with the first 1000GB will cost you $4.50 and over 10,000GB $0.56 per GB – more than double the cost of the US regions.
Amazon does offer a 30 day free trial of Amazon Detective.

Where is Amazon Detective Available?

As of the launch date, Amazon Detective is available in the following AWS regions, with more regions coming soon:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (Oregon)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (London)
  • Europe (Paris)
  • Europe (Stockholm)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • South America (Sao Paulo) 

Does Amazon Detective Make AWS Accounts Secure?

Amazon Detective is visualization tool to help security teams identify and investigate unusual activity within your AWS accounts.  It does not remediate any configuration issues – this is still the responsibility of the customer under the AWS Shared Responsibility mode.

You Might Be Also Interested In These...

AWS reInvent

28 AWS Launches Announced by Andy Jassy at re:Invent 2020

Today, AWS CEO Andy Jassy launched the first online AWS re:Invent conference via live stream from Seattle.  With a lively 30 minute set from Zach Person, the online event kicked off on as much of a high as the Vegas conferences.  Awesome production quality as we’ve come to expect from AWS events.   Before getting to […]

View Post
Cost Management

New Year’s Resolution – Gain Control of Cloud Costs in 2020!

Happy New Year!  We all make New Year’s resolutions – lose weight, get fit, get a new job etc.  What will yours be?  If you are looking to reduce public cloud costs in 2020 then read on as Logicata may be able to help. According to ‘The Cloud Infrastructure Report 2020’ published by Cloudcheckr, only […]

View Post
Pricing for AWS - Waving money at a microchip

Pricing for AWS – A Practical Breakdown

Cost transparency is one of the most common reasons why people hesitate when it comes to migrating projects to the public Cloud. This article will help you to estimate AWS costs.

View Post
ebook featured image

5 Steps to a Successful

AWS Migration

DOWNLOAD FREE EBOOK