Amazon Detective – Now Generally Available

Voiced by Amazon Polly
Amazon Detective

This week, AWS announced general availability of Amazon Detective.  To save you doing the detective work to figure out what Amazon Detective can do for you, I’ve outlined everything you need to know.

What is Amazon Detective?

Amazon Detective is a new log analytics and visualization service that helps AWS customers identify and investigatesecurity issues across their AWS workloads and accounts.  Amazon Detective collects log data from various sources including:

  • AWS CloudTrail (logs aws account activity)
  • Amazon VPC Flow Logs (Virtual Private Cloud network traffic logs)
  • Amazon Guard Duty (Threat Detection service)

Amazon Detective then uses machine learning, statistical analysis and graph theory to automatically build out interactive visualizations.  These visualizations help customers to analyze, investigate and identify the root cause of potential security breaches or other suspicious activity.  

For example, Amazon Detective can display a geo-location map showing activity coming from new locations that has not been previously observed.  If all of a sudden you have lots of failed logins from a new location that is not associated with your business, chances are this is an attempted breach.

Businessman holding magnifying glass analyzing folder password

Why do You Need it?

Amazon Detective removes the burden of gathering the information required to conduct effective security investigations.  If you’ve put off such investigations in the past due to the complexity of gathering the data, then Amazon Detective could well be the solution for you.

How Do you Set Up Amazon Detective?

Amazon Detective can be enabled via API call or via the AWS console.  You need to configure a master account where the data will be collected, and tell Detective which accounts you wish to collect data from.  Amazon Guard Duty needs to have been enabled at least 48 hours before setting up Amazon Detective.

No agents need to be installed as Amazon Detective gets it’s data directly from the AWS resources.

What does Amazon Detective Cost?

Amazon Detective is priced per GB per month, based on the amount of data ingested per account and per region from CloudTrail, VPC Flow Logs and GuardDuty.  Up to a year’s worth of aggregated data is retained for analysis, although raw logs cannot be exported.  There is no additional charge for the analysis of the data by Amazon Detective.

As with many AWS services, the pricing varies by region.  The cost per GB also decreases with increased data volume.

Pricing for Europe (London) is as follows:

  • First 1000 GB /account/region/month – $2.50 per GB
  • Next 4000 GB /account/region/month – $1.25 per GB
  • Next 5000 GB /account/region/month – $0.63 per GB
  • Over 10,000 GB /account/region/month – $.031 per GB

The cheapest regions are the US, Ireland and Stockholm where the first 1000GB will cost you $2.00 and over 10,000GB $0.25 per GB.  Sao Paulo is the most expensive with the first 1000GB will cost you $4.50 and over 10,000GB $0.56 per GB – more than double the cost of the US regions.
Amazon does offer a 30 day free trial of Amazon Detective.

Where is Amazon Detective Available?

As of the launch date, Amazon Detective is available in the following AWS regions, with more regions coming soon:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (Oregon)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (London)
  • Europe (Paris)
  • Europe (Stockholm)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • South America (Sao Paulo) 

Does Amazon Detective Make AWS Accounts Secure?

Amazon Detective is visualization tool to help security teams identify and investigate unusual activity within your AWS accounts.  It does not remediate any configuration issues – this is still the responsibility of the customer under the AWS Shared Responsibility mode.

You Might Be Also Interested In These...

AWS Wall

AWS EC2 – Everything You Need to Know About EC2 Instances

EC2 is short for Elastic Compute Cloud. It is Amazon Web Services IaaS (Infrastructure as a Service) offering that enables developers to gain easy access to compute resources in the AWS cloud. AWS offer 275 EC2 ‘instances’, each with set a configuration of CPU, RAM, storage type and network performance.  The instances are grouped into […]

View Post
Money growth vector illustration, flat golden coins pile with revenue graph, concept of income increase or earnings, financial boost chart, success capital investment, cash budget isolated

Don’t get Caught Out by AWS Data Egress Fees…

It’s no secret that AWS, like most cloud providers, charge nothing for data ingress.  It’s free to put your data in to the cloud, yet they do charge for data egress – getting your data back out again.  This fact is often overlooked when modelling the business case for cloud versus on premise. Recently NASA […]

View Post
Digital identity scanner

AWS Identity and Access Management Best Practises

Correct use of AWS IAM is essential to ensure the security and integrity of workloads hosted in AWS – what are the IAM best practises?

View Post
ebook featured image

5 Steps to a Successful

AWS Migration

DOWNLOAD FREE EBOOK