Amazon Detective – Now Generally Available

Businessman holding magnifying glass analyzing folder password
Voiced by Amazon Polly
Amazon Detective

This week, AWS announced general availability of Amazon Detective.  To save you doing the detective work to figure out what Amazon Detective can do for you, I’ve outlined everything you need to know.

What is Amazon Detective?

Amazon Detective is a new log analytics and visualization service that helps AWS customers identify and investigatesecurity issues across their AWS workloads and accounts.  Amazon Detective collects log data from various sources including:

  • AWS CloudTrail (logs aws account activity)
  • Amazon VPC Flow Logs (Virtual Private Cloud network traffic logs)
  • Amazon Guard Duty (Threat Detection service)

Amazon Detective then uses machine learning, statistical analysis and graph theory to automatically build out interactive visualizations.  These visualizations help customers to analyze, investigate and identify the root cause of potential security breaches or other suspicious activity.  

For example, Amazon Detective can display a geo-location map showing activity coming from new locations that has not been previously observed.  If all of a sudden you have lots of failed logins from a new location that is not associated with your business, chances are this is an attempted breach.

Why do You Need it?

Amazon Detective removes the burden of gathering the information required to conduct effective security investigations.  If you’ve put off such investigations in the past due to the complexity of gathering the data, then Amazon Detective could well be the solution for you.

How Do you Set Up Amazon Detective?

Amazon Detective can be enabled via API call or via the AWS console.  You need to configure a master account where the data will be collected, and tell Detective which accounts you wish to collect data from.  Amazon Guard Duty needs to have been enabled at least 48 hours before setting up Amazon Detective.

No agents need to be installed as Amazon Detective gets it’s data directly from the AWS resources.

What does Amazon Detective Cost?

Amazon Detective is priced per GB per month, based on the amount of data ingested per account and per region from CloudTrail, VPC Flow Logs and GuardDuty.  Up to a year’s worth of aggregated data is retained for analysis, although raw logs cannot be exported.  There is no additional charge for the analysis of the data by Amazon Detective.

As with many AWS services, the pricing varies by region.  The cost per GB also decreases with increased data volume.

Pricing for Europe (London) is as follows:

  • First 1000 GB /account/region/month – $2.50 per GB
  • Next 4000 GB /account/region/month – $1.25 per GB
  • Next 5000 GB /account/region/month – $0.63 per GB
  • Over 10,000 GB /account/region/month – $.031 per GB

The cheapest regions are the US, Ireland and Stockholm where the first 1000GB will cost you $2.00 and over 10,000GB $0.25 per GB.  Sao Paulo is the most expensive with the first 1000GB will cost you $4.50 and over 10,000GB $0.56 per GB – more than double the cost of the US regions.
Amazon does offer a 30 day free trial of Amazon Detective.

Where is Amazon Detective Available?

As of the launch date, Amazon Detective is available in the following AWS regions, with more regions coming soon:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (Oregon)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (London)
  • Europe (Paris)
  • Europe (Stockholm)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • South America (Sao Paulo) 

Does Amazon Detective Make AWS Accounts Secure?

Amazon Detective is visualization tool to help security teams identify and investigate unusual activity within your AWS accounts.  It does not remediate any configuration issues – this is still the responsibility of the customer under the AWS Shared Responsibility mode.

You Might Be Also Interested In These...

rainy window

Why do I need a Public Cloud Managed Service Provider?

This is a question posed by businesses we speak to – why do I need a Public Cloud Managed Service Provider like Logicata? Why can I not just manage my own cloud? Why should not just deal directly with AWS and Azure and do it all myself? And the answer of course is yes – […]

View Post
Mark Zuckerberg

Cloud Computing is too Expensive (Says Mark Zuckerberg)

At a recent conference about bio-sequencing, Mark Zuckerberg, founder of Facebook, called out that cloud computing costs are getting way too expensive, and that this is holding up advancements in medical research. He specifically called out AWS (Amazon Web Services) and jokingly suggested he may call Amazon founder Jeff Bezos to discuss. Perhaps he has […]

View Post
Application Modernization

Legacy Application Modernization and Cloud Migration

Do you have legacy systems and applications that are holding your business back? If so, then you could benefit from a program of legacy application modernization. This could revolutionize and improve your business technology platforms. Legacy applications can also benefit significantly from migrating to the cloud. The cloud offers improved scalability & reliability for your […]

View Post
ebook featured image

5 Steps to a Successful

AWS Migration

DOWNLOAD FREE EBOOK