Amazon Detective – Now Generally Available

Voiced by Amazon Polly
Amazon Detective

This week, AWS announced general availability of Amazon Detective.  To save you doing the detective work to figure out what Amazon Detective can do for you, I’ve outlined everything you need to know.

What is Amazon Detective?

Amazon Detective is a new log analytics and visualization service that helps AWS customers identify and investigatesecurity issues across their AWS workloads and accounts.  Amazon Detective collects log data from various sources including:

  • AWS CloudTrail (logs aws account activity)
  • Amazon VPC Flow Logs (Virtual Private Cloud network traffic logs)
  • Amazon Guard Duty (Threat Detection service)

Amazon Detective then uses machine learning, statistical analysis and graph theory to automatically build out interactive visualizations.  These visualizations help customers to analyze, investigate and identify the root cause of potential security breaches or other suspicious activity.  

For example, Amazon Detective can display a geo-location map showing activity coming from new locations that has not been previously observed.  If all of a sudden you have lots of failed logins from a new location that is not associated with your business, chances are this is an attempted breach.

Businessman holding magnifying glass analyzing folder password

Why do You Need it?

Amazon Detective removes the burden of gathering the information required to conduct effective security investigations.  If you’ve put off such investigations in the past due to the complexity of gathering the data, then Amazon Detective could well be the solution for you.

How Do you Set Up Amazon Detective?

Amazon Detective can be enabled via API call or via the AWS console.  You need to configure a master account where the data will be collected, and tell Detective which accounts you wish to collect data from.  Amazon Guard Duty needs to have been enabled at least 48 hours before setting up Amazon Detective.

No agents need to be installed as Amazon Detective gets it’s data directly from the AWS resources.

What does Amazon Detective Cost?

Amazon Detective is priced per GB per month, based on the amount of data ingested per account and per region from CloudTrail, VPC Flow Logs and GuardDuty.  Up to a year’s worth of aggregated data is retained for analysis, although raw logs cannot be exported.  There is no additional charge for the analysis of the data by Amazon Detective.

As with many AWS services, the pricing varies by region.  The cost per GB also decreases with increased data volume.

Pricing for Europe (London) is as follows:

  • First 1000 GB /account/region/month – $2.50 per GB
  • Next 4000 GB /account/region/month – $1.25 per GB
  • Next 5000 GB /account/region/month – $0.63 per GB
  • Over 10,000 GB /account/region/month – $.031 per GB

The cheapest regions are the US, Ireland and Stockholm where the first 1000GB will cost you $2.00 and over 10,000GB $0.25 per GB.  Sao Paulo is the most expensive with the first 1000GB will cost you $4.50 and over 10,000GB $0.56 per GB – more than double the cost of the US regions.
Amazon does offer a 30 day free trial of Amazon Detective.

Where is Amazon Detective Available?

As of the launch date, Amazon Detective is available in the following AWS regions, with more regions coming soon:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (Oregon)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (London)
  • Europe (Paris)
  • Europe (Stockholm)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • South America (Sao Paulo) 

Does Amazon Detective Make AWS Accounts Secure?

Amazon Detective is visualization tool to help security teams identify and investigate unusual activity within your AWS accounts.  It does not remediate any configuration issues – this is still the responsibility of the customer under the AWS Shared Responsibility mode.

You Might Be Also Interested In These...

Up to 80% off Sale. Discount offer price sign. Vector

AWS Price Reductions January 2020

Cloud Endure Disaster Recovery. AWS has recently announced what amounts to an 80% price drop of their Cloud Endure disaster recovery software, used for replicating on premise workloads to the cloud for DR purposes. Prior to the price, drop, the list price for Cloud Endure was $45 -$99 per server per month, depending on number […]

View Post

WooCommerce on AWS Best Practices for Scalable Deployments

WooCommerce sites can be vulnerable to performance issues, and complicated to scale. Marc shares how to keep your installation clean and up-to-date, and when you should choose to work with an established AWS MSP.

View Post
Hand arranging wooden blocks as a rising staircase. Indicating scalability in cloud computing.

Scalability in Cloud Computing & Why We Love AWS

In this post we’ll take a look at one of the key benefits of cloud computing: scalability. We’ll explore the different scaling options available for your cloud-based workloads, and then we’ll take a look at specific services in AWS that can help you to achieve scalability for your AWS-hosted applications.   Whether you’re starting out with […]

View Post
ebook featured image

5 Steps to a Successful

AWS Migration

DOWNLOAD FREE EBOOK