Amazon Detective – Now Generally Available

Voiced by Amazon Polly
Amazon Detective

This week, AWS announced general availability of Amazon Detective.  To save you doing the detective work to figure out what Amazon Detective can do for you, I’ve outlined everything you need to know.

What is Amazon Detective?

Amazon Detective is a new log analytics and visualization service that helps AWS customers identify and investigatesecurity issues across their AWS workloads and accounts.  Amazon Detective collects log data from various sources including:

  • AWS CloudTrail (logs aws account activity)
  • Amazon VPC Flow Logs (Virtual Private Cloud network traffic logs)
  • Amazon Guard Duty (Threat Detection service)

Amazon Detective then uses machine learning, statistical analysis and graph theory to automatically build out interactive visualizations.  These visualizations help customers to analyze, investigate and identify the root cause of potential security breaches or other suspicious activity.  

For example, Amazon Detective can display a geo-location map showing activity coming from new locations that has not been previously observed.  If all of a sudden you have lots of failed logins from a new location that is not associated with your business, chances are this is an attempted breach.

Businessman holding magnifying glass analyzing folder password

Why do You Need it?

Amazon Detective removes the burden of gathering the information required to conduct effective security investigations.  If you’ve put off such investigations in the past due to the complexity of gathering the data, then Amazon Detective could well be the solution for you.

How Do you Set Up Amazon Detective?

Amazon Detective can be enabled via API call or via the AWS console.  You need to configure a master account where the data will be collected, and tell Detective which accounts you wish to collect data from.  Amazon Guard Duty needs to have been enabled at least 48 hours before setting up Amazon Detective.

No agents need to be installed as Amazon Detective gets it’s data directly from the AWS resources.

What does Amazon Detective Cost?

Amazon Detective is priced per GB per month, based on the amount of data ingested per account and per region from CloudTrail, VPC Flow Logs and GuardDuty.  Up to a year’s worth of aggregated data is retained for analysis, although raw logs cannot be exported.  There is no additional charge for the analysis of the data by Amazon Detective.

As with many AWS services, the pricing varies by region.  The cost per GB also decreases with increased data volume.

Pricing for Europe (London) is as follows:

  • First 1000 GB /account/region/month – $2.50 per GB
  • Next 4000 GB /account/region/month – $1.25 per GB
  • Next 5000 GB /account/region/month – $0.63 per GB
  • Over 10,000 GB /account/region/month – $.031 per GB

The cheapest regions are the US, Ireland and Stockholm where the first 1000GB will cost you $2.00 and over 10,000GB $0.25 per GB.  Sao Paulo is the most expensive with the first 1000GB will cost you $4.50 and over 10,000GB $0.56 per GB – more than double the cost of the US regions.
Amazon does offer a 30 day free trial of Amazon Detective.

Where is Amazon Detective Available?

As of the launch date, Amazon Detective is available in the following AWS regions, with more regions coming soon:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (Oregon)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (London)
  • Europe (Paris)
  • Europe (Stockholm)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • South America (Sao Paulo) 

Does Amazon Detective Make AWS Accounts Secure?

Amazon Detective is visualization tool to help security teams identify and investigate unusual activity within your AWS accounts.  It does not remediate any configuration issues – this is still the responsibility of the customer under the AWS Shared Responsibility mode.

You Might Be Also Interested In These...

Volumetric glossy hot orange Cloud Upload icon isolated on white background.

AWS Migration with AWS Server Migration Service

Server Migration Service (SMS) from AWS is an agentless service that enables customers to simplify the AWS Migration process by automatically replicating live server volumes from their on premises servers in to AWS.  AMIs (Amazon Machine Images) are automatically created from the replicated volumes, which can be used to launch the servers as AWS EC2 […]

View Post

Creating a Scalable WordPress Deployment on AWS

Marc shares tips to ensure your WordPress site will scale as your business grows; follow our guide to optimize your AWS architecture – multiple EC2 and RDS instances, load balancing, auto scaling and CDN solutions.

View Post
Cloud Migration

What are the 6 R’s of Cloud Migration?

When looking to migrate your on-premises IT infrastructure and applications to the public cloud, there are 6 strategies that you can adopt. It is important to analyze your existing application portfolio and categorizethem against the 6 Rs so you can build out your public cloud migration plan.  The 6 Rs were originally devised by Amazon […]

View Post
ebook featured image

5 Steps to a Successful

AWS Migration

DOWNLOAD FREE EBOOK