New Amazon Macie security service uses machine learning to classify sensitivity of user data in Amazon S3



Amazon Web Services (AWS), an Amazon.com company announced on Monday Amazon Macie, a new security service that uses machine learning to help customers prevent data loss by automatically discovering, classifying, and protecting sensitive data in AWS.

Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides customers with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks.

Amazon Macie is available to protect data stored in Amazon Simple Storage Service (Amazon S3), with support for additional AWS data stores coming later this year. Customers can enable Amazon Macie from the AWS Management Console, and pay only for the GBs of Amazon S3 content classified and the AWS CloudTrail events analyzed, with no upfront costs or software purchases required.

Amazon Macie can identify business-critical data and analyze access patterns and user behavior by continuously monitoring new data in the AWS environment; using artificial intelligence to understand access patterns of historical data; automatically accessing user activity, applications, and service accounts; using natural language processing (NLP) methods to understand data; assigning business value to data and prioritize business-critical data based on the organization, and creating security alerts and custom policy definitions.

Amazon Macie can also be proactive with security compliance and achieve preventive security by identifying and protecting various data types, including PII, PHI, regulatory documents, API keys, and secret keys; verifying compliance with automated logs that allow for instant auditing; identifying changes to policies and access control lists; observing changes in user behavior and receive actionable alerts; receiving notifications when data and account credentials leave protected zones; and detecting when large quantities of business-critical documents are shared internally and externally.

As organizations continue to generate growing volumes of data, it has become increasingly difficult, expensive, and time consuming for security teams to find and protect sensitive information scattered throughout the enterprise. Existing security tools designed to address this challenge generally require customers to develop and frequently update complex data classifications, which can only account for known risks and often generate many extraneous or inaccurate alerts.

Amazon Macie automates these labor-intensive processes, using machine learning to better understand where an organization’s sensitive information is located and how it’s typically accessed, including user authentication, locations, and times of access. After a baseline is established, Amazon Macie actively monitors for anomalies that indicate risks and/or suspicious behavior, such as large quantities of source code being downloaded, credentials being stored in an unsecure manner, or sensitive data that a customer has accidentally made externally accessible.

The Amazon Macie console puts the most important information front and center with highly accurate alerts and detailed recommendations for how to resolve issues. Amazon Macie also gives customers the ability to easily define and customize automated remediation actions, such as resetting access control lists or triggering password reset policies.

“When a customer has a significant amount of content stored in Amazon S3, identifying and classifying all of the potentially sensitive data can feel a bit like finding needles in a very large haystack — especially with monitoring tools that aren’t smart enough to effectively automate what is now a very manual process,” said Stephen Schmidt, Chief Information Security Officer, Amazon Web Services. “Amazon Macie approaches information security in a more intelligent way. By using machine learning to understand the content and user behavior of each organization, Amazon Macie can cut through huge volumes of data with better visibility and more accurate alerts, allowing customers to focus on securing their sensitive information instead of wasting time trying to find it.”

Autodesk is a leader in 3D design, engineering and entertainment software. “Amazon Macie is easy to use and gave us valuable information almost instantaneously,” said Anmol Misra, Director of Cloud Security & Compliance, Autodesk. “More importantly, it delivered accurate, informative alerts that we can take action on.”

Edmunds.com offers detailed, constantly updated information about vehicles to 20 million monthly visitors. “Amazon Macie is enabling us to achieve a completely new level of confidence in the security of our infrastructure,” said Ajit Zadgaonkar, Executive Director, Infrastructure and Engineering Operations, Edmunds.com. “The granular level of inspection and intelligence that Amazon Macie applies is giving us continuous insights into areas of our cloud infrastructure and practices, enabling us to achieve things that would have been unwieldy or even not possible until now.”

Netflix is the world’s leading internet television network with 104 million members in over 190 countries enjoying more than 125 million hours of TV shows and movies per day. “The security of our customers’ data is a top priority for Netflix, and we’ve invested substantial resources to build tools that protect sensitive information against unauthorized access or leaks,” said Patrick Kelley, senior cloud security engineer, Netflix. “Since we started using Amazon Macie, we’ve found that it is flexible enough to solve a range challenges that would have previously required us to write custom code or build internal tools, such as securing PII and alerting us to access anomalies, helping us move fast with confidence.”

Amazon Macie can send all findings to Amazon CloudWatch Events and will support API endpoints through the AWS SDK later this year, allowing for robust interoperability with third-party solutions. Planned integrations include solutions from various providers such as Palo Alto Networks, Splunk, Trend Micro, and more, allowing customers to incorporate intelligence from Amazon Macie into their existing security workflows for deeper analysis and forensics.

Leave a Reply

WWPI – Covering the best in IT since 1980