The integration with the new service will speed up the time that MVISION Cloud for Amazon Web Services requires to map relationships between data indicating potential anomalies, and let humans collect the dots faster.
LAS VEGAS – At the AWS Re:Invent show here last week, AWS announced Amazon Detective, a new security service, which is now available in preview. Amazon Detective makes it easy for customers to conduct faster and more efficient investigations into security issues, using machine learning, statistical analysis, and graph theory. In turn, McAfee has announced that their MVISION Cloud for Amazon Web Services now includes support for Amazon Detective.
What Amazon Detective specifically does is identify the root cause of security findings or suspicious activities quickly, using the log data that it automatically collects from AWS resources.
“McAfee has global threat intelligence that lets us see the whole picture,” said John Dodds, Director of Product Management at McAfee. “But there’s a point where you need to see how the things that we detect connect. That’s what Amazon Detective does. It maps out the relationships, and gives a human the ability to connect the dots and make a decision.”
This task of understanding whats going on in terms of cause and impact, in order to determine remediation, is typically done by security teams who assess potential anomalies against baselines of normal behavior. Once enabled, Amazon Detective automatically distills and organizes telemetry data from AWS CloudTrail and Amazon Virtual Private Cloud Flow Logs into a graph model that summarizes resource behaviors and interactions observed across a customer’s AWS environment. Support for DNS logs is slated to be added soon.
Dodds described how McAfee’s technology works with the AWS service.
“If we scan and fine a consumer credit card in an S3 bucket, the next step would be to determine if this puts compliance at risk,” he said. “Amazon Detective collects a lot of information, and presents that data in a very clean way. What this does is make things simpler in getting to the investigation stage because it does the work of mapping the relationship and let the humans get more quickly to the point where they can make a decision with confidence.”
The McAfee MVISION Cloud for AWS integration with Amazon Detective brings the McAfee incident data into the purview of Amazon Detective to complement the AWS service and speed up time to investigation. MVISION for Cloud detects incidents for VMs [Amazon EC2], containers [Amazon ECS], and Kubernetes [Amazon EKS] including storage services needed to support the target applications.
“We have a great relationship with AWS, so whenever we get the chance to do these kind of integrations with them, we jump on it,” Dodds said “We do have a really good partnership with them.” Earlier this year, McAfee MVISION Cloud achieved AWS Security Competency status and received AWS Well-Architected designation for its Cloud Access Security Broker ]CASB) technology.