Cybersecurity Issues? Amazon Detective Is On The Case

By Patrick Moorhead - April 23, 2020

With millions of cloud customers, Amazon’s AWS is the most popular enterprise cloud infrastructure as a services company on the planet. With that much data on its hands, though, comes a great responsibility to ensure cybersecurity at all costs. To Amazon’s credit, it has not shied away from this responsibility. A big part of ensuring cybersecurity is making sure you’re providing customers the tools they need to secure the business on their end. Without the right tools, this can be an extremely complex, time-consuming endeavor for IT departments. Last week, AWS announced the general availability of Amazon Detective, a new security service designed to take some of the load off for its cloud subscribers. I wanted to do a quick flyby on the new offering and offer my take on it. There was so much news at the last AWS re:Invent and if you want to see what my analysts and I wrote, you can check that out here.

Why hire a detective?

As mentioned, the traditional methods security teams utilize to investigate and analyze security breaches, whether we’re talking about unauthorized access or compromised user credentials, can be extremely complex and time consuming. First, organizations must gather and consolidate terabytes of data from their disparate monitoring systems (e.g. network, application and security), anything that could potentially be relevant. Moreover, they have to put it all together in a way that makes sense to their security team so that they might mine it for insights. In order to get to the bottom of potential breaches, one of the most common questions security analysts seek to answer with this data is, according to Amazon, “is this normal?” The difficulty of course is that the baseline for what is “normal” activity is constantly changing as data sources and the environment changes. “Normal” is a moving target and staying on top of it can be extremely difficult and time-consuming for security teams. 

What is it?

Amazon Detective is a security service designed to, in the company’s words, “make it easy for customers to conduct faster and more efficient investigations into security issues.” I can’t add much more than that. This is exactly what it is. To accomplish this, Detective leverages the log data gleaned from customers, and extracts insights utilizing machine learning, statistical analysis, and graph theory. In other words, the service does the sorting and sifting so that security teams don’t have to. Amazon Detective then uses this information to construct tailored, interactive visualizations for customers, which it presents in a unified view for the customers. Amazon says these visualizations will aid customers in investigating and determining the root cause of potential security issues or other suspicious activity. For example, these visualizations can aid customers in answering whether or not a spike in traffic from a certain instance is to be expected, or if an API call is out of the norm. As new telemetry becomes available, the service continuously updates. No longer do security teams have to stay on top of the changing baselines and patterns for “normal” activity. Amazon Detective does it automatically.

How it works


Notably, AWS customers do not have to pay any additional charges or make any upfront commitments in order to utilize this new service—you only pay for the data gleaned from AWS CloudTrail, Amazon GuardDuty, and Amazon Virtual Private Cloud. Customers simply opt into the service through the AWS management console—a couple clicks and you’re read to go. The service is now available in select areas across the U.S., Europe, South America and Asia Pacific, with more to come. The service has found success with early users, including WarnerMedia, T-Systems (a subsidiary of Deutsche Telekom), and Expel.

Wrapping up

This offering looks to be a solid addition to AWS’s portfolio, and if it delivers on its promise, it stands to significantly simplify the investigation of potential security breaches for security teams. Furthermore, Amazon Detective learns and grows along with customers’ data and environment. This is a great example of putting AI to work for security purposes, and I think it’ll be a hit as availability spreads. I’ll continue to watch with interest and am looking forward to hearing some customer testimonials and compare that to the claims.

Note: Moor Insights & Strategy writers and editors may have contributed to this article.

+ posts
Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.