AWS announces a fully managed intelligent threat detection service — Amazon GuardDuty

  • New intelligent threat detection service analyzes trillions of events per day to identify new and evolving threats and provide simple, tailored, and cost-effective protection for AWS accounts and workloads
  • GE, Netflix, Autodesk, Twilio, Webroot, and Mapbox among the customers using Amazon GuardDuty

SEATTLE, 2017-Nov-29 — /EPR Retail News/ — Today at AWS re:Invent, Amazon Web Services Inc. (AWS), an Amazon.com company (NASDAQ: AMZN), announced Amazon GuardDuty, a fully managed intelligent threat detection service that helps customers protect their AWS accounts and workloads by continuously monitoring account activity for malicious or unauthorized behavior. Customers can enable AmazonGuardDuty with a few clicks in the AWS Management Console and immediately begin analyzing API calls and network activity across their accounts to establish a baseline of “normal” account activity. Then, Amazon GuardDuty continuously applies machine learning to identify any events that fall outside the normal patterns. Amazon GuardDuty correlates activity using both proprietary, AWS-developed threat intelligence sources and industry-leading third-party sources. When anomalies are detected, Amazon GuardDuty delivers a detailed security alert to the AWS account owner, making alerts actionable and easy to integrate with existing event management and workflow systems. With Amazon GuardDuty, there is no hardware or software to deploy and no third-party subscription costs; customers pay only for the events analyzed. To get started with Amazon GuardDuty, visit: https://aws.amazon.com/guardduty.

As customers grow their cloud usage and increasingly deploy microservices architectures, they may have multiple AWS accounts with up to hundreds of thousands of instances. Identifying and assessing anomalous behavior across multiple accounts, networks, and instances at this scale can be like trying to find a needle in a haystack. Whether looking for attackers scanning web servers for vulnerabilities, monitoring for compromised instances being used to serve malware or mine cryptocurrency, or finding unauthorized resource provisioning, security teams have had to build or integrate multiple tools to detect anomalies. Customers also have to collect API access and network flow logs and correlate them with threat intelligence sources, applying algorithms to identify anomalies based on known threats. And, often, as soon as the algorithms are well-tuned, the threats evolve and the algorithm requires rework. Now, with Amazon GuardDuty, customers can easily deploy intelligent threat detection that takes care of all of this undifferentiated heavy lifting. Once activated, Amazon GuardDuty immediately begins consuming AWS CloudTrail and Amazon VPC Flow Logs to find indications of account-based threats that traditional solutions might miss, such as an unusual instance type being deployed in a region that has never been used, or an attempt to obscure user activity by disabling AWS CloudTrail logging. Amazon GuardDuty generates anomaly alerts that are tailored to each customer’s AWS use, and AWS continuously updates the threat intelligence sources Amazon GuardDuty employs. Amazon GuardDuty can be enabled instantly with no risk of negatively impacting existing application workloads.

“Customers often tell us that the best way we can help them stay secure is to give them smarter tools that make it easier to get security right,” said Stephen Schmidt, Chief Information Security Officer, Amazon Web Services. “We designed Amazon GuardDuty to be so simple and cost effective that turning it on would be an easy choice for every AWS customer, regardless of their security expertise or the existing security services they use. Amazon GuardDuty intelligently identifies hard-to-detect threats that might slip through the cracks of other security products and easily scales to meet the needs of any organization, whether they have two AWS accounts or two thousand.”

General Electric (GE) is the world’s Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive, and predictive. “Security is a top priority at GE and ingrained in our company culture,” said Nasrin Rezai, Vice President, Global Chief Information and Product Security Officer at GE. “GE runs thousands of applications on AWS. Deploying Amazon GuardDuty across our AWS global footprint required only a matter of hours and enhances our threat detection capabilities.”

The Financial Industry Regulatory Authority (FINRA) oversees more than 3,900 securities firms with approximately 640,000 brokers and processes approximately 6 terabytes of data and 37 billion records on an average day. “We’ve found that we can be more secure in the cloud than we can on-premises,” said John Brady, CISSP, VP Cyber Security/CISO, FINRA. “With AWS, my team has access to outstanding tooling for patching, encryption, auditing and logging, entitlements, compliance, and now threat detection. We’re excited about how this new product can help us take advantage of machine learning to analyze all of our account activity, accurately detecting behavioral anomalies and enabling us to respond quickly.”

Netflix is the world’s leading internet entertainment service with over 109 million members in over 190 countries enjoying more than 125 million hours of TV shows and movies per day. “We’re excited about the capabilities of Amazon GuardDuty,” said Shaun Blackburn, Security Manager, Netflix. “By delegating the management and monitoring of flow logs to AWS, we can extend our detection capabilities and pursue Netflix-specific security work. AWS has deep knowledge of common attack patterns and trends. By leveraging their unique position as the largest cloud providers, they are able to train sophisticated models that we can immediately consume. With Amazon GuardDuty, we can continue to innovate to deliver the greatest convenience, selection, and value to our members.”

Mapbox is a location data platform for maps, search, and navigation that serves more than 300 million end users each month. It’s all-in on AWS and runs across 10 regions. “Amazon GuardDuty vastly improves cloud intrusion detection, replacing multiple in-house systems with a more advanced, more accurate, and much lower-maintenance service,” said Ian Ward, Engineering Manager, Security at Mapbox. “We were able to enable Amazon GuardDuty instantly, replacing a large-scale engineering project with a fully managed, much more complete service.”

Autodesk is a leader in 3D design, engineering, and entertainment software. “It’s incredibly important we give our developers the freedom to be agile, while at the same time maintaining our high security standards,” said Kolby Dauler, Lead Engineer for Cloud Security at Autodesk. “Amazon GuardDuty helps us secure our AWS accounts owned by our developers, without slowing them down to install and maintain monitoring infrastructure. Using Amazon GuardDuty also gives our security team visibility into actionable metrics and involves them earlier in decisions that help drive better security practices.”

Amazon GuardDuty can send all findings to AWS CloudWatch Events and supports API endpoints through the AWS SDK, allowing for robust interoperability with third-party solutions. Leading providers such as Alert Logic, Evident.io, Palo Alto Networks, Rapid7, Redlock, Splunk, Sumo Logic, and Trend Micro have built integrations with Amazon GuardDuty, with more coming soon. These integrations allow customers to easily incorporate intelligence from Amazon GuardDuty into their existing security workflows for deeper analysis and automated prevention. Amazon GuardDuty also incorporates threat intelligence feeds from CrowdStrike, Proofpoint, and the AWS Security team to help identify and protect customers from known bad actors.

About Amazon Web Services

For more than 11 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 100 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, and application development, deployment, and management from 44 Availability Zones (AZs) across 16 geographic regions in the U.S., Australia, Brazil, Canada, China, Germany, India, Ireland, Japan, Korea, Singapore, and the UK. AWS services are trusted by millions of active customers around the world—including the fastest-growing startups, largest enterprises, and leading government agencies—to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit https://aws.amazon.com.

About Amazon

Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Fire tablets, Fire TV, Amazon Echo, and Alexa are some of the products and services pioneered by Amazon. For more information, visit www.amazon.com/about and follow @AmazonNews.

Media Hotline:
Amazon-pr@amazon.com
www.amazon.com/pr

Source: Amazon Web Services Inc.

AWS announces Amazon Macie security service to protect data stored in Amazon S3

  • New security service uses machine learning to classify sensitivity of customers’ data in Amazon S3 and then monitor and report on risks and anomalous access
  • Autodesk, Edmunds, and Netflix among the customers using Amazon Macie

SEATTLE, 2017-Aug-15 — /EPR Retail News/ — Today (Aug. 14, 2017), Amazon Web Services, Inc. (AWS), an Amazon.com company (NASDAQ: AMZN), announced Amazon Macie, a new security service that uses machine learning to help customers prevent data loss by automatically discovering, classifying, and protecting sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides customers with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks. Today, Amazon Macie is available to protect data stored in Amazon Simple Storage Service (Amazon S3), with support for additional AWS data stores coming later this year. Customers can enable Amazon Macie from the AWS Management Console, and pay only for the GBs of Amazon S3 content classified and the AWS CloudTrail events analyzed, with no upfront costs or software purchases required. To get started with Amazon Macie, visit: https://aws.amazon.com/macie.

As organizations continue to generate growing volumes of data, it has become increasingly difficult, expensive, and time consuming for security teams to find and protect sensitive information scattered throughout the enterprise. Existing security tools designed to address this challenge generally require customers to develop and frequently update complex data classifications, which can only account for known risks and often generate many extraneous or inaccurate alerts. Amazon Macie automates these labor-intensive processes, using machine learning to better understand where an organization’s sensitive information is located and how it’s typically accessed, including user authentication, locations, and times of access. After a baseline is established, Amazon Macie actively monitors for anomalies that indicate risks and/or suspicious behavior, such as large quantities of source code being downloaded, credentials being stored in an unsecure manner, or sensitive data that a customer has accidentally made externally accessible. The Amazon Macie console puts the most important information front and center with highly accurate alerts and detailed recommendations for how to resolve issues. Amazon Macie also gives customers the ability to easily define and customize automated remediation actions, such as resetting access control lists or triggering password reset policies.

“When a customer has a significant amount of content stored in Amazon S3, identifying and classifying all of the potentially sensitive data can feel a bit like finding needles in a very large haystack — especially with monitoring tools that aren’t smart enough to effectively automate what is now a very manual process,” said Stephen Schmidt, Chief Information Security Officer, Amazon Web Services. “Amazon Macie approaches information security in a more intelligent way. By using machine learning to understand the content and user behavior of each organization, Amazon Macie can cut through huge volumes of data with better visibility and more accurate alerts, allowing customers to focus on securing their sensitive information instead of wasting time trying to find it.”

Autodesk is a leader in 3D design, engineering and entertainment software. “Amazon Macie is easy to use and gave us valuable information almost instantaneously,” said Anmol Misra, Director of Cloud Security & Compliance, Autodesk. “More importantly, it delivered accurate, informative alerts that we can take action on.”

Edmunds.com offers detailed, constantly updated information about vehicles to 20 million monthly visitors. “Amazon Macie is enabling us to achieve a completely new level of confidence in the security of our infrastructure,” said Ajit Zadgaonkar, Executive Director, Infrastructure and Engineering Operations, Edmunds.com. “The granular level of inspection and intelligence that Amazon Macie applies is giving us continuous insights into areas of our cloud infrastructure and practices, enabling us to achieve things that would have been unwieldy or even not possible until now.”

Netflix is the world’s leading internet television network with 104 million members in over 190 countries enjoying more than 125 million hours of TV shows and movies per day. “The security of our customers’ data is a top priority for Netflix, and we’ve invested substantial resources to build tools that protect sensitive information against unauthorized access or leaks,” said Patrick Kelley, Senior Cloud Security Engineer, Netflix. “Since we started using Amazon Macie, we’ve found that it is flexible enough to solve a range challenges that would have previously required us to write custom code or build internal tools, such as securing PII and alerting us to access anomalies, helping us move fast with confidence.”

Amazon Macie can send all findings to Amazon CloudWatch Events and will support API endpoints through the AWS SDK later this year, allowing for robust interoperability with third-party solutions. Planned integrations include solutions from leading providers such as Palo Alto Networks, Splunk, Trend Micro, and more, allowing customers to easily incorporate intelligence from Amazon Macie into their existing security workflows for deeper analysis and forensics.

About Amazon Web Services

For 11 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 90 fully featured services for compute, storage, networking, database, analytics, application services, deployment, management, developer, mobile, Internet of Things (IoT), Artificial Intelligence (AI), security, hybrid, and enterprise applications, from 44 Availability Zones (AZs) across 16 geographic regions in the U.S., Australia, Brazil, Canada, China, Germany, India, Ireland, Japan, Korea, Singapore, and the UK. AWS services are trusted by millions of active customers around the world — including the fastest growing startups, largest enterprises, and leading government agencies — to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit https://aws.amazon.com.

About Amazon

Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Fire tablets, Fire TV, Amazon Echo, and Alexa are some of the products and services pioneered by Amazon. For more information, visit www.amazon.com/about and follow @AmazonNews.

Media Hotline:
Amazon-pr@amazon.com
www.amazon.com/pr

Source: Amazon Web Services, Inc.

AWS’s automated security assessment service Amazon Inspector now generally available to all customers

  • Security service automates vulnerability assessments for customers running applications on Amazon EC2
  • Betterment, CapLinked, Coinbase, Flatiron Health, and University of Notre Dame among the many customers using Amazon Inspector for more agile security

SEATTLE, 2016-Apr-23 — /EPR Retail News/ — Amazon Web Services, Inc. (AWS), an Amazon.com company (NASDAQ:AMZN), today announced that Amazon Inspector, an automated security assessment service, has completed its preview phase and is now generally available to all customers. Amazon Inspector helps customers improve the security and compliance of their applications running on Amazon Elastic Compute Cloud (Amazon EC2) by identifying potential security issues, vulnerabilities, or deviations from security standards. With no up-front costs or infrastructure to manage, Amazon Inspector is easy to deploy and can be integrated into the development lifecycle. With Amazon Inspector, customers pay only for the assessments they run, with the first 250 assessments free for a customer’s first 90 days. To get started with Amazon Inspector, visit https://aws.amazon.com/inspector.

The flexibility and scale of the AWS Cloud make it possible for customers to build and deploy applications and services faster than ever before. However, the manual effort required to assess these applications for security risks – especially at scale – often slows down both application development and IT operations. While traditional vulnerability assessment solutions can automate assessments, they require customers to deploy and manage back-end infrastructure. As deployment and operations models become more agile, both developers and central security teams are looking for a way to more easily conduct security assessments and integrate them into the development and deployment lifecycle. Amazon Inspector makes this possible by providing a rich set of APIs that customers can use to automate security assessments of production systems, and also easily integrate security assessments directly into their existing application deployment processes. With a few clicks in the AWS Management Console, customers can use AWS tags to identify the Amazon EC2 instances they want to assess, specify the associated applications, select from a pre-built list of tests, and set a time duration. Amazon Inspector analyzes an application’s configuration and activity, looking for a wide spectrum of possible vulnerabilities across Amazon EC2 instances, and collecting information such as how the application communicates with other AWS services, whether it uses secure channels, and the network traffic between instances. Amazon Inspector compares this information against AWS’s extensive rules packages, which represent thousands of potential security vulnerabilities that AWS continuously updates with the latest threat intelligence. Once an assessment of the application’s Amazon EC2 environment is completed, customers can view the findings, along with detailed recommendations for remediation, in the Amazon Inspector console.

“Customers have asked us if we could help them do the same rigorous security assessments on their applications that we do for our AWS services,” said Stephen Schmidt, Chief Information Security Officer, AWS. “Amazon Inspector delivers key learnings from our world-class security team as a managed service, so customers benefit from our continuous implementation of best practices and threat intelligence. Companies of all sizes can now perform assessments of their applications in an automated way and proactively remediate vulnerabilities.”

Amazon Inspector deploys on-host agents so customers get insight from inside Amazon EC2 instances and other AWS resources that make up an application environment. Amazon Inspector is also fully integrated with AWS CloudTrail, providing central logging of all security testing activity, giving auditors full visibility into what tests were performed and when, streamlining the process of demonstrating compliance in the development and operations lifecycle.

Flatiron Health is a healthcare IT company with a mission to fight cancer with organized, real-world oncology data. “Our company was founded with the vision of building a disruptive software platform to transform how cancer care is delivered,” said Nicholas Arvanitis, Security Engineer, Flatiron Health. “Dealing with healthcare data of this nature requires us to maintain a high level of systems security while still rapidly innovating. We are excited about the prospect of integrating Amazon Inspector to further automate security assessments throughout our operations lifecycle to ensure that our security scales as quickly as our engineering efforts.”

Betterment is one of the largest independent automated investing services, helping people to manage, protect, and grow their wealth through technology. “At Betterment, our customers are trusting us to help them achieve their financial goals,” said Brandon Wu, Head of Privacy & Security, Betterment. “Making sure we are building security into every aspect of our offering is a key focus for us. The approach of Amazon Inspector as a cloud-based, API-driven security service that can easily be built right into the software development and deployment lifecycle is a scalable approach that resonates.”

Coinbase is one of the most widely used bitcoin wallet and exchange companies. “If we deploy code with a known vulnerability, we’ve already opened up our platform to risk,” said Rob Witoff, Director, Coinbase. “In the new world of continuous deployment and continuous integration, and deployment into immutable environments, we need security tooling that runs inline with our software development and deployment pipeline. Amazon Inspector is helping companies like ours embrace the immutable future and can pull our industry out of the security dark ages.”

Established in 1842, the University of Notre Dame is one of the world’s most prestigious universities. “As we work to place 80 percent of our IT resources in the cloud by 2017, we are taking full advantage of the rich security features available,” said Mike Chapple, Senior Director of IT Service Delivery,University of Notre Dame. “As an information security professional, I’m excited at the opportunity the cloud provides. Amazon Inspector is a great example of how AWS is accelerating investment in security-focused services, and we like the approach of a highly-scalable, API-driven security as a service that we can place throughout our cloud operations.”

The Center for Internet Security (CIS) mobilizes a broad community of stakeholders to contribute their knowledge, experience and expertise to identify, validate, promote and sustain the adoption of cybersecurity’s best practices. “We are very excited to work with AWS to integrate our consensus-based security standards into Amazon Inspector,” said Steve Spano, President and Chief Operating Officer, CIS. “Our hardened machine images can help organizations start secure and stay secure. Together with AWS security services, we can provide organizations with the added confidence to accelerate cloud adoption.”

CapLinked is a platform for enterprises to securely manage and share documents and business transactions in the cloud. “At CapLinked, we are focused on accelerating sensitive financial transactions such as acquisitions, capital raises, audits, and other complex business transactions through a secure, cloud-based collaboration platform,” said Edward Chen, Chief Infrastructure Security Engineer, CISSP. “Helping our customers understand what we do to ensure a high level of protection for their data is paramount. We like that Amazon Inspector is optimized for the cloud, with an approach that fits easily into agile deployment models such as continuous integration and continuous deployment and auto scaling—helping security fit into the advancements we have seen in DevOps.”

Members of the AWS Partner Network (APN), including Alert Logic, Splunk, Sumo Logic, Observable Networks, Palerra, and CloudLock have integrated their security management solutions with Amazon Inspector, enabling customers to fully automate the remediation process. These partners further extend the functionality of Amazon Inspector with their broad set of security services optimized for AWS.

Amazon Inspector is now available as a fully managed service in the US East (N. Virginia), US West (Oregon), EU (Ireland), and Asia Pacific (Tokyo) Regions and will expand to additional Regions in the coming months.

About Amazon Web Services
For 10 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 70 fully featured services for compute, storage, databases, analytics, mobile, Internet of Things (IoT) and enterprise applications from 33 Availability Zones (AZs) across 12 geographic regions in the U.S., Australia, Brazil, China, Germany, Ireland, Japan, Korea, and Singapore. AWS services are trusted by more than a million active customers around the world — including the fastest growing startups, largest enterprises, and leading government agencies — to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit http://aws.amazon.com.

About Amazon
Amazon.com opened on the World Wide Web in July 1995. The company is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Fire tablets, Fire TV, Amazon Echo, and Alexa are some of the products and services pioneered by Amazon. For more information, visit www.amazon.com/about.

Source: Amazon Web Services, Inc.

Amazon.com, Inc.
Media Hotline, 206-266-7180
Amazon-pr@amazon.com
www.amazon.com/pr