Amazon Macie | Security and Access Flashcards
How does Amazon Macie work?
Security and Access
Amazon Macie | Security, Identity & Compliance
Amazon Macie is a security service that provides customers both visibility and security for the content that they store in Amazon S3. Amazon Macie helps customers understand their data by automatically and continuously discovering, classifying, and intelligently and accurately assigning a business value to customer’s data. Through understanding the asset value of content and how it is being accessed, Amazon Macie is able to create contextual and narrative security alerts on challenges that our customers face, only alerting when high value content is being accessed in a way that creates risk for their business. Examples include Amazon Macie’s ability to detect global access permissions inadvertently being set on sensitive data, detect uploading of API keys inside source code, and verify sensitive customer data is being stored and accessed in a manner that meets their compliance standards.
Customers can enable Amazon Macie quickly and easily without the need to manually define and periodically update complicated data classifications and inflexible user roles. Amazon Macie combines machine learning with user behavior analytics to detect activity that signals potential risk to business-critical data or assets. For example, Amazon Macie can alert on the download of large quantities of source code by a user account that typically does not access that data, or sudden changes in permissions of Amazon S3 buckets that house data. Once enabled, customers can start receiving security and compliance alerts immediately and create automated policies to protect your data when suspicious activity is detected. Using natural language processing (NLP) methods to automate the classification of data and historical data access patterns to train its neural network, Amazon Macie continuously monitors your environment with no manual re-training required. Amazon Macie’s rich user interface provides accurate alerts with detailed evidence and actionable recommendations that allow you to spend time responding to the most relevant risks. Amazon Macie features a rich user interface that allows for security and compliance use cases; offering a set of APIs that will allow partners and customers to incorporate Amazon Macie’s data classification and security anomaly detection capabilities directly into their own applications.
What are some examples of suspicious activity that Amazon Macie can detect?
Security and Access
Amazon Macie | Security, Identity & Compliance
Amazon Macie analyzes activity of user, application, and service accounts associated with sensitive data that suggests risk to the business, such as inadvertent exposure of data, insider threats, or targeted attacks. Amazon Macie can alert on suspicious activity such as compromised user accounts enumerating and downloading large amounts of sensitive content from unusual IP addresses, or the download of large quantities of source code by a user account that typically does not access this type of sensitive content. A compliance-focused example of Amazon Macie includes detection of large quantities of high-risk documents shared publically or to the entire company, such as files containing personally identifiable information (PII), protected health information (PHI), intellectual properties (IP), legal or financial data. Additionally, customers also have the ability to use Amazon Macie’s dashboard to define their own alerts and policy definitions based on their security needs.
How does Amazon Macie secure your data?
Security and Access
Amazon Macie | Security, Identity & Compliance
As part of the data classification process, Amazon Macie identifies customers’ objects in their S3 buckets, and streams the object contents into memory for analysis. When deeper analysis is required for complex file formats, Amazon Macie will download a full copy of the object, only keeping it for the short time it takes to fully analyze the object. Immediately after Amazon Macie has analyzed the file content for data classification, it deletes the stored content and only retains the metadata required for future analysis. At any time, customers can revoke Amazon Macie access to data in the Amazon S3 bucket.