Editors Node: Over time the Deep Security API has evolved making this workflow trivial using the APIs. Therefore the integration code has been retired and instructions on how to replicate the workflow are available in the Deep Security Automation Center.
Amazon S3 stores trillions of objects and regularly peaks at millions of requests per second. By any metric, it’s massive. With unparalleled durability and availability, it’s the backbone of AWS’ data services.
Amazon Macie provides automated insights into the usage of your Amazon S3 data.
Amazon S3 is secure by default and has always provided a strong set of security controls but it has been challenging to effectively monitoring the usage of the service. AWS CloudTrail and AWS Config let you examine the usage of your data while AWS Config Rules–another service Trend Micro supported at launch—lets you react to configuration changes. But these solutions have required some legwork in order to pull the signal from the noise.
Now, Amazon Macie presents that signal to you automatically. This provides much needed insight into your business uses as well as your security.
What is Amazon S3?
As a quick recap, Amazon S3 works with two simple objects: buckets and keys. A bucket is essentially a root folder where you data will be stored. A key is a data object.
These basics structures allow you to store your data in any way that makes sense for your application. From a security perspective, the service provides a number of tools to help you configure access to your data:
An Amazon S3 bucket is private by default (only the user who created it has access) and these methods give you the tools you need to provide access to the users or roles that require it.
What is Amazon Macie?
Amazon Macie leverages machine learning in order to automatically profile your Amazon S3 usage using a number of indicators like: content-types, file extensions, managed regex patterns, and managed data themes.
Once Amazon Macie establishes a baseline, it then continuously monitors the usage of your data and provides actionable alerts based on the risk posed to your data.
You might think of Amazon Macie as your own personal data security assistant. It sits tirelessly monitoring every access to your Amazon S3 data. It learns about patterns and profiles that determine what’s “typical” for your application. Anytime anything out of the ordinary happens, it raises an alert.
You can then react to these alerts by changing your Amazon S3 settings, adjust the configuration of you application, or change other security controls in your deployment.
At Trend Micro, we’ve built the Deep Security platform in order to help you fulfill your responsibilities in shared responsibility model. It helps you lock down your Amazon EC2 instances and Amazon ECS workloads and ensure that your application is doing what it’s supposed to…and only what it’s supposed to.
Deep Security applies it’s protections based on policy. The platform can automatically create and apply a policy for your workloads based on what’s running. This automation makes it easy to keep your security settings up to date.
The challenge comes downstream. Amazon S3 is an abstract service which means that you have very little day-to-day responsibility for it’s operations. The (slight) down side of that is that you don’t get the quite as granular insights you would expect from running a data backend—nor the cost, headache, or pain-in-the-you-know-what.
Amazon Macie provides those insights. With the alerts generated by Amazon Macie, you can make better decisions about security policies within Deep Security. You can make smarter security choices for the Amazon EC2 instances and containers running in Amazon ECS that access that data in Amazon S3.
The goal with this simple integration is to strengthen your applications security posture in order to better protect your data. With Amazon Macie providing insights on the backend and Trend Micro’s Deep Security protecting the frontend, you’ll get a much smarter security policy tailored to your AWS workflow.