• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cloud Computing   »   Amazon Macie and Deep Security

Amazon Macie and Deep Security

  • Posted on:August 14, 2017
  • Posted in:Cloud Computing
  • Posted by:
    Mark Nunnikhoven (Vice President, Cloud Research)
0

Editors Node: Over time the Deep Security API has evolved making this workflow trivial using the APIs. Therefore the integration code has been retired and instructions on how to replicate the workflow are available in the Deep Security Automation Center.


Amazon S3 stores trillions of objects and regularly peaks at millions of requests per second. By any metric, it’s massive. With unparalleled durability and availability, it’s the backbone of AWS’ data services.

This morning at the AWS Summit in New York City, AWS launched a new service: Amazon Macie. Trend Micro is proud to support this exciting new service at launch.

Amazon Macie provides automated insights into the usage of your Amazon S3 data.

Amazon S3 is secure by default and has always provided a strong set of security controls but it has been challenging to effectively monitoring the usage of the service. AWS CloudTrail and AWS Config let you examine the usage of your data while AWS Config Rules–another service Trend Micro supported at launch—lets you react to configuration changes. But these solutions have required some legwork in order to pull the signal from the noise.

Now, Amazon Macie presents that signal to you automatically. This provides much needed insight into your business uses as well as your security.

What is Amazon S3?

As a quick recap, Amazon S3 works with two simple objects: buckets and keys. A bucket is essentially a root folder where you data will be stored. A key is a data object.

These basics structures allow you to store your data in any way that makes sense for your application. From a security perspective, the service provides a number of tools to help you configure access to your data:

  • Bucket policies
  • IAM policies
  • Access Control Lists (ACLs)
  • Query string authentication/URL-based access

An Amazon S3 bucket is private by default (only the user who created it has access) and these methods give you the tools you need to provide access to the users or roles that require it.

Up until now, you had to comb through Amazon S3 logs in order to determine who was accessing your data and what the normal patterns of that access was.

What is Amazon Macie?

Amazon Macie leverages machine learning in order to automatically profile your Amazon S3 usage using a number of indicators like: content-types, file extensions, managed regex patterns, and managed data themes.

Once Amazon Macie establishes a baseline, it then continuously monitors the usage of your data and provides actionable alerts based on the risk posed to your data.

You might think of Amazon Macie as your own personal data security assistant. It sits tirelessly monitoring every access to your Amazon S3 data. It learns about patterns and profiles that determine what’s “typical” for your application. Anytime anything out of the ordinary happens, it raises an alert.

You can then react to these alerts by changing your Amazon S3 settings, adjust the configuration of you application, or change other security controls in your deployment.

Jeff Barr has a fantastic post up about the inner workings of Amazon Macie and how to get started with the service over on the AWS blog.

Combined Defences

At Trend Micro, we’ve built the Deep Security platform in order to help you fulfill your responsibilities in shared responsibility model. It helps you lock down your Amazon EC2 instances and Amazon ECS workloads and ensure that your application is doing what it’s supposed to…and only what it’s supposed to.

Deep Security applies it’s protections based on policy. The platform can automatically create and apply a policy for your workloads based on what’s running. This automation makes it easy to keep your security settings up to date.

The challenge comes downstream. Amazon S3 is an abstract service which means that you have very little day-to-day responsibility for it’s operations. The (slight) down side of that is that you don’t get the quite as granular insights you would expect from running a data backend—nor the cost, headache, or pain-in-the-you-know-what.

Amazon Macie provides those insights. With the alerts generated by Amazon Macie, you can make better decisions about security policies within Deep Security. You can make smarter security choices for the Amazon EC2 instances and containers running in Amazon ECS that access that data in Amazon S3.

We will shortly have a simple AWS Lambda workflow available on GitHub to demonstrate how Amazon Macie and Deep Security can work together. Here’s a quick look at the high level design:

Amazon Macie and Deep Security Workflow

The goal with this simple integration is to strengthen your applications security posture in order to better protect your data. With Amazon Macie providing insights on the backend and Trend Micro’s Deep Security protecting the frontend, you’ll get a much smarter security policy tailored to your AWS workflow.

What do you think of Amazon Macie? What are you going to use it’s automated insights for? Let me know on Twitter where I’m @marknca.

Related posts:

  1. AWS Security Hub and Deep Security
  2. Amazon Inspector and Deep Security
  3. Securing Containers at Scale: Amazon EKS, Amazon ECS and Deep Security Smart Check
  4. Automate Vulnerability Scanning With Amazon Inspector and Deep Security

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.