Select Page

Amazon Macie: Artificial Intelligence for Efficient Data Security

Data security is one of the prime reasons why enterprises and domestic users explore cloud backup services. Public cloud service providers such as Amazon and Microsoft provide multiple options to enable the creation of logical containers. 

These containers can hold documents and data and each can have different level of permission, facilitating access control and management. However, despite the options most users (domestic, enterprise and even governments) don’t take security seriously.

A recent survey conducted in May 2017, stated that 60,000 US government files were in Amazon S3 with public access. Among this data, a total of 28 GegaBytes (GBs) contained unencrypted passwords owned by government contractors with Top Secret Facility Clearance.

The accessibility of sensitive data imposes the necessity of a management service that detects these holes in security protocols and appropriately respond to them.

Amazon Macie: Artificial Intelligence Security Service

Amazon Macie is a machine learning-powered security service. The artificial intelligence discovers, classifies and protects sensitive data in Amazon Web Services (AWS). Macie identifies sensitive data as Personally Identifiable Information (PII) or intellectual property. Macie provides you with a dashboard that offers visibility into how this data is being accessed or relocated. The service continuously monitors data access activity for irregularities and creates detailed alerts when a risk of unauthorized access or unintentional data leak is detected.

Macie develops an understanding, by monitoring your cloud backup, of where your sensitive information is located and how it’s usually accessed. This includes information about user authentication, locations and times of access. Initially, Macie creates a baseline and then it actively monitors for irregularities that indicate risk or distrustful behavior. Macie also provides you the ability to easily define and customize automated remediation actions.

How Amazon Macie works

Macie has an interesting way of arriving at the classification and security mechanism of data. It relies on three data sources:

Data: Macie reads the actual data and extracts keywords from it from file formats such as Microsoft Word, Excel, .txt files. Macie compares file extensions to evaluate the security level of data. For instance Macie will move a .pem file higher in risk level then a .txt file.

Metadata: Macie also considers the information associated to a file, S3 object, and buckets when classifying and determining the security level.

Access Information and Credentials: Macie also utilizes Amazon CloudTrail. CloudTrail is a service in AWS that logs approximately every Application Programming Interface (API) request made. Macie uses these logs to capture object-level API activity of S3 objects. Macie also acquires information related to users and roles from Identity and Access Management (IAM).

Benefits of Amazon Macie

Amazon Macie: Artificial Intelligence for Efficient Data Security

Data Visibility

Macie is capable of identifying data with high business value including programming languages to detect source code, database backup formats, logging formats, API key formats and credentials.

Amazon Macie: Artificial Intelligence for Efficient Data Security

With machine learning, Macie classifies your Amazon S3 objects in a way that provides maximum visibility into your S3 environment. The classification also facilitates ease of access and the speed of operations.

User Behavior Analytics

Macie comes with a user behavior analytics engine. This engine helps identify risky or suspicious activity with AWS service API calls and access to high value content. This engine is also able to detect sudden impulses in high risk API activity. If there is a specific file or data that’s being accessed at irregular hours from various different locations; then the engine will detect this anomaly versus the user’s usual behavior.

Amazon Macie: Artificial Intelligence for Efficient Data Security

As Macie is also aware of sensitive and important information, increase in access to this content may indicate possible data loss; it is also able to detect this pattern.

Automated Workflows

Amazon Macie facilitates integration with Security Information and Event Management (SIEM) services and Managed Security Service Provider (MSSP) solutions. These services and solutions support security and compliance use cases such as: compliance rule-set creation and modification, alert handling, reporting and configurations for objects in S3, and application and login events.

Amazon Macie: Artificial Intelligence for Efficient Data Security

Automatic Alert Categories

Macie provides 20 alert categories, these categories help offer early warning on security and compliance use cases such as high risk data events, unencrypted backups containing credentials, API keys and credentials being stored within source code, and early stages of an attack including behaviors indicating lateral movement, back-door accounts, persistence mechanisms, and enumeration of role privileges.

Amazon Macie: Artificial Intelligence for Efficient Data Security

Conclusion

Amazon Macie is the immediate solution to the security issues observed by the survey (mentioned above). Enterprises and Governments can employ Macie to classify their data and secure it, preventing data leaks. StoneFly’s backup appliances provide cloud gateways into Amazon’s cloud and services. Besides gaining unlimited, secure and reliable on-premise storage with StoneFly; you can also extend to the cloud and evolve into a hybrid cloud solution which is capable of properly sorting and protecting your data using Macie. 

Turla Ransomware: Comprehensive Analysis of the Russian APT

Turla Ransomware: Comprehensive Analysis of the Russian APT

Turla ransomware is a sophisticated cyber threat known for its stealthy operations and advanced infiltration techniques. Leveraging custom malware, zero-day vulnerabilities, and highly targeted attacks, Turla poses a significant risk to corporate networks across...

What is Black Basta Ransomware and How to Defend Against it

What is Black Basta Ransomware and How to Defend Against it

Black Basta, a sophisticated ransomware group, has become a major threat to organizations globally, targeting industries ranging from healthcare to financial services. Known for using double-extortion tactics, Black Basta not only encrypts critical data but also...

S3 Object Storage Cost Comparison: Cloud vs Data Center

S3 Object Storage Cost Comparison: Cloud vs Data Center

S3 object storage cost comparisons between public cloud options and private data centers reveal crucial differences in long-term expenses and scalability. Public cloud providers offer readily available infrastructure and flexibility, but data storage and retrieval...

S3 Object Storage: The Ultimate Solution for AI/ML Data Lakes

S3 Object Storage: The Ultimate Solution for AI/ML Data Lakes

Artificial Intelligence (AI) and Machine Learning (ML) workloads generate and require massive amounts of data, often from diverse sources such as structured databases, unstructured logs, multimedia, and sensor data. To manage this data effectively, enterprises...

Top Reasons to Prioritize NAS Storage Backup in Your IT Strategy

Top Reasons to Prioritize NAS Storage Backup in Your IT Strategy

Backing up your NAS appliance is a non-negotiable requirement for enterprise organizations. While NAS systems offer scalable storage and accessibility, they are still vulnerable to critical risks such as hardware failures, cyberattacks, and data corruption. Without a...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email