Amazon Macie: Artificial Intelligence for Efficient Data Security

These containers can hold documents and data and each can have different level of permission, facilitating access control and management. However, despite the options most users (domestic, enterprise and even governments) don’t take security seriously.

A recent survey conducted in May 2017, stated that 60,000 US government files were in Amazon S3 with public access. Among this data, a total of 28 GegaBytes (GBs) contained unencrypted passwords owned by government contractors with Top Secret Facility Clearance.

The accessibility of sensitive data imposes the necessity of a management service that detects these holes in security protocols and appropriately respond to them.

Amazon Macie: Artificial Intelligence Security Service

Amazon Macie is a machine learning-powered security service. The artificial intelligence discovers, classifies and protects sensitive data in Amazon Web Services (AWS). Macie identifies sensitive data as Personally Identifiable Information (PII) or intellectual property. Macie provides you with a dashboard that offers visibility into how this data is being accessed or relocated. The service continuously monitors data access activity for irregularities and creates detailed alerts when a risk of unauthorized access or unintentional data leak is detected.

Macie develops an understanding, by monitoring your cloud backup, of where your sensitive information is located and how it’s usually accessed. This includes information about user authentication, locations and times of access. Initially, Macie creates a baseline and then it actively monitors for irregularities that indicate risk or distrustful behavior. Macie also provides you the ability to easily define and customize automated remediation actions.

How Amazon Macie works

Macie has an interesting way of arriving at the classification and security mechanism of data. It relies on three data sources:

Data: Macie reads the actual data and extracts keywords from it from file formats such as Microsoft Word, Excel, .txt files. Macie compares file extensions to evaluate the security level of data. For instance Macie will move a .pem file higher in risk level then a .txt file.

Metadata: Macie also considers the information associated to a file, S3 object, and buckets when classifying and determining the security level.

Access Information and Credentials: Macie also utilizes Amazon CloudTrail. CloudTrail is a service in AWS that logs approximately every Application Programming Interface (API) request made. Macie uses these logs to capture object-level API activity of S3 objects. Macie also acquires information related to users and roles from Identity and Access Management (IAM).

Benefits of Amazon Macie

With machine learning, Macie classifies your Amazon S3 objects in a way that provides maximum visibility into your S3 environment. The classification also facilitates ease of access and the speed of operations.

User Behavior Analytics

Macie comes with a user behavior analytics engine. This engine helps identify risky or suspicious activity with AWS service API calls and access to high value content. This engine is also able to detect sudden impulses in high risk API activity. If there is a specific file or data that’s being accessed at irregular hours from various different locations; then the engine will detect this anomaly versus the user’s usual behavior.

Automatic Alert Categories

Macie provides 20 alert categories, these categories help offer early warning on security and compliance use cases such as high risk data events, unencrypted backups containing credentials, API keys and credentials being stored within source code, and early stages of an attack including behaviors indicating lateral movement, back-door accounts, persistence mechanisms, and enumeration of role privileges.