Amazon Macie Details
Amazon Macie uses machine learning to better understand where your sensitive information is located and how it’s typically accessed, including user authentication, locations, and times of access. Today, Amazon Macie is available to protect data stored in Amazon S3, with support for additional AWS data stores coming later this year. Amazon Macie first creates a baseline and then actively monitors for anomalies that indicate risks and/or suspicious behavior, such as large quantities of source code being downloaded, credentials being stored in an unsecured manner, or sensitive data that is configured to be externally accessible. With the Amazon Macie console, your most important information is front and center with detailed alerts and recommendations for how to resolve issues. Amazon Macie also gives you the ability to easily define and customize automated remediation actions, such as resetting access control lists or triggering password reset policies.
Amazon Macie uses machine learning-based classification of your Amazon S3 objects to provide visibility into your S3 environment. Macie can identify data with high business value including programming languages to detect source code, logging formats, database backup formats, credentials, and API key formats.
User Behavior Analytics
Amazon Macie's user behavior analytics engine helps identify risky or suspicious activity with AWS service API calls and access to high value content. It includes the ability to detect sudden increases in high risk API activity, anomalous API activity through multiple locations or at infrequent hours, and increases in access to content that could indicate possible data loss.
Amazon Macie allows you to integrate with Security Information and Event Management (SIEM) services and Managed Security Service Provider (MSSP) solutions. This helps support security and compliance use cases including: alert handling, compliance ruleset creation and modifications, reporting and configurations for content in S3, and application and login events through CloudTrail.
Automatic Alert Categories
Amazon Macie supports 20 alert categories that help provide early warning on security and compliance use cases including: high risk data events, API keys and credentials being stored within source code, unencrypted backups containing credentials, and early stages of an attack including behaviors indicating lateral movement, persistence mechanisms, back-door accounts, and enumeration of role privileges.