Amazon continues to add security tools, including those that incorporate AI, to its cloud portfolio. But the vendor...
still has work to do -- particularly to aid customers' efforts to secure hybrid and multi-cloud infrastructures.
Last year, AWS security tools expanded with Amazon GuardDuty, a managed threat detection service customers can use to protect their accounts via continuous monitoring. Organizations can access GuardDuty through the AWS Management Console and use it to analyze API calls and network activity. These analyses establish a baseline, which enables the tool to correlate any abnormal activities with data from AWS and third-party sources. If it detects an anomaly, GuardDuty sends a security alert to the account owner.
GuardDuty uses machine learning coupled with more traditional, rule-based techniques to complement threat intelligence, said Anton Chuvakin, an analyst at Gartner. Organizations will find GuardDuty easy to deploy within AWS, which is the service's biggest advantage.
"[GuardDuty] helped [users] spot things like S3 buckets that have been left open or other kinds of configuration problems," he said.
However, the tool's AWS-only approach can be limiting.
"Customers want cross-cloud protection and use [GuardDuty] as a component of a cloud security strategy," said Andras Cser, analyst at Forrester. Users that need to secure a multi-cloud deployment must rely on third-party tools from vendors such as Alert Logic and CloudPassage.
GuardDuty just one of several AWS security tools
Of course, GuardDuty isn't the only option for an AWS security tool. Amazon Macie is another machine learning-based tool, which was acquired from a startup called Harvest.ai. Macie includes advanced technology that makes it more of a true AI service, said Chuvakin, who got a closer look at the product prior to the acquisition.
"It was able to recognize the nature of a document with a high degree of accuracy so that appropriate protections could be put in place," Chuvakin said. For example, the tool could accurately identify documents that deal with a corporate acquisition or merger.
Gartner classifies Macie as a data-loss-prevention service and, though it has some overlap with GuardDuty, it's focused primarily on data threats and theft.
In addition to GuardDuty and Macie, Amazon also offers CloudTrail, which supports governance, compliance, and operational and risk auditing of an AWS account.
Security in a multi-cloud world
AWS continues to invest in its security tool set, most recently with its purchase of Sqrrl, a startup that uses machine learning to analyze security threats. That technology, combined with GuardDuty, provides context on the threat landscape through scans for anomalous behavior, malware or other potential problems, said Christina Richmond, analyst at IDC.
However, AWS and other major cloud service providers have taken a similar -- and narrow -- view of their customers' security needs, Richmond said. For example, they all do a good job with protections on their own platforms, but none of them secure data at rest or in motion outside of their own environments.
"We live in a world that is hybrid in nature. Increasingly, we're seeing companies no longer working with just one cloud provider but with multiple clouds, private clouds and on premises," she said. "Data movement between those environments is not the purview or concern today for the cloud service provider."
Eventually, market forces will compel the biggest cloud service providers to deliver broader security services, Richmond said. For example, IBM, Oracle and Cisco have all taken steps to better support hybrid and multi-cloud customers.
This approach will result in stronger protection for customers, regardless of where their data is located. This, Richmond believes, is going to be a challenge for AWS security tools. "There's pressure coming from the marketplace saying they've got to change," she added.
- Security Operations Center: Build on the Native Security Features of AWS and ... –Arctic Wolf
- Automated Security at the Speed of DevOps –Trend Micro, Inc.
- Beginner's Guide to AWS Security Monitoring –AT&T Cybersecurity