Amazon Detective has been given a new set of generative AI tools by Amazon Web Serivces (AWS) aimed at streamlining the efficiency of security investigations.
Four new AI-powered capabilities have been unveiled in total ahead of the firm’s flagship AWS re:Invent conference in Las Vegas this week.
AWS said the launch of the new features will remove the “heavy lifting” for security analysts and improve the speed and efficiency of investigations and incident response.
Detective finding group summaries, for example, uses generative AI to “enrich” security investigations, according to AWS’ Sébastien Stormacq.
The AI-powered tool will automatically analyze security incidents and provide users with natural language responses to support investigations, he said.
"It provides a plan language title based on the analysis of the finding group with relevant summarized insights, such as describing the activity that initiated the event and its impact,” he said.
“Find group summaries handles the heavy lifting of analyzing the finding group built across multiple AWS data sources, making it easier and faster to investigate unusual or suspicious activity.”
Amazon Detective: Detailed security insights
The AI-supported finding group feature will evaluate connections between security events spanning multiple environments, Stormacq explained.
Bring together data, low-cost storage, security, and ML services with the cloud.
This will include insights on related threats across data sources, potentially compromised resources, and malicious actor behaviors.
Stormacq noted the capability will offer security analysts a “comprehensive overview of security incidents that goes beyond individual service reports” by collating relevant data across multiple sources.
“By grouping and contextualizing data from multiple sources, finding group summaries identifies threats that might go unnoticed when insights are isolated,” he said in a blog post. “This approach improves the speed and efficiency of investigations and responses.”
“Security analysts can utilize finding group summaries to gain a holistic understanding of security events and their interrelationships, helping them make informed decisions regarding containment and remediation.”
Amazon Detective investigations for IAM
Alongside the finding group capabilities, AWS also announced the launch of Amazon Detective investigations for Identity and Access Management (IAM).
This will provide security analysts with detailed insights into IAM objects, including users and roles, to determine indicators of compromise. This, the firm said, will help analysts “determine potential involvement” by specific threat actors by drawing on resources from the MITRE ATT&CK framework.
Automated investigations through the tool are currently available in the Detective session of the AWS Management Console, Stormacq confirmed.
The update will also provide access to the tool through a new API which enables users to automate analysis or incident response capabilities, as well as the ability to pass on findings to other systems, including AWS Security Hub.
