Friday, 9 February 2018

AWS Macie

Overview
  • Passive scan of data store
  • Classifies data
  • Understands information flow
    • How this data is accessed
    • Where it flows
  • Regular expressions
    • Used to pattern-match
  • Can query data

Account
  • Supports master/member model
    • Similiar to Guard Duty

Alerts
  • Basic 
    • Managed (Macie-curated
    • Customer specified
  • Predictive
    • Baseline user behavior
    • Alert on activity that deviates from normal behavior (baseline)
      • e.g. user uploading/downloading abnormal number of files

Data Source
  • CloudTrail
    • Including S3 data plane access logs
      • i.e. object level access
  • S3
    • Read-only access to S3 (IAM role)
    • Does not replicate to disk
      • To not create compliance concerns
    • Supports compressed files

Data Classification
  • File extension
  • Regular expressions (50+)
    • 50+ 
  • Machine Learning
    • Supervised Vector Machines (SVM)
  • Detects
    • Backup formats
    • Credentials formats
    • Source code languages
    • PII/PHI

Risk 
  • Automatic assignment [1-10]

References
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)