Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Amazon Macie: Data Visibility Powered by Machine Learning for Security and Compliance Workloads - SID325 - re:Invent 2017

1,693 views

Published on

In this session, Edmunds discusses how they create workflows to manage their regulated workloads with Amazon Macie, a newly-released security and compliance management service that leverages machine learning to classify your sensitive data and business-critical information. Amazon Macie uses Recurrent Neural Networks (RNN) to identify and alert potential misuse of intellectual property. They do a deep dive into machine learning within the security ecosystem.

  • Be the first to comment

Amazon Macie: Data Visibility Powered by Machine Learning for Security and Compliance Workloads - SID325 - re:Invent 2017

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT A m azo n Mac i e : Data Vi si b i l i ty Po we r e d b y Mac hi ne L e ar ni ng f o r Se c u r i ty and Co m p l i anc e W o r kl o ads A l e x a n d e r W a t s o n , G M o f A m a z o n M a c i e A j i t Z a d g a o n k a , E x e c D i r e c t o r E n g . & O p s a t E d m u n d s . c o m Z a h e r D a n n a w i , P r o d u c t M a n a g e r o f A m a z o n M a c i e N o v e m b e r 3 0 , 2 0 1 7 SID325
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMAZON MACIE ML-POWERED VISIBILITY SERVICE IDENTIFIES SENSITIVE INFORMATION TO HELP AUTOMATE SECURITY AND COMPLIANCE
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Macie overview Understand your data Natural Language Processing (NLP) Understand data access Predictive User Behavior Analytics (UBA)
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Goals for data-centric security • Categorize new or unknown threats based on known and theorized examples • High coverage (volume of true positives) • High accuracy (few false positives) • Adaptive
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Visibility is a core security pillar • Customers have multiple contributors and collaborators • Compliance regulations (GDPR, PCI…) • Security needs – anomaly detection • Auditing needs – identifying overly permissive content
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3D visibility into your data 1. Object visibility – size, type, date … 2. Content visibility – personal data, credentials, IP… 3. Security and compliance visibility • Identification of overly permissive data • Unauthorized access to content • Remediation of concerns
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Macie Content Classification • PII and personal data • Source code • SSL certificates, private keys • iOS and Android app signing keys • Database backups • OAuth and Cloud SAAS API Keys
  8. 8. 8 We love helping people find their perfect car
  9. 9. 9 Edmunds—interesting numbers 20M monthly visitors 200M+ monthly page views Over 13K+ dealer partners Over 18K+ franchise Over 5M active inventory on website
  10. 10. 10 Journey into clouds 2011 Zen 2012 2013 2014 2016 Citrix CloudStack AWS 100% AWS Site 100% AWS ECS Docker 2017 Ops Works
  11. 11. 11 S3 growth = S3(1 + r)t • Very easy to store data • Replicate across regions • Apply lifecycle policies, archival • Share with people
  12. 12. 12 • Data lake • Big data analytics with EMR • Application storage • Database backups • … • In a nutshell… any kind of data S3 is storage for the Internet
  13. 13. 13 Easy ≠ accidents • Use the bucket permissions • IAM roles and policies • Apply lifecycle policies, archival • Keep keys secure • Do not share the bucket or make public unless really needed
  14. 14. 14 Infrastructure security • VPC, security groups • MFA • Key rotation • Auditing
  15. 15. 15 Challenges • What data do I have in the cloud? • Where is it located? • How is data being shared and stored? • How can I classify data in near-real time? • What PII/PHI is possibly exposed? • How do I build workflow remediation for my security and compliance needs?
  16. 16. 16 How we use Macie at Edmunds • Up to the minute data scans, and auditing reports • Access and alerting to security events and to enforce best practices • Data classification – identification of sensitive content • Integration with dev-ops workflows
  17. 17. 17 Data classification • To know what is in data—PII, credits cards, etc. • See which risk profile and data buckets relationship • Filter and search for specific data type risks • See the access pattern
  18. 18. 18 Macie lets me do my job more effectively, on things which otherwise were not possible. It’s helping me take compliance and security to the next level.
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MACHINE LEARNING FOR COMPLIANCE FOR PII-TYPES LIKE NAMES, ADDRESSES, USER NAMES AND PASSWORDS, A REGEX-BASED APPROACH ISN’T POSSIBLE
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Macie user behavior analytics We use behavioral analytics to baseline normal behavior patterns Contextualize by value of data being accessed Goals: • Go to great lengths to avoid false positives • Features, features • Compare peers • Tell a narrative
  21. 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Not just bucket policies, object policies, too! • Quickly approve or remediate open bucket and object policies • Gain visibility on your account security posture • Prioritize by PII impact and DLP risk Discover and alert on global permissions to sensitive content
  22. 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated actions on alerts • Simplify with Lambda • Delete the object • Revoke access—bucket or object • Perimeter guard • Update IAM policies • Suspend user
  23. 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Macie—demo 1. Where does my sensitive data exist? 2. What’s sensitive about the data? 3. How and where is my data accessed? 4. Leveraging custom and prepackaged policies for compliance
  24. 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!
  25. 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 0. Feature extraction from event data 1. Map into user time-series 2. Cluster peer groups 3. Predict user activity, update models 4.Identify anomalies 5. Attempt to explain statistically 7. Alert and narrative explanation created Normal accesses

×