Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Introducing Amazon Macie
Jenny Brinkley
Principal...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
What to expect from this session
• Introduction o...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AMAZON MACIE
MACHINE LEARNING VISIBILITY SERVICE ...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Customer Challenges
• What data do I have in the ...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Example CloudTrail event
"Records": [{
"eventVers...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Understand Your
Data
Natural Language
Processing ...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Intrusion Detection within AWS – Common Customer
...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Machine Learning Goals for Security
• Categorize ...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Machine Learning Challenges for Security
• Every ...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
How Does Amazon Macie Use Machine Learning?
• Und...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Incident Response in AWS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Macie User Behavior Analytics
• We use behavioral...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
0. Feature extraction
From event data.
1. Map
Int...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
• PII and personal data
• Source code
• SSL certi...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Typical Response - Remove the key from the Intern...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
MACHINE LEARNING FOR COMPLIANCE
FOR PII-TYPES LIK...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Nerding out on data classification
AWS Confidenti...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Challenge: Addressing False Positives
AWS Confide...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon Macie - Demo
AWS Confidential
1. Gain visi...
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliate...
Amazon Macie Demo
Upcoming SlideShare
Loading in …5
×

Amazon Macie Demo

832 views

Published on

In this session, we will review Amazon Macie, a new visibility security service that helps classify and secure your sensitive and business-critical content.

  • Be the first to comment

  • Be the first to like this

Amazon Macie Demo

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Introducing Amazon Macie Jenny Brinkley Principal, Amazon Macie Machine Learning for Visibility and Security for S3
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved What to expect from this session • Introduction on the Amazon Macie Service • How Amazon Macie Uses Machine Learning • Getting Started with Amazon Macie
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AMAZON MACIE MACHINE LEARNING VISIBILITY SERVICE IDENTIFIES SENSITIVE INFORMATION TO HELP AUTOMATE SECURITY AND COMPLIANCE
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Customer Challenges • What data do I have in the cloud? • Where is it located? • How is data being shared and stored? • How can I classify data in near-real time? • What PII/PHI is possibly exposed? • How do I build workflow remediation for my security and compliance needs?
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Example CloudTrail event "Records": [{ "eventVersion": "1.0", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:user/Alice", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2017-03-24T21:11:59Z", "eventSource": "iam.amazonaws.com", "eventName": "CreateUser", "awsRegion": "us-east-1", "sourceIPAddress": ”55.55.55.55", "userAgent": "aws-cli/1.3.2 Python/2.7.5 Windows/7", "requestParameters": { "userName": "Bob" }, "responseElements": { "user": { "createDate": "Mar 24, 2017 9:11:59 PM", "userName": "Bob", "arn": "arn:aws:iam::123456789012:user/Bob", "path": "/", "userId": "EXAMPLEUSERID" } ....
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Understand Your Data Natural Language Processing (NLP) Understand Data Access Predictive User Behavior Analytics (UBA) Macie Overview
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Intrusion Detection within AWS – Common Customer Questions “What should we look for in our AWS billing?” • Unexplained billing spikes. • Unexplained data transfer charges. • Billing in previously unused AWS Regions. • Billing for previously unused AWS services. • Enable Billing Alerts using CloudWatch to help detect anomalous usage patterns.
  8. 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Machine Learning Goals for Security • Categorize new or unknown threads based on known and theorized examples • High coverage (volume of true positives) • High accuracy (few false positives) • Adaptive
  9. 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Machine Learning Challenges for Security • Every customer is different • Threats are ever changing • Penalty for error is high • Flood of data
  10. 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved How Does Amazon Macie Use Machine Learning? • Understand behavioral analytics to baseline normal behavior • Train and develop contextualized alerts by understanding the value of data being accessed • Context for content
  11. 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Incident Response in AWS
  12. 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Macie User Behavior Analytics • We use behavioral analytics to baseline normal behavior patterns. • Contextualize by value of data being accessed. • Goals: • Go to crazy lengths to avoid false positives • Features, features • Compare peers • Tell a narrative
  13. 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved 0. Feature extraction From event data. 1. Map Into user time-series. 2. Cluster peer groups. 3. Predict user activity. Update models. 4.Identify Anomalies. 5. Attempt to explain statistically. 7. Alert and narrative explanation created. Normal accesses
  14. 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved • PII and personal data • Source code • SSL certificates, private keys • iOS and Android app signing keys • Database backups • OAuth and Cloud SAAS API Keys Macie Content Classification
  15. 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Typical Response - Remove the key from the Internet! • Take down the page it was posted on • DMCA Notice • Remove it from search engine caches This approach does not work. Let’s focus on our IR goals…
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved MACHINE LEARNING FOR COMPLIANCE FOR PII-TYPES LIKE NAMES, ADDRESSES, USER NAMES AND PASSWORDS, A REGEX-BASED APPROACH ISN’T POSSIBLE
  17. 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Nerding out on data classification AWS Confidential ML-based PII classifiers built for: Names, Addresses, Credit cards, Email addresses, IPv4/6, User names, Passwords, National IDs : Random Forest Classifier, utilizing TF-IDF weighted character n-grams and named entity recognition. Full Name: Support for multiple locales based on named entity recognition, supported with directories unstructured texts of most common first and last names. Support Vector Machine classifier recognizes known document types: Top 30 programming languages on Github, Top 15 log formats (e.g. CloudTrail, S3 access log, Apache, Syslog), top 8 database backup formats. REGEX-based detection of 19 credential formats. High performance streaming extractors allow DLP to scale to S3: • Hadoop formats including Parquet, ORC, Rcfile • Compression formats: ZIP, Gzip, BZip2, RAR • Database: MSSQL, MySQL • JSON, CSV • +Over 800 additional file formats supported
  18. 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Challenge: Addressing False Positives AWS Confidential All of you are doing data classification and anomaly detections yourselves, and are working to address these false positives. We understand this problem, and here is how we’re addressing this. • Trained classifiers examine both content and metadata • Leverage Amazon AI and NLP experience • Structure and unstructured data processors • Classify data in chunks • Test corpus built from the varied kinds that customers store in S3
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon Macie - Demo AWS Confidential 1. Gain visibility into globally shared content 2. Identify anomalous access 3. Corporate compliance – GDPR, PCI, PII
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Thank you!

×