Cloud

8/14/2017
04:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Amazon Tackles Security of Data in S3 Storage

Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.

Amazon today announced a new security service built to identify, classify, and protect sensitive data stored in AWS from leaks, breaches, and unauthorized access, with Amazon Simple Storage Service (S3) being the initial data store.

S3 appeals to organizations due to its simplicity: It's easy for users to sort their software and services data into "buckets" in the cloud. But the catch is that it's equally easy for users to misconfigure permissions and leave data exposed, as evidenced in high-profile data leaks affecting Verizon, the WWE, Republican National Committee, and Scottrade earlier this year.

Back in June, millions of voter records were leaked from an unsecured AWS S3 bucket storage account owned by Deep Root Analytics, which performed work on behalf of the Republican National Committee. Permissions had been set to public instead of private, making data files publicly accessible; in some cases, the records could also be downloaded.

One month later, a data leak at Dow Jones & Co. exposed the personal data of millions of customers after S3 settings had been configured to let any AWS Authenticated User download data using the bucket's URL. "Authenticated user" means anyone who has a free AWS account, meaning the data was accessible by more than one million people.

Amazon's new Macie service was not created in response to this year's S3 leaks, but could help address similar incidents by alerting security teams to events like misconfigured bucket permissions, which led to the Deep Root Analytics leak.

The service finds and classifies data stored in S3, gives each data object a business value, and monitors for suspicious activity based on user authentications to data, times of access, and data access locations, according to Amazon.

Macie runs an engine to specifically detect common sources of personally identifiable information (PII) or sensitive personal information (SP), Amazon's Tara Walker said in a blog post on the news. It also checks events in AWS CloudTrail for PUT requests in S3 buckets to detect and classify new information. Amazon's new service also uses machine learning algorithms and natural language processing to automatically classify data objects by file and content type. It shows how data objects are classified and highlights data based on how critical it is for business use, personal use, and compliance.

Data is assigned a risk level ranging from 1 (lowest risk) to 10 (highest risk). Its dashboard groups data into high-risk S3 objects (those with risk levels 8-10), total event occurrences since Macie was enabled, and total user sessions. Users can define and customize automated remediation actions, such as triggering password reset policies, based on activity.

After it sets a baseline for the organization's sensitive data, it monitors for activity that could indicate risky behavior.

Users are alerted of suspicious behavior that could put information at risk; for example, if large quantities of source code are downloaded by a user account that doesn't usually access the data. The same would happen if there were sudden changes in permissions of Amazon S3 buckets, or if API keys were uploaded into source code.

"By using machine learning to understand the content and user behavior of each organization, Amazon Macie can cut through huge volumes of data with better visibility and more accurate alerts, allowing customers to focus on securing their sensitive information instead of wasting time trying to find it," AWS CISO Stephen Schmidt said in a statement.

Macie can send findings to Amazon CloudWatch Events and support API endpoints through AWS SDK later this year so it can integrate with third-party tools. Planned integrations include providers like Palo Alto Networks, Trend Micro, and Splunk.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
UdyRegan
50%
50%
UdyRegan,
User Rank: Apprentice
7/31/2018 | 12:03:25 AM
Re: Introspective
I truly feel that the difficulty of all this online security will be the consumer themselves. I'm pretty sure that some of them will think that they know better and try to reconfigure their own security settings somehow. And then when there's a breach, they'll just up and blame the provider for not doing more to protect them. And too bad for them, because as a service provider, that's the onus they take upon themselves when they offer such services! 
cybersavior
50%
50%
cybersavior,
User Rank: Strategist
9/19/2017 | 11:32:49 AM
Introspective
The underlying reason that Amazon was motivated to author "Macie" is very telling.  Fundamentally, organizations don't maintain a good accounting of where their data is, how it is tagged/labeled nor who can acccess it (or derived works from it).
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.