News

Revamped Amazon Macie Adds ML Models, Pricing Changes

GEN1ArrowLightsRight

Amazon Web Services (AWS) has added some key changes to Macie, its machine learning-powered security tool for Amazon S3.

According to an AWS blog post this week, Macie is now better-equipped to discover sensitive data thanks to new machine learning models designed to detect personally identifiable information (PII).

Macie also has a new tiered pricing model that promises to lower costs by as much as 80 percent. Users are charged based on how many Amazon S3 buckets they scan with the service, plus the volume of data scanned for sensitive information. “With higher volumes, you can reduce your costs by more than 90%,” AWS said.

Macie was first launched in the fall of 2017 amid a spate of data security incidents in which millions of users’ sensitive information was exposed due to misconfigured Amazon S3 buckets. The service uses machine learning to identify sensitive data stored in S3, its level of security and normal user behaviors related to accessing that data. It then flags irregular behaviors as potential security breaches.

AWS said the revamped Macie incorporates feedback from users. Besides the added machine learning models and the simpler pricing structure, new Macie features include support for multiple AWS accounts via the AWS Organizations service, an improved user experience and “[f]ull API coverage for programmatic use of the service with AWS SDKs and AWS Command Line Interface (CLI).”

AWS has also improved the integration between Amazon S3 and Macie. This means two key benefits, according to AWS:

  • Enabling S3 data events in AWS CloudTrail is no longer a requirement, further reducing overall costs.
  • There is now a continual evaluation of all buckets, issuing security findings for any public bucket, unencrypted buckets, and for buckets shared with (or replicated to) an AWS account outside of your Organization.

Though Macie was designed to scan Amazon S3 data, the AWS blog pointed out that users can easily expand Macie’s utility to non-S3 data simply by temporarily storing outside data in S3 for Macie to access.

“[A]nything you can get into S3, permanently or temporarily, in an object format supported by Macie, can be scanned for sensitive data,” AWS said. “This allows you to expand the coverage to data residing outside of S3 by pulling data out of custom applications, databases, and third-party services, temporarily placing it in S3, and using Amazon Macie to identify sensitive data.”

About the Author

Gladys Rama is the senior site producer for Redmondmag.com, RCPmag.com and MCPmag.com.