AWS Macie: Everything You Need To Know

With the rising number of security breaches affecting large and small businesses, it’s more critical than ever to have a well-rounded security platform. Protecting sensitive data such as Personal Identifiable Information (PII) is a top issue. As the amount of data stored in the AWS Cloud grows, you’ll feel compelled to automate findings, so you don’t have to waste time manually classifying data and assigning rights.

Amazon Macie can help you become more conscious of your data and the level of protection you have. We’ll look at what Amazon Macie is, how to set it up in the AWS Management Console, and more in this blog post.

In this blog, you will learn:

• What is Amazon Macie?
• How does Macie work?
• Macie benefits
• Macie use cases
• Macie set up
• Macie pricing
• Amazon Macie vs Amazon GuardDuty
• Integration with AWS Security Hub

What is Amazon Macie?

Amazon Macie is a security service that employs machine learning to find, classify, and safeguard sensitive data in the Amazon Web Services (AWS) cloud. It only supports Amazon Simple Storage Service (Amazon S3), although more AWS data stores are in the works.

Macie can recognise any personally identifiable information (PII) or protected health information (PHI) in your S3 buckets. Macie also monitors the S3 buckets’ security and access control. This can all help you comply with standards like the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Privacy Regulation (GDPR), as well as maintain the security you need on the AWS Cloud.

In general, Macie helps you answer these questions about your data:

1. In my S3 buckets, what data do I have?
2. What is its location?
3. Data is exchanged and kept in two ways: publicly and privately.
4. What methods can I use to classify data in real-time?
5. What personally identifiable information (PII) or protected health information (PHI) could be made public?
6. How do I create remediation workflows for my security and compliance requirements?

How does Macie work?

Macie will produce your S3 bucket list in the region where you enabled it within a few minutes of enabling Macie for your AWS account. Macie will also begin to keep an eye on the buckets’ security and access control. It generates thorough findings when it identifies the potential of illegal access or any inadvertent data disclosure.

Macie has three main features:

1. Macie summary dashboard

The dashboard gives you a quick overview of how the data is accessed and moved. The total number of buckets, objects, and S3 storage consumed are all displayed on this dashboard.

It also divides S3 buckets into public, encrypted, and private buckets, as well as buckets shared within and outside your AWS account or AWS company.

2. Macie Jobs

Create and run sensitive data discovery jobs in Amazon S3 buckets to automatically discover, record, and report sensitive data.

You can set the job to run only once for on-demand analysis or schedule it to run on a regular basis for recurring analysis and monitoring.

3. Macie Findings

A finding is a detailed report of potential policy violations for sensitive data in S3 buckets or S3 objects. Macie provides two types of findings: policy findings and sensitive data findings.

Macie can also send all findings to Amazon CloudWatch Events so you can build custom remediation and alert management.

Examples of policy findings below.

Examples of sensitive data findings below

In every Macie finding, you will find detailed info.

Macie benefits

• Easy to set up: Macie is simple to set up in the AWS Management Console with just one click, and it supports multiple accounts with AWS Organizations, so you can enable Macie across all of your accounts with just a few clicks. This primarily aids compliance by removing the requirement for an IT team to manually classify data and assign access to it.
• Constant monitoring of S3 buckets: Macie analyses your Amazon S3 environment on a regular basis and generates an S3 buckets overview for all of your AWS accounts. Macie will detect and notify you if there are any unencrypted buckets, buckets that are publicly accessible, or buckets that are shared outside of your AWS Organization. Macie lets you conduct data discovery jobs for all or a subset of objects in an Amazon S3 bucket on a one-time, daily, weekly, or monthly basis. It also keeps track of changes to the bucket, evaluating only new or modified objects over time.
• Meet privacy regulations: Amazon Macie keeps track of a growing range of sensitive data types, including typical personally identifiable information (PII) and other types of sensitive data as defined by data protection rules including GDPR, PCI-DSS, and HIPAA.
• Custom-defined sensitive data types: You can use regular expressions to add custom-defined data types to Amazon Macie, allowing it to identify unique sensitive data for your organisation.

Macie use cases

Simplify your data privacy and security

Amazon Macie makes data privacy across the whole Amazon S3 environment simple, delivering insights that you may utilise to respond promptly as needed. Macie also allows you to identify sensitive data in other data repositories by temporarily transferring it to S3.

Maintaining compliance

To help you fulfil and maintain your data privacy and compliance standards, Macie offers a variety of options for scheduling your data analysis, including one-time, daily, weekly, or monthly sensitive data discovery jobs.

Discover your sensitive data at scale

Macie employs machine learning and pattern matching to discover sensitive data in the targeted region at a low cost, and it performs well even in a complex S3 environment. Macie recognises a growing number of sensitive data categories, such as personally identifiable information (PII) including names, addresses, and credit card numbers, automatically.

Macie set up

The easiest way to set Macie up is by using the AWS Management Console:

1. Sign in to the Macie Console. Remember to choose the right AWS Region where you want to start.

2. Choose “Get started”.

3. Choose “Enable” Macie.

4. And then just click on “Get started” in the menu and select which “Job” you want to start.

Macie pricing

Macie’s free tier includes:

• Each account gets a 30-day free trial with S3 buckets assessment (breaks down S3 buckets by whether they are shared publicly, encrypted or not, and shared inside and outside your AWS account).
• You also get the first 1 GB of sensitive data discovery per month for free.

The monthly cost of Macie is calculated as follows:

• The amount of Amazon S3 buckets that have been evaluated: the cost is the same across all AWS Regions.
• The first 30-days of evaluation are free for all buckets.
• $0.10 every S3 bucket and month after the first 30 days.
• The cost of processing a large amount of data for sensitive data discovery varies by AWS Region.

Amazon Macie vs. Amazon GuardDuty

Amazon GuardDuty isn’t the same as Amazon Macie. Macie only looks at S3 buckets and classifies data intelligently to assist you to make sure the right access controls are in place.

To mitigate risk, Amazon GuardDuty employs intelligent and continuous threat monitoring of your AWS accounts, Amazon S3 data, and workloads.

Monitors from GuardDuty:

• API activity that is abnormal
• Attempts to turn off the AWS CloudTrail logging service
• Unauthorized deployment and instances that have been compromised
• Compromise S3 bucket.

Integration with AWS Security Hub

Macie is compatible with AWS Security Hub. Security Hub is a single location in the AWS environment where security warnings and findings from several AWS security services can be aggregated, organised, and prioritised.

Related Links/References

• AWS Free Tier Limits
• Overview of Amazon Web Services & Concepts
• How to create a free tier account in AWS
• AWS Certified Solutions Architect Associate SAA-CO2
• Storage – Amazon Elastic Compute Cloud – AWS Documentation
• Amazon Elastic File System User guide
• AWS Management Console Walkthrough
• AWS Certified Solution Architect Associate SAA-C02 Step By Step Activity Guides (Hands-On Labs)
• AWS EFS, EBS and S3: Best AWS Storage Option
• AWS Trusted Advisor Best Practices
• AWS Certificate Manager (ACM): Overview, Features and How it Works?
• AWS Route 53 Introduction

Next Task For You

Begin your journey towards becoming an AWS Certified Security Specialty by joining our FREE LIVE TRAINING on AWS Certified Security Specialty Click here to register for a golden opportunity to get the training worth about $297 absolutely FREE.

The post AWS Macie: Everything You Need To Know appeared first on Cloud Training Program.