Amazon Macie is a cloud security tool that uses machine learning to identify and protect sensitive data stored in the Amazon Web Services (AWS) public cloud.
Amazon Macie automatically and continuously discovers sensitive data, such as personally identifiable information (PII) or intellectual property, that an enterprise stores in AWS, and then uses natural language processing to classify that data and assign it a business value. This provides an administrator with more visibility into storage locations for sensitive data, its importance to the business and how users interact with it. This also helps an organization maintain compliance, and eliminates the need for an IT team to manually classify data and permissions to it.
An admin can also use Amazon Macie to detect intrusions and data leaks. The service constantly monitors and analyzes cloud data access and account behavior to identify unusual activity. If it detects inadvertent or suspicious behavior, it sends alerts to admins.
Some examples of suspicious activity that Macie can detect include:
- An account that downloads large amounts of sensitive data;
- Unusual activity from an unfamiliar IP address;
- A user who downloads source code that he or she doesn't normally interact with it; and
- Sensitive data being granted global access inadvertently.
Within the Macie dashboard, an admin can read recommendations for threat response and then take action, such as revoke access privileges or reset passwords, via preconfigured AWS Lambda functions.
Access and support
To use Macie, an admin logs in to the service via the AWS Management Console, runs preconfigured CloudFormation templates to establish AWS Identity and Access Management roles and policies, and defines the Simple Storage Service (S3) buckets to protect.
Macie supports Amazon S3 and AWS CloudTrail, and sends findings to CloudWatch Events. AWS plans to add support for more services in the future. Macie also supports third-party integration via API endpoints through the AWS SDK.