Amazon Macie in a nutshell - 2023 AWS service


 

The following notes are from my journey in studying for the AWS Solutions Architect - Associate exam and I share them in hopes that you too may find them informative.

(DESKTOP users only) To view script > left click > right click - open image in new tab > the cursor turns into a plus sign > left click > will offer zoomed in mode.


Links listed in image:

https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-reduce-the-cost-of-discovering-sensitive-data/

https://aws.amazon.com/macie/pricing/

https://aws.amazon.com/s3/pricing/

---------------------------------------------------------------------------------------------

Note: I would appreciate your support of this blog by going to the link below to "Buy me a pizza" so that I may continue to provide educational scripts, resources and general tech stuff. 🍕

Thank you.

https://www.buymeacoffee.com/infosec_coder

---------------------------------------------------------------------------------------------

Amazon Macie 

Amazon Macie is a securite service which focuses on data discovery, classification, and protection -- especially for Amazon S3 buckets.

The following are key concepts in helping to understand how to approach exam questions to determine (if it is a multiple choice question) which answers are distractors and which answer is the best answer.

I. Data Discovery 
    a. Amazon Macie automatically discovers sensitive data within Amazon  
       S3 buckets. 
    b. Macie uses machine learning and pattern matching to identify:
        - Personally Identifiable Information (PII)
        - Financial data
        - Intellectual property
        - Other sensitive content

II. Data Classification
    a. Once Macie discovers data, it classifies the data based upon sensitivity
        and criticality.
    b. Macie assigns labels to files and objects, making it easier to monitor 
        and control access by scanning targeted labels to optimise cost 
        efficiency.

III. S3 Integration
    a. Amazon Macie works primarily with Amazon S3 buckets and objects.
    b. Macie helps to secure data stored in S3, which is a common storage 
        solution in AWS.

IV. Securite and Compliance
    a. Amazon Macie aids in achieving securite and compliance objectives 
        by identifying:
            - Data Vulnerabilities
            - Access Patterns
            - Potential Risks

V. Machine Learning
    a. Amazon Macie's machine learning capabilities are designed to 
        continuously learn from data patterns and user interactions over time. 
    b. As Amazon Macie encounters more data and gets feedback form users,
        Macie refines its algorithms and improves its accuracy in data
        discovery and classification.

VI. Custom Data Identifiers
    a. Macie allows you to define custom data identifiers to target specific 
        specific types of sensitive data unique to an organisation.
    b. By default, Amazon Macie assigns the Medium severity to all findings
        that a custom data identifier produces. 
    c. By defining custom severity settings, you may specify which severity
        to assign based on the number of occurrences of text which match the
        criteria.

** Resource for more information on Building custom data identifiers in Amazon Macie.


VII. Data Access Monitoring
    a. Amazon Macie continuously monitors data access activities to 
        identify any suspicious or unauthorised access attempts.
    b. Macie analyses logs and records data access patterns to establish base 
        line access patterns: 
        - Which users are access data
        - When they access the data
        - Which IP addresses or geographic locations
    c. Once a baseline pattern has been established, Macie is easily able to 
        detect anomalies or deviations from expected behaviour. 
    d. Detected anomalies or deviations may trigger:
        - Alerts
        - Help administrators/securite teams quickly respond to potential
          securite threats.
    e. Data Access Monitoring is also used to demonstrate compliance with
        data access policies, industry regulations, and data protection 
        standards.

VIII. Alerts and Notifications
    a. Macie may generate alerts and notifications based upon predefined 
        policies to efficiently address potential securite breaches. 
    b. Amazon Macie integrates with AWS CloudWatch and may be used to:
        - Set up alarm actions
        - View metrics
    c. Macie also integrates with Simple Notification Service (SNS) to 
        deliver the alerts generated based upon policies to various endpoints:
        - Email
        - SMS
        - Mobile push notifications
        - HTTP endpoints

IX. Integrations
    a. Amazon Macie is also able to integrate with other AWS services such
        Identity and Access Management (IAM), and AWS Securite Hub to 
        enhance its capabilities and provide a comprehensive securite 
        overview.
    b. Amazon Macie integrates with IAM to grant or restrict permissions
        for specific users or roles which interact with Macie's data discovery
        and classification features.
    c. Amazon S3 Lifecycle Policies and Integration
        - You may use Macie's classification labels to create Amazon S3 
           Lifecycle policies.
        - You are able to automate the movement of data to different storage
           classes or deletion based on its sensitivity and retention 
           requirements.
    d. When used with Amazon Securite Hub, Macie's findings become a 
        part of a centralised dashboard, providing a unified view of securite
        alerts and enabling efficient incident response and management.

X. Cost Optimisation
    a. Amazon Macie follows a pay-as-you-go pricing model.

Example


For more information on Amazon Macie Pricing.

    b. Be conscientious when using custom identifiers, as this may lead to
        increased processing overhead and higher costs.
    c. Carefully review which S3 buckets require Amazon Macie to be 
        monitored  to avoid unnecessary costs. 
    d. Use data exclusions to skip certain S3 buckets or prefixes from being
        processed.
    e. Use AWS Cost Allocation tags to allocate Macie's processing costs
        with specific projects, teams, or departments.


Summary

Amazon Macie is an AWS Securite Service designed to automatically discover, classify, and resolve issues with data stored in Amazon S3 buckets. By leveraging machine learning algorithms and customisable data identifiers, Macie detects personally identifiable information (PII), and other critical data. To achieve ideal cost optimisation levels when using Amazon Macie, it is important to effectively manage data volumes, custom identifiers, and utilise exclusion options. Ultimately, Amazon Macie is like a data securite watchdog for S3 storage buckets and objects, detecting potential risks (deviations from established baseline patterns) and unusual access patterns which trigger real time alerts to administrators and incident response teams. 

















Comments

Post a Comment

Popular posts from this blog

Python script - Office supply program

Image
This script is a very basic script to understand how to work with Python.  The Office Supply program asks for user input and then provides a menu to for the end user to select from.  There is an authentication prompt to verify the user as well as an authorization code required for the end user to enter to verify he/she has permission to purchase the supplies. ===================================================== This was made in Visual Studio Code within a virtual environment. The most important commands in working with your virtual environment are: 1. Create your virtual environment > py -m venv env 2. Activate your virtual environment > env\Scripts\activate 3. Go to View > select Command Palette > Select Python Interpreter > (env:venv)     3. Run your application > py main.py ===================================================== Screenshot I         Screenshot II     Screenshot III   Screenshot IV     Screenshot V    ________________________________________________
Read more

2023: Bash script for system administration

Image
  Note: I would appreciate your support of this blog by going to the link below to "Buy me a pizza" so that I may continue to provide educational scripts, resources and general tech stuff. 🍕 Thank you. https://www.buymeacoffee.com/infosec_coder -------------------------------------------------------------------------------------- Script (DESKTOP users only) To view script > left click > right click - open image in new tab > the cursor turns into a plus sign > left click > will offer zoomed in mode. -------------------------------------------------------------------------------------- OUTPUT --------------------------------------------------------------------------------------- main.sh
Read more