At AWS re:Inforce in Boston today, the company announced that Amazon Detective now helps security teams track security events in Amazon EKS.
Kurt Kufeld, VP of platform at AWS introduced Amazon Detective for Elastic Kubernetes Services (EKS) on stage at the event keynote today. Amazon EKS is Amazon’s way of managing Kubernetes workloads in AWS. Amazon Detective looks at things like login attempts, API calls and network traffic coming from Amazon GuardDuty, AWS CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) Flow Logs.
Kufeld says that it takes this information and puts it in a graph and helps security makes connections between certain events captured from these various data sources and a security event related to Kubernetes.
As companies rely increasingly on container management programs, it requires a level of automation that takes it out of the hands of humans and makes having a way to understand security events even more difficult and more crucial. This new capability helps security track the data across the system to find root causes.
When you turn on the feature, Amazon Detective begins ingesting EKS data from logs. “When you enable this new feature, Amazon Detective automatically starts ingesting EKS audit logs to capture chronological API activity from users, applications, and the control plane in Amazon EKS for clusters, pods, container images, and Kubernetes subjects (Kubernetes users and service accounts),” the company wrote in a blog post announcing the feature.
Amazon Detective EKS support is available starting today in all regions that support Amazon Detective.