We’re actually excited about this new feature. IAM Access Analyzer gives granular control and visibility of policies to admins and security teams, i.e., you can now control who has access to specific resources and see how those users are able to use them across your entire AWS environment.
One of the immediate benefits of IAM Access Analyzer is that it continuously monitors for new or updated policies, and analyzes permissions granted using policies for your IAM roles, S3 buckets, Lambda functions, KMS keys, and SQS queues. You’ll get detailed findings through S3, IAM, and Security Hub and its APIs to prove who has public and cross-account access to your AWS resources from outside your account. And as if you needed a cherry on top of this security sundae, the findings can be exported as a report for any and all of your audits.
This isn’t exactly a new feature per se, but Security Hub now integrates with IAM Access Analyzer to give you a single-source view of your compliance status and security alerts, and empower you to take actions via CloudWatch Event rules to send the findings to your SIEM or other incident management tools.
On the subject of alerts, Security Hub not only aggregates and prioritizes them for you, but it also continuously monitors your AWS environment via automated compliance checks (note these are based on AWS’ standards and best practices, e.g., CIS AWS Foundations Benchmark).
Amazon Detective appears to be a continuation of AWS’ efforts to make further inroads into the crowded SIEM and log management space. Detective claims to, like almost every log management and SIEM vendor in the market, “[make] it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.”And if the buzzword-filled description of Detective held water (“uses machine learning, statistical analysis, and graph theory to build a linked set of data”), then we’re looking at what could very well be a serious SIEM tool that will get a lot of usage among AWS’ many, many customers.