back to article If there's a hole in your S3 bucket, data thieves will be sprayed by Macie

Data loss prevention is about to get a whole lot smarter. Macie is an Amazon Web Services bot that safeguards the sensitive contents of S3 buckets. Amazon bought the company behind it, Harvest.ai, surreptitiously in January this year, paying a rumoured $19m. Neither Amazon nor Harvest.ai confirmed that anyone bought anything …

  1. Cronus

    Mixed opinion

    Sounds interesting, I can definitely see a use for this to track rogue employees and the like. Though on the downside, I suppose, it could make life difficult for whistle blowers too.

    In terms of unsecured S3 buckets being breached though, I'm not so sure. Putting aside the fact that companies that tend to have S3 leaks aren't the kind of companies that would make use of this, it does kinda feel like an automated tool for closing the stable door after the horse has bolted.

  2. samzeman

    Crazy. Hacking gets more and more like actual real life infiltration every day; now you have to act natural and blend in to avoid detection. It's not enough to just get into the system anymore.

  3. c1ue

    Behavioral modeling sounds nice in theory.

    The problem in reality so far is the huge volume of false alerts.

    Conversely, cutting down the volume of false alerts increases the likelihood of actual bad behavior occurring.

    Then there's the rampup problem: behavioral models require a set of existing data to build upon. The longer/greater this data set, the more "effective" the detection of real problems (and minimizing false alerts). However, the entire point of the cloud is rapid rampup and down.

    If the customer is a SNAP, the behaviors of SNAP's flagship product spread across thousands of instances is fairly uniform.

    If the customer is a small company, however, it isn't going to be. And staffing changes won't help either. And then there's the dreaded SuperUser: multiple staff using a single superuser or other account to perform their collective work.

    Who actually gets alerts from Macie? How well does the product work?

    Time will tell.

  4. Ken Moorhouse Silver badge

    Trusteer Rapport

    Once upon a time I logged onto a customer's router only to be confronted with an alert from Rapport informing me that I had entered a sensitive keyword. I quizzed the customer about this and he told me that he used the same password for on-line banking. Glossing over the prudence of sharing passwords for the purposes of this comment, knowing this idiosyncracy meant that a hacker would know that the Rapport icon in any browser is a great invitation to run a dictionary attack. I would hope that that vulnerability has now been fixed.

  5. macjules Silver badge

    Err .. but

    Don't you have to enable CloudTrail first and a whole raft of other stuff to get Macie to work? Might be a lot quicker to follow the very simple to use guide to creating proper permissions and bucket policies instead.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019