LAS VEGAS — Amazon Web Services (AWS) rolled out three new security tools at re:Invent this week. Amazon Detective is a new service that the cloud giant says makes it easier for customers to conduct large-scale investigations. AWS IAM Access Analyzer, which is a new AWS identity and access management (IAM) capability that allows security teams and administrators to audit resource policies for unintended access. And finally, AWS Nitro Enclaves is a new Amazon EC2 capability that creates an isolated compute environment within an instance where customers can securely store sensitive data.

AWS customer and partner McAfee also announced new integrations into AWS with its cloud security platform including support for Amazon Detective, which is available in preview.

Amazon Detective automatically collects data from AWS resources and logs, and puts it into a graph model that summarizes resource behaviors and interactions across a customer’s AWS environment. It then uses machine learning (ML), statistical analysis, and graph theory to produces visualizations, which can help customers answer questions like: is this an unusual API call? Or: is this spike in traffic from this instance expected?

The graph model and analytics continually update as new telemetry becomes available from a customer’s AWS resources. And by automating data and log collection and using ML to establish and re-establish baselines of normal behavior as well as queries, security teams have more time to spend on remediation, AWS says.

At a press conference today, McAfee discussed its integration with Amazon Detective and why it’s important for security to shift “far to the left.” The security vendor also teased a soon-to-launch microsegmentation capability.

McAfee announced that McAfee Mvision Cloud for Amazon Web Services now includes support for Amazon Detective. Through the integration customers can detect misconfigurations and other cloud risks using McAfee’s cloud security platform, and then move into the investigation phase with Amazon Detective. McAfee’s platform also provides integrated cloud access security broker (CASB) functionality such as data loss prevention and malware detection as well as user behavior and threat analytics that go beyond detecting basic configuration issues.

“We’ve taken API-based integration into AWS and shifted it left,” said Sekhar Sarukkai, McAfee fellow and co-founder of Skyhigh Networks, a CASB pioneer that McAfee acquired in early 2018.

Sarukkai is talking about automating core security tasks by embedding security controls and processes into the DevOps pipeline, sometimes called DevSecOps. This becomes increasingly important as companies move workloads to the cloud.

“And the challenge in the cloud world is that it’s not just that you’re moving your workloads to AWS, you're also changing how application development teams are building and deploying applications,” Sarukkai said. “Everything needs to be automated, everything needs to be integrated into the CI/CD process in order to remove friction in your activity.” Otherwise the security team becomes the bottleneck as developers want to push new applications and services into production.

McAfee’s platform does this by automatically scanning for things like misconfigurations and code vulnerabilities before it is deployed. It also checks containers for known exploits and can fix those as well, and soon it will be adding microsegmentation technology that McAfee calls “NanoSegmentation” to ensure secure container runtimes.

This capability hasn’t been released, but it “has to do with zero-trust network communications,” said John Dodds, director of product management at McAfee. “I'm not going to talk too much about it, because it’s not released yet. But I just want to make sure that everyone’s aware that we understand that network communication and microservices architecture is a very important layer of security in the containerized application space as well.”