Friday, December 29, 2023

AWSCertCP: AWS Macie

What is Amazon Macie?

A: Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.

All security things found is sent communicated via EventBridge and then listed in the Security Hub 

What are the key benefits of Macie?

A: Macie uses machine learning and pattern matching to discover sensitive data at scale in a cost-efficient way. Macie automatically detects a large and growing list of sensitive data types, including personally identifiable information (PII) such as names, addresses, and credit card numbers. It also gives you constant visibility of your data stored in Amazon Simple Storage Service (Amazon S3). Macie’s setup is simplified with one selection in the AWS Management Console or a single API call. Macie provides multi-account support using AWS Organizations, so you can enable Macie across all of your accounts with a few selections.

How much does Macie cost?

 With Macie, you are charged based on three dimensions: the number of S3 buckets evaluated for bucket inventory and monitoring, the number of S3 objects monitored for automated data discovery, and the quantity of data inspected for automated and targeted sensitive data discovery. 

Is Macie a regional or global service?

Macie is a regional service. Macie must be enabled on a region-by-region basis and helps you view findings across all your accounts within each Region. This verifies that all data analyzed is regionally based and doesn’t cross AWS regional boundaries.

What Regions does Macie support?

The latest on regional availability can be found at the AWS Region Table.

How does Macie support custom data types?

With Macie, you can add custom-defined data types using regular expressions to help Macie discover proprietary or unique sensitive data for your business. For example, you might have a specific format for your employee IDs; a possible format is to have a capital letter, which defines if someone is a full-time or part-time employee, followed by a dash, and then eight numbers (such as F-12345678 for a full-time employee). These custom sensitive data types defined are unique to each customer and are not shared with other customers.




References:

https://aws.amazon.com/macie/faq/#:~:text=A%3A%20Amazon%20Macie%20is%20a,automated%20protection%20against%20those%20risks.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)