AWS Macie: Discover, Monitor, and Protect Sensitive Data in S3

Amazon Macie(ma‧cie) is a fully managed data security and data privacy service designed to detect sensitive data stored in AWS(e.g S3) using machine learning and pattern matching to discover and protect sensitive data in AWS. AWS Macie helps organizations to -

  1. Identify sensitive data stored in S3 buckets, including Personally Identifiable Information (PII), Personal Health Information (PHI), financial data, and credentials.
  2. Continuously track security policies to ensure proper configurations.
  3. Automatically classify data and integrate findings with other AWS services for quick remediation.

alt text

GuardDuty vs Macie

GuardDuty is best for real-time threat detection across AWS services, focusing on overall AWS environment security.

Macie is best for data classification and protection, focusing on sensitive data stored in AWS.

Question

A company stores data in Amazon S3. According to regulations, the data must not contain personally identifiable information (PIl). The company recently discovered that S3 buckets have some objects that contain PIl. The company needs to automatically detect Pll in S3 buckets and to notify the company's security team. Which solution will meet these requirements?

  1. Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S30bject/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
  2. Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
  3. Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.(Correct)
  4. Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.

Correct solution: 3

  1. Amazon Macie is specifically designed to detect and classify sensitive data (including PII) stored in S3 buckets.
  2. EventBridge allows you to create rules to trigger actions based on specific events, like when Macie detects sensitive data.
  3. SNS is perfect for real-time notifications, as it can immediately send messages to subscribed security team members when PII is detected.