Product

Introducing bucket intelligence: identity-driven security for AWS S3

John Laliberte, Christine Lam, Ryan Fisher

2 min read
Introducing bucket intelligence: identity-driven security for AWS S3

In today's cloud-first world, protecting data assets while maintaining operational visibility has never been more crucial. We're thrilled to announce our latest innovation: bucket intelligence for AWS S3, expanding ClearVector's identity-driven security approach into the data plane.

Addressing modern cloud security challenges

As organizations continue to scale their cloud infrastructure, traditional security approaches fall short of providing comprehensive protection for critical data stores. Cloud-native ransomware attacks targeting S3 buckets have emerged as a significant threat, while teams struggle to maintain visibility into how their data is accessed and utilized across the organization.

Introducing bucket intelligence

Our new bucket intelligence capability extends ClearVector's proven identity-driven security framework directly into AWS S3 buckets, offering unprecedented visibility and protection. This extends our coverage from the cloud control plane, inside of workloads, across SaaS applications, and now, into the data plane itself.

Key features and benefits of bucket intelligence

Unified identity intelligence

  • Seamless integration with existing ClearVector identity tracing
  • Cost-effective monitoring of bucket access patterns
  • Real-time identity attribution for all bucket operations

Comprehensive analytics

  • Detailed metrics tracked by identity, API calls, and data transfer volumes
  • Path-level visibility into access patterns
  • Historical trending and usage analysis

Enhanced security operations

  • Rapid detection of suspicious activities
  • Identity-based isolation of potential threats
  • Immediate response capabilities for security teams

Bucket intelligence in action

Figure 1 - ClearVector view of an AWS S3 bucket with bucket intelligence enabled

As shown in Figure 1, ClearVector provides an intuitive interface for monitoring and analyzing S3 bucket activity whether at the control plane or in the data plane (activity inside of the bucket). Figure 1 details:

  1. Identity activity timeline: The top panel shows a chronological view of access patterns inside the monitored bucket, with each identity represented by a unique color for easy tracking.
  2. Access metrics: The panel displays key metrics including:
    • Total data transferred (upload/download)
    • Number of API calls by type
    • Most accessed paths and objects
    • Additional metrics are available by clicking the “download metrics” button in the upper right.
  3. Notification panel: The right sidebar shows real-time notification for suspicious activities, with context-rich information about the involved identities and actions.

This unified view enables security teams to quickly identify unusual patterns and investigate potential threats, while providing valuable insights for operations and development teams.

Beyond security: driving business value

While security remains paramount, bucket intelligence delivers additional business benefits:

  • Engineering, finance and ops teams can optimize performance, cost, and capacity planning by reviewing detailed usage patterns.
  • Product teams have new insights based on data access trends.
  • Customer success teams have detailed usage data to indicate customer health or happiness.

Getting started

Existing ClearVector customers can enable bucket intelligence in their workspace - the feature will be rolling out to all workspaces over the next week. Contact us to learn more!