AWS unveils cloud security IR service for a mere $7K a month

Re:Invent Amazon Web Services has a new incident response service that combines automation and people to protect customers' AWS accounts - at a hefty price.

The minimum monthly cost starts at $7,000 and the pricing tiers increase from there, based on customers' AWS spending across all enrolled accounts. 

Here's the pricing overview per the cloud giant: 

• Tier 1: $7,000 per month for the first $0 to $125,000 monthly AWS spend
• Tier 2: The sum of the previous tier plus 5 percent of the spend from the next $125,000 to $250,000
• Tier 3: The sum of the previous tier plus 3.5 percent of the spend from the next $250,000 to $500,000
• Tier 4: The sum of the previous tier plus 1.5 percent of the spend from the next $500,000 to $1 million
• Tier 5: The sum of the previous tier plus 0.5 percent of the spend above $1 million

The price for the new security service drew some scrutiny on social media, as Eric Hammond, a self-described AWS enthusiast, noted: "I started to look into the features … then I noticed the pricing. On to the next announcement."

The new security service was announced at AWS's annual re:Invent conference and it continues Amazon's ongoing push into cloud security, which is necessary to keep up with its fellow cloud giants. Google, of course, famously bought Mandiant, the preeminent threat-intel and incident response company, for $5.4 billion in 2022. And Microsoft, despite its repeated security failings, remains one of if not the largest security vendors in the world. 

We should note, however, that Redmond has come under fire for charging extra for its security add-ons.

The fresh-baked AWS Security Incident Response consists of three main parts.

First, it reads findings from Amazon GuardDuty, which is AWS' monitoring and threat detection tool, plus third-party threat intel products via AWS Security Hub, a centralized threat dashboard. 

It uses AI and ML to analyze these data points, we're told, and then identifies "high-priority incidents requiring immediate attention," according to Betty Zheng, a senior developer advocate at AWS who detailed the new service in a blog yesterday.

Security Incident Response also provides a centralized console from which customers can set security notification rules and permissions across AWS and third-party security products. 

This also centralizes communication, data transfer, video conference scheduling, and other remediation efforts between the various parties responding to the security incident. Plus, it can automate case history tracking and reporting. 

• Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
• AWS is pushing ahead with MFA for privileged accounts. What that means for you ...
• AWS 'Bucket Monopoly' attacks could allow complete account takeover
• AWS CISO tells The Reg: In the AI gold rush, folks are forgetting application security

Finally, the third piece of the new service includes 24/7 access to the AWS Customer Incident Response Team (CIRT), which helps customers respond to and recover from digital intrusions.

AWS Security Incident Response also provides access to self-service investigation tools, should customers want to conduct IR operations on their own, or they can work with third-party security vendors on this piece as well, with the service also providing coordinated communications between teams.

The new service is now available in 12 AWS Regions globally: US East (Northern Virginia, Ohio), US West (Oregon), Asia Pacific (Seoul, Singapore, Sydney, Tokyo), Canada (Central), and Europe (Frankfurt, Ireland, London, Stockholm).

Will this be a case of: if AWS builds it, customers will pay? We will be keeping an eye on this new IR service to see. ®