Every read, by every identity, on every object is already recorded in your S3 access logs. reCost turns that record into security signal: exposed data, stale credentials in use, vulnerable SDKs, and anomalous access - without SIEM ingestion costs.
Book a DemoSee which objects are being read by unfamiliar identities, from unfamiliar networks, at unfamiliar hours. Exposure shows up in access behavior long before it shows up in an audit.
Credentials that were supposed to be retired but are still touching data are one of the most common findings in access logs. reCost surfaces every identity that reads data - including the ones IAM reviews miss.
End-of-life SDKs with published CVEs are still making requests to production buckets. reCost maps SDK versions in your logs to known CVEs and shows which buckets they touch.
Bulk reads, 403 storms, first-time access to sensitive prefixes, cross-account probing - request-level patterns that policy scanners were never designed to catch.
S3 access logs are enormous. reCost analyzes them without routing them through your SIEM, so you get storage-layer detection without storage-layer ingestion bills.
reCost never reads your object contents. All signals are derived from S3 access log metadata: who, when, what operation, what response code, and how much. Your data stays in your account. We analyze the behavior, not the bytes.
reCost analyzes S3 server access logs - the request-level record AWS already writes for your buckets. Exposed data access, credential probing, vulnerable SDK usage, and anomalous read patterns are all visible in that metadata. Nothing is installed and object contents are never read.
S3 access logs at scale are expensive to ingest and noisy to query in a SIEM. reCost processes them outside your SIEM pipeline, applies storage-specific detection logic, and surfaces only the signals worth acting on - without per-GB ingestion costs.
Yes. Access logs show every credential that touches data. reCost highlights long-unused or supposedly-retired identities that are still actively reading objects - a common blind spot for IAM reviews that only look at policy configuration.
A read-only IAM role with access to your S3 access logs and inventory. Setup takes about 5 minutes. reCost never reads object contents - metadata only.
Works with your existing AWS setup. Read-only access. No agents. No data exposure.
Book a Demo