A regional healthcare analytics firm, Orion BioAnalytics, needs to observe API activity across multiple AWS accounts to detect suspicious access attempts. They must also preserve an auditable history of how AWS resource configurations change over time to meet regulatory requirements. The team has already enabled an organization trail in AWS CloudTrail and is using the 90-day event history. Which additional AWS service should they deploy to continuously record and evaluate configuration changes to their resources?