Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

AWS Announces Enhancements to Cloud Security, Privacy, Compliance

Amazon Web Services (AWS) is hosting its re:Inforce 2022 conference these days and the cloud giant has taken the opportunity to unveil several enhancements to its security offerings.

Security, privacy, compliance and identity

Amazon Web Services (AWS) is hosting its re:Inforce 2022 conference these days and the cloud giant has taken the opportunity to unveil several enhancements to its security offerings.

Security, privacy, compliance and identity

AWS has announced a new Customer Incident Response Team (CIRT), whose goal is to provide assistance to customers during active security events that impact systems and data for which the customer is responsible. The AWS CIRT can be contacted by opening a support case.

The company has also announced that its Amazon GuardDuty threat detection service for AWS accounts and workloads will now have the ability to detect malware. If the Malware Protection feature is enabled, a malware scan is launched whenever suspicious activity is detected in EC2 instances or container workloads.AWS security announcements

Findings from the Malware Protection system are also sent to the AWS Security Hub in an effort to make it easier for organizations to investigate incidents and take action. Results are also integrated with Amazon EventBridge and Amazon Detective.

Amazon Detective, a managed service for analyzing security issues, now supports Kubernetes workloads running on Amazon EKS. When the feature is enabled, EKS audit logs are automatically sent to Detective for security investigations.

In addition, Amazon Macie, a fully managed data security and privacy service, now has a capability that allows users to easily retrieve up to 10 examples of sensitive data found in Amazon S3 objects. The captured data is encrypted and only available temporarily.

Also at re:Inforce, the company launched the preview of AWS Wickr, an enterprise-grade secure collaboration product that provides end-to-end encrypted messaging, file transfer, screen sharding, and voice and video conferencing capabilities. AWS Wickr, available at no cost during the preview period, provides functionality such as content expiration, perfect forward secrecy, message recall and delete, and administrative controls to support information governance and compliance. AWS acquired Wickr last year.

Also for compliance purposes, AWS announced that Config conformance packs now provide scores to help organizations track resource compliance.

AWS also announced that its Single Sign-On (SSO) service is now called AWS IAM Identity Center. The service’s name has been changed, but its technical capabilities remain the same.

AWS partners

The cloud computing giant has made several announcements related to partners. This includes the preview version of AWS Marketplace Vendor Insights, whose goal is to streamline third-party risk assessments by allowing sellers to make security and compliance information available on the AWS Marketplace.

AWS has also introduced new categories for Security Competency partners. Eight new categories have been added, including identity and access management (IAM), threat detection and response, infrastructure protection, data protection, compliance and privacy, application security, perimeter protection, and core security. More than 40 security partners have offerings in these categories.

In addition, the company has announced specialization categories for AWS Level 1 MSSP Competency, whose goal is to provide a baseline standard for organizations looking for a managed security service provider (MSSP). The new specialization categories should make it even easier for customers to find the right solution provider.

There are over a dozen competency specialization partners across modern compute, identity behavior monitoring, managed application security testing, data privacy event management, digital forensics incident response, and business continuity and ransomware readiness categories.

Related: Details Published on AWS Flaws Leading to Data Leaks

Related: Serious Vulnerabilities Found in AWS’s Log4Shell Hot Patches

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...