Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

AWS Announces Enhancements to Cloud Security, Privacy, Compliance

Amazon Web Services (AWS) is hosting its re:Inforce 2022 conference these days and the cloud giant has taken the opportunity to unveil several enhancements to its security offerings.

Security, privacy, compliance and identity

Amazon Web Services (AWS) is hosting its re:Inforce 2022 conference these days and the cloud giant has taken the opportunity to unveil several enhancements to its security offerings.

Security, privacy, compliance and identity

AWS has announced a new Customer Incident Response Team (CIRT), whose goal is to provide assistance to customers during active security events that impact systems and data for which the customer is responsible. The AWS CIRT can be contacted by opening a support case.

The company has also announced that its Amazon GuardDuty threat detection service for AWS accounts and workloads will now have the ability to detect malware. If the Malware Protection feature is enabled, a malware scan is launched whenever suspicious activity is detected in EC2 instances or container workloads.AWS security announcements

Findings from the Malware Protection system are also sent to the AWS Security Hub in an effort to make it easier for organizations to investigate incidents and take action. Results are also integrated with Amazon EventBridge and Amazon Detective.

Amazon Detective, a managed service for analyzing security issues, now supports Kubernetes workloads running on Amazon EKS. When the feature is enabled, EKS audit logs are automatically sent to Detective for security investigations.

In addition, Amazon Macie, a fully managed data security and privacy service, now has a capability that allows users to easily retrieve up to 10 examples of sensitive data found in Amazon S3 objects. The captured data is encrypted and only available temporarily.

Also at re:Inforce, the company launched the preview of AWS Wickr, an enterprise-grade secure collaboration product that provides end-to-end encrypted messaging, file transfer, screen sharding, and voice and video conferencing capabilities. AWS Wickr, available at no cost during the preview period, provides functionality such as content expiration, perfect forward secrecy, message recall and delete, and administrative controls to support information governance and compliance. AWS acquired Wickr last year.

Also for compliance purposes, AWS announced that Config conformance packs now provide scores to help organizations track resource compliance.

AWS also announced that its Single Sign-On (SSO) service is now called AWS IAM Identity Center. The service’s name has been changed, but its technical capabilities remain the same.

AWS partners

The cloud computing giant has made several announcements related to partners. This includes the preview version of AWS Marketplace Vendor Insights, whose goal is to streamline third-party risk assessments by allowing sellers to make security and compliance information available on the AWS Marketplace.

AWS has also introduced new categories for Security Competency partners. Eight new categories have been added, including identity and access management (IAM), threat detection and response, infrastructure protection, data protection, compliance and privacy, application security, perimeter protection, and core security. More than 40 security partners have offerings in these categories.

In addition, the company has announced specialization categories for AWS Level 1 MSSP Competency, whose goal is to provide a baseline standard for organizations looking for a managed security service provider (MSSP). The new specialization categories should make it even easier for customers to find the right solution provider.

There are over a dozen competency specialization partners across modern compute, identity behavior monitoring, managed application security testing, data privacy event management, digital forensics incident response, and business continuity and ransomware readiness categories.

Related: Details Published on AWS Flaws Leading to Data Leaks

Related: Serious Vulnerabilities Found in AWS’s Log4Shell Hot Patches

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.