Amazon Web Services (AWS) is hosting its re:Inforce 2022 conference these days and the cloud giant has taken the opportunity to unveil several enhancements to its security offerings.
Security, privacy, compliance and identity
AWS has announced a new Customer Incident Response Team (CIRT), whose goal is to provide assistance to customers during active security events that impact systems and data for which the customer is responsible. The AWS CIRT can be contacted by opening a support case.
The company has also announced that its Amazon GuardDuty threat detection service for AWS accounts and workloads will now have the ability to detect malware. If the Malware Protection feature is enabled, a malware scan is launched whenever suspicious activity is detected in EC2 instances or container workloads.
Findings from the Malware Protection system are also sent to the AWS Security Hub in an effort to make it easier for organizations to investigate incidents and take action. Results are also integrated with Amazon EventBridge and Amazon Detective.
Amazon Detective, a managed service for analyzing security issues, now supports Kubernetes workloads running on Amazon EKS. When the feature is enabled, EKS audit logs are automatically sent to Detective for security investigations.
In addition, Amazon Macie, a fully managed data security and privacy service, now has a capability that allows users to easily retrieve up to 10 examples of sensitive data found in Amazon S3 objects. The captured data is encrypted and only available temporarily.
Also at re:Inforce, the company launched the preview of AWS Wickr, an enterprise-grade secure collaboration product that provides end-to-end encrypted messaging, file transfer, screen sharding, and voice and video conferencing capabilities. AWS Wickr, available at no cost during the preview period, provides functionality such as content expiration, perfect forward secrecy, message recall and delete, and administrative controls to support information governance and compliance. AWS acquired Wickr last year.
Also for compliance purposes, AWS announced that Config conformance packs now provide scores to help organizations track resource compliance.
AWS also announced that its Single Sign-On (SSO) service is now called AWS IAM Identity Center. The service’s name has been changed, but its technical capabilities remain the same.
AWS partners
The cloud computing giant has made several announcements related to partners. This includes the preview version of AWS Marketplace Vendor Insights, whose goal is to streamline third-party risk assessments by allowing sellers to make security and compliance information available on the AWS Marketplace.
AWS has also introduced new categories for Security Competency partners. Eight new categories have been added, including identity and access management (IAM), threat detection and response, infrastructure protection, data protection, compliance and privacy, application security, perimeter protection, and core security. More than 40 security partners have offerings in these categories.
In addition, the company has announced specialization categories for AWS Level 1 MSSP Competency, whose goal is to provide a baseline standard for organizations looking for a managed security service provider (MSSP). The new specialization categories should make it even easier for customers to find the right solution provider.
There are over a dozen competency specialization partners across modern compute, identity behavior monitoring, managed application security testing, data privacy event management, digital forensics incident response, and business continuity and ransomware readiness categories.
Related: Details Published on AWS Flaws Leading to Data Leaks
Related: Serious Vulnerabilities Found in AWS’s Log4Shell Hot Patches

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
