Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

AWS Unveils New Security Services and Capabilities

Amazon Web Services (AWS) has expanded its portfolio with three new services and capabilities meant to help organizations build and operate securely in the cloud.

Amazon Web Services (AWS) has expanded its portfolio with three new services and capabilities meant to help organizations build and operate securely in the cloud.

With the new Amazon Detective, customers can increase efficiency when investigating incidents across workloads. Currently available in preview, the service leverages machine learning, statistical analysis, and graph theory.

Once enabled in the AWS Management Console, Amazon Detective taps into data from AWS CloudTrail and Amazon Virtual Private Cloud (VPC) Flow Logs to summarize resource behaviors and interactions across the customer’s AWS environment.New AWS security services

Via tailored visualizations, Amazon Detective aims to provide the details, context, and guidance needed to determine the nature and extent of issues identified by security services such as Amazon GuardDuty, Inspector, Macie, and AWS Security Hub.

AWS also announced the Identity and Access Management (IAM) Access Analyzer, which is designed to help customers audit and understand the policies that protect their resources, allowing administrators to easily check if their policies provide only the intended access to resources.

The new AWS IAM capability, which is immediately available, analyzes policies associated with Amazon S3 buckets, AWS KMS keys, Amazon SQS queues, IAM roles, and AWS Lambda functions to determine all possible access paths. The findings are listed in the IAM console, enabling customers to take action when needed.

The Access Analyzer also monitors policies for changes, and makes findings accessible through the IAM, Amazon S3, and AWS Security Hub consoles and APIs. Furthermore, the data can be exported as a report for auditing purposes.

Access Analyzer for S3 can help organizations ensure that their S3 buckets are not made public by mistake. Publicly accessible S3 buckets have been the cause of many data security incidents in the past years.

AWS also launched Nitro Enclaves, a new Amazon EC2 capability that aims to make it easier for customers to protect and process highly sensitive data through partitioning compute and memory resources. Nitro Enclaves is set to become available in preview early next year.

Advertisement. Scroll to continue reading.

“Each enclave is an isolated virtual machine with its own kernel, memory, and processor. Customers simply select an instance type and decide how much CPU and memory they want to designate to the enclave. There is no persistent storage, no ability to login to the enclave, and no networking connectivity beyond a secure local channel,” AWS explains.

Customers can also select different combinations of CPU cores and memory when creating an enclave, depending on the size and performance demands of workloads.

Furthermore, the AWS Nitro Enclaves SDK’s set of open-source libraries allow for the building of enclave applications. The SDK integrates with AWS Key Management Service (KMS), so that customers can generate data keys and decrypt them inside the enclave.

Related: AWS Announces General Availability of Security Hub

Related: AWS Launches Mirroring Feature for Inspecting Network Traffic

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.