AWS Expands Cloud Security Services Portfolio – Source: securityboulevard.com

Amazon Web Services (AWS) this week added a bevy of offerings and capabilities to its cloud security portfolio as part of an ongoing effort to automate the management of cloud security.

Announced at the AWS re:Inforce conference, these extensions to the AWS cloud security portfolio include an AWS Security Lake that is now generally available and a findings summary capability that has been added to the Amazon GuardDuty threat detection service. Via the console, a summary page presents trends over time, a breakdown of vulnerabilities by severity and type and how frequently vulnerabilities are found in specific AWS resources.

AWS has also expanded its Inspector vulnerability management service to scan Lambda code in addition to being able to export a software bill of materials (SBOM) with a single click.

In addition, AWS is previewing CodeGuru Security, a static application testing tool that leverages machine learning to identify cybersecurity issues.

AWS is also making generally available Amazon Verified Permissions, a permissions management and authorization service based on the Cedar policy-as-code tool that AWS makes available as open source software.

In addition, AWS Security Hub has been enhanced with a set of turnkey automations for routine tasks. AWS Control Tower, a cloud governance tool, has added 10 additional AWS Security Hub detective controls for AWS services. There are now more than 170 detective controls.

AWS also added EC2 Instance Connect Endpoint (EIC Endpoint), which enables organizations to use SSH and RDP to connect to EC2 instances without using public IP addresses and a tool that makes it possible to export a document that verifies the cloud controls an organization has in place to qualify for cyberinsurance.

Finally, AWS also unfurled an AWS Payment Cryptography service to replace the need for hardware security modules to process payments and an Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS) capability, a new encryption option that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket.

Rod Wallace, general manager for AWS Security, said it’s become apparent that cybersecurity has become a big data problem, so the need for a data lake designed specifically for cybersecurity data is crucial. The AWS Security Lake is designed to separate cybersecurity data from analytics applications in a way that enables cybersecurity teams to use their tools of choice to identify threats, he noted.

AWS is able to achieve that goal via an Open Cybersecurity Schema Framework (OCSF) that creates a standard mechanism for collecting and normalizing log data, added Wallace. Along with the data that AWS collects, there are also more than 80 integrations with third-party sources for collecting additional data that AWS automatically normalizes using OCSF.

In addition, AWS will also provide the foundation upon which machine learning algorithms and large language models (LLMS) that drive generative artificial intelligence (AI) capabilities for cybersecurity use cases can be more effectively built, said Wallace.

As a result, cybersecurity teams will be able to benefit from the pace of innovation occurring in the cybersecurity sector because they will be able to employ various classes of tools against data that they control via AWS Security Lake, he noted. That approach also provides the added benefit of having to incur the cost of manually moving data into a third-party platform because each instance of AWS Security Lake is integrated into each organization’s existing AWS account, added Wallace.

It’s not clear how many organizations are standardizing on AWS cybersecurity tools and platforms versus cybersecurity vendors that provide similar capabilities spanning multiple clouds and on-premises IT environments. However, as the volume of data stored on the AWS cloud exponentially increases, AWS is betting the economics of its cybersecurity portfolio—within the context of a larger enterprise licensing agreement—will prove too compelling to ignore.