Amazon Internet Companies has been unveiling a gradual stream of bulletins throughout its AWS re:Invent 2023 occasion in Las Vegas this week. The main focus over the 4 days, as anticipated, is on AI as AWS strives to indicate that its choices can match – or surpass – these out there from Google Cloud and Microsoft Azure. However even past generative AI, AWS is highlighting enhancements to its menace detection, vulnerability evaluation, and safety coverage instruments.
First up: AWS has expanded Amazon GuardDuty with Amazon GuardDuty EC2 Runtime Monitoring and Amazon GuardDuty ECS Runtime Monitoring. GuardDuty EC2 Runtime Monitoring, in preview, introduces runtime menace detection for Amazon Elastic Compute Cloud workloads to provide safety groups visibility into on-host, working system-level actions. It additionally gives container-level context into threats. Amazon GuardDuty ECS Runtime Monitoring makes use of a light-weight safety agent to increase menace detection for workloads operating on EC2 and AWS Fargate.
AWS Secrets and techniques Supervisor now helps a single API name to determine and retrieve a gaggle of secrets and techniques related to the appliance. The BatchGetSecretValue API simplifies developer workflows. And directors can now enter their very own customer-specific safety controls in AWS Safety Hub to customise safety posture monitoring.
Generative AI to Safety
AWS is including generative AI to its safety instruments Amazon Inspector and Amazon Detective. Amazon Inspector, a code scanning instrument for AWS Lambda capabilities, affords assisted code remediation utilizing generative AI and automatic reasoning and might present in-context code patches for a number of vulnerability lessons. Amazon Detective helps safety investigations by utilizing generative AI to research a number of actions associated to potential safety occasions and discover group summaries.
Moreover, Amazon Inspector has agentless vulnerability scanning  for Amazon Elastic Cloud Compute situations in preview. Amazon Detective now helps log retrieval from Amazon Safety Lake and investigating AWS identification and entry administration entities for indicators of compromise.
Identification and Entry Bulletins
The AWS Identification and Entry Supervisor (IAM) Entry Analyzer constantly analyzes person accounts to determine unused entry privileges and permissions to assist directors implement the precept of least privilege. Safety groups can evaluation the findings to prioritize which accounts want motion. The instrument additionally gives customized coverage checks to validate that IAM insurance policies adhere to the group’s safety requirements earlier than programs are deployed.
Amazon EKS Pod Identification permits directors to outline required IAM permissions for purposes in Amazon Elastic Kubernetes Service clusters. This permits the purposes to attach with AWS providers outdoors of the cluster.
And at last, AWS introduced assist for mutually authenticating shoppers presenting X509 certificates to Utility Load Balancer. This helps directors offload shopper authentication to the load balancer to make sure solely belief shoppers are capable of entry the group’s cloud purposes.