Once again, security was front and center at re:Invent this year, as AWS made some major updates to their services. Most of these updates seemed to revolve around three major areas: expansion of their security tools (Inspector, Detective, and Guard Duty), implementation of Digital Sovereignty Tools, and expansion of IAM tools. We can expect all of these updates to cause big shifts in how organizations approach cloud security in 2024. Let’s dive in.
Amazon Inspector Updates
Amazon Inspector’s evolution with new capabilities, open-source plugins, and continuous monitoring for EC2 instances marks a significant leap in vulnerability scanning on AWS. The addition of AI-powered code remediation for AWS Lambda functions enhances the ability to proactively address security issues in diverse workloads – expanding the vulnerability scanning capabilities for workloads. This is the long awaited addition of cloud native EDR for EC2.
EDR is paired with a new capability in Amazon GuardDuty that helps detect potential runtime security issues in Amazon ECS clusters, running on both AWS Fargate and Amazon EC2 (more below). This feature is essential for identifying and addressing security threats in containerized environments.
Amazon Detective Enhancements
Amazon Detective’s new capabilities streamline cloud security investigations, saving valuable time and bolstering security measures. This tool is integral for security operations, helping to save time and strengthen security measures – and as security operations become increasingly critical, these enhancements are poised to play a pivotal role in fortifying cloud security.
Amazon GuardDuty for Amazon ECS and AWS Fargate
The addition of runtime security detection for Amazon ECS clusters on AWS Fargate and EC2 demonstrates AWS’s dedication to addressing security threats in containerized environments. This capability ensures that potential security issues are identified and mitigated in real-time.
Amazon One for Enterprise
Amazon One Enterprise’s integration of palm-based identity authentication services into the enterprise realm is a groundbreaking move. This innovation not only simplifies user experience but also eliminates the need for physical access devices, enhancing overall security.
AWS Control Tower
With 65 new controls tailored for digital sovereignty requirements, AWS Control Tower empowers organizations to navigate complex sovereignty rules. This update is particularly useful for organizations needing to comply with specific data residency and sovereignty laws.
IAM Access Analyzer Updates
IAM Access Analyzer’s continuous monitoring of roles and users for unused permissions, coupled with a policy checker for newly authored policies, reinforces a zero-trust security model. New capabilities were added to secure human identities as well. These updates contribute to a more secure and compliant cloud environment.
Amazon IAM Enhancements
The introduction of new capabilities for secure machine identities, including mutual authentication for Application Load Balancer and EKS Pod Identity, simplifies application authentication and authorization while applying zero trust principles.
IAM Access Analyzer for Human Identities
Enhancements to IAM Access Analyzer for Human Identities, including an unused access analyzer and custom policy checks, underscore AWS’s commitment to granular control over human identities. These additions contribute to a more secure and finely-tuned access management system.
AWS Partner Updates
Wiz unveils its new extension: cloud security delivered to your AWS console
Wiz extension promises to be an innovative browser extension that provides a cloud security overlay in your cloud console. The extension is designed to make monitoring cloud security using Wiz easy, streamlined, and more democratic while reducing the need to jump between tabs and consoles. Find out more on the Wiz blog.
Check Point enhances their cloud-native security suite
Check Point announces Quantum SASE, emphasizing ease-of-use and streamlined management, and incorporating full mesh Zero Trust Access. They highlight their Harmony Email & Collaboration service, which protects sensitive business data (DLP) and tackles fishing threats.
Orca Security achieves AWS Built-In Competency
Orca Security announces AWS Built-In Competency, with their automated deployment package validated by AWS experts. Read more in their press release.
Sysdig releases their Cloud Detection and Response Benchmark
Sysdig publishes their complete Cloud Detection and Response Benchmark. To meet this 5/5/5 Benchmark, which specifies 5 seconds to detect, 5 minutes to triage, and 5 minutes to respond to threats, organizations must detect and respond to cloud attacks faster than the attackers can complete them.
Lacework debuts their AI Assist Using Generative AI Technology
In a stride towards simplifying cloud security, Lacework introduces Lacework AI Assist. Their model aims to explain why an alert matters, provide a list of the risks the alert poses, suggest investigative steps to take to reduce this risk, and show you how to remediate the alert via CLI. As security services – such as Tamnoon – chart a path forward using the power of AI, it’s exciting to see other solution providers take advantage of cloud service providers’ large language models (LLMs) in their own cloud infrastructure.
Heading into 2024
Partner updates coming out of re:Invent this year, much like the updates from AWS itself, centered around streamlining cloud security monitoring. Sysdig’s benchmark represents a new model of qualifying security posture, while tech developments like Lacework’s AI Assist foretell the possibilities of leveraging LLMs in security.
On the services front, enhancements to Inspector, Detective, and Guard Duty focus on streamlining cloud security investigations, addressing security threats in containerized environments, and proactively addressing issues in diverse workloads. A digital sovereignty update to AWS Control Tower helps organizations comply with specific data residency and sovereignty laws. And major updates to IAM make for a more secure and compliant cloud environment. As devs and analysts eagerly begin to make use of the new features rolled out to AWS services, and continue to scale with partners, we’re looking forward to seeing the resulting impact throughout 2024.
Tom Ricardo is a seasoned Cloud Evangelist with a focus on networking, security, and organizational transformation around Cloud in large enterprise environments. Tom is currently the Practice Director for Cloud and Cybersecurity at Oxford Global Resources and is an AWS Ambassador. Over the last nine years, Tom’s experience has included working with different regulated businesses across different verticals (Government, Healthcare, Finance, Media/Broadcast, and Manufacturing) in North America, LATAM, APAC, and EMEA to architect and design global customer solutions working with leading security and networking vendors in AWS, Azure, and GCP.
