Top 5 Security Updates from AWS re:Invent 2022

Overview

During AWS re:Invent Amazon Web Services CISO CJ Moses stated that while cloud threats will continue to multiply and grow in 2023, organizations can meet the challenges head-on with the right security fundamentals in place.

Malignant action is on the ascent: Between January and September of this year, the volume of DDoS events in AWS increased by 35% compared to the same period in 2021. When compared to the fourth quarter of 2021, the number of compromised instances on AWS increased by 256%.

Now, let’s see the security updates

Amazon Security Lake – A Purpose-Built Customer-Owned Data Lake Service

The purpose-built service Amazon Security Lake automatically consolidates an organization’s security data from the cloud and on-premises sources into a dedicated data lake stored in our account. The lifecycle of security data is managed centrally by Amazon Security Lake, which also automates storage tiering and normalizes data from integrated AWS services as well as third-party services.

With Amazon Security Lake, businesses would be able to clean and analyze security telemetry and data from a variety of sources.

Source: AWS

Amazon Inspector Supports AWS Lambda

As of right now, AWS Lambda functions and Lambda layers, as well as workloads in Amazon Elastic Compute Cloud (Amazon EC2) instances and container images stored in Amazon Elastic Container Registry (Amazon ECR), are all targets of the vulnerability management service known as Amazon Inspector.

Now upon deployment of this feature, it automatically discovers Lambda functions and identifies software vulnerabilities in application package dependencies in the Lambda function and Lambda layer. Then, continuously monitor and re-evaluate in light of function updates and newly published vulnerabilities.

Amazon GuardDuty RDS protection

Threat detection for Amazon Aurora is now available in Amazon GuardDuty to identify potential threats to Aurora databases’ data. Amazon GuardDuty RDS Protection accurately detects suspicious logins to Aurora databases by employing specialized machine learning models and profiling and monitoring access activity to your account’s existing and new databases.

GuardDuty generates a security finding after a potential threat is identified. This finding includes information about the database and rich contextual information about the suspicious activity. It is integrated with Aurora for direct access to database events without modifying our databases, and it is designed to not impact database performance.

Amazon Macie Automated Data Discovery

Amazon Macie is a data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data.

With this new feature, we can see where sensitive data is stored on Amazon Simple Storage Service (Amazon S3) for a fraction of the cost of performing a comprehensive data inspection on all the S3 buckets.

Amazon Macie is a data security service that enables visibility and automated protection against data security risks by discovering sensitive data through machine learning and pattern matching. Amazon Macie is used to safeguard S3 data by continuously monitoring for properly configured preventative controls like encryption and access policies and scanning the presence of any sensitive data like names, addresses, and credit card numbers.

When Amazon Macie detects buckets that are shared with an AWS account outside of your organization, buckets that are not encrypted, or buckets that can be accessed by the public.   We can also set up Amazon Macie to scan our S3 and perform comprehensive sensitive data discovery scans on our S3 buckets to see where sensitive data is stored.

AWS Config Rules Proactive Compliance

We can use the rules provided by AWS Config in detective mode to verify if the configuration settings of AWS resources match the settings that were needed.

The proactive mode of AWS Config rules has been extended, allowing it to be run before provisioning at any time and saving time on custom pre-deployment validations.

Platform teams can run AWS Config rules in proactive mode when creating standard resource templates so that they can be checked for compliance before being distributed throughout your organization. As part of their continuous integration and continuous delivery (CI/CD) pipeline, development teams can run proactive rules to identify resources that are not compliant when putting in place a new service or functionality.

Conclusion

So, at this conference, new security tools for analyzing security telemetry, managing permissions, and managing keys were unveiled by AWS for enterprise security teams.

About CloudThat

CloudThat is also the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Drop a query if you have any questions regarding AWS re:Invent 2022 updates and I will get back to you quickly.

To get started, go through our Consultancy page and Managed Services Package that is CloudThat’s offerings.