New services such as Amazon Detective for EKS and AWS GuardDuty for Malware Protection should make the AWS cloud environment much safer.
This week AWS updates the world and us on the developments in the field of cloud security and related topics. It does this at the annual re:Inforce conference. We list the announcements below. Besides cloud security, compliance and the (software) supply chain are important topics.
Cloud security updates
The updates in the field of cloud security get the most attention during the keynote at AWS re:Inforce.
Amazon GuardDuty Malware Protection for Amazon EBS Volumes
Amazon GuardDuty Malware Protection for Amazon EBS Volumes recognizes malware in EC2 instances and workloads running on EC2. The feature is an extension of Amazon GuardDuty, a separate solution for identifying suspicious traffic. When GuardDuty detects a suspicious signal, Malware Protection scans EC2 instances and EC2 workloads for malware.
Malware Protection sends all diagnostic information to Amazon EventBridge, AWS Security Hub and Amazon Detective so that the appropriate personnel and systems can resolve the issue. The feature is now available.
The technology behind Amazon GuardDuty is complex. Management can be challenging. That’s why AWS says it will soon launch training and certification for GuardDuty.
Amazon Detective for EKS
The second update in the area of cloud security is Amazon Detective for EKS. It is an expansion of an existing service. AWS is extending the Detective service towards Kubernetes workloads on Amazon’s Elastic Kubernetes Service. The new feature allows Detective to pull in audit logs from EKS automatically. It will enable Amazon Detective to record user and application activity chronologically. It can do this for Kubernetes clusters, pods, container images and subjects.
Amazon Detective for EKS is an extension of Amazon Detective, a separate solution for AWS. The new feature is available now.
The connection between AWS Security Hub and Amazon GuardDuty Malware Protection
We already briefly mentioned Amazon GuardDuty Malware Protection. Besides the availability of this new service, there is something else new to report. It will be connected to the AWS Security Hub. The AWS Security Hub will now automatically receive the findings from Amazon GuardDuty Malware Protection. The idea is that it should enable users to get as much security information as possible in one place. It makes it easier to detect problems and take action on them. Finally, this integration includes a connection to Amazon Detective for further investigation.
Compliance
In the field of compliance, we see two announcements. The first is a preview of Wickr, the collaboration tool that the company acquired last year. Wickr uses end-to-end encryption to let people and groups collaborate. They can share files, screens and locations but also do video conferencing. You can specify whether messages or files should be deleted after a certain period, if they can be forwarded or not and you can retrieve and delete already sent messages. Finally, the tool also offers possibilities to set up good governance and compliance.
In addition to a compliant way of working together, the rest of the environment must also be compliant. To address this, compliance scores were announced as a part of AWS Config conformance packs. This feature gives compliance scores to the resources of an organisation. You should be able to see how the overall compliance of your organisation is doing.
AWS Marketplace Vendor Insights
Organisations prefer to work with vendors that offer their products and services securely. However, it is not easy to determine if a solution is secure. With the introduction of the preview for AWS Marketplace Vendor Insights, AWS wants to give this a helping hand. With this new feature, organisations can perform a risk analysis or assessment of the software they work with or want to work with. An organisation gains access to a lot of information concerning data privacy, application security and access control. The vendors selling the solution will make this information available on the Marketplace. For example, buyers can receive a notification when a specific certificate of a vendor expires. Thanks to the new dashboard, a potential customer can check at a glance whether the solution meets the security requirements of an organisation.
Finally, AWS has two more things to report regarding partners. Firstly, there is the re-launch of Security Competency. With Security Competence, customers get an insight into partners’ competencies in specific sub-areas. There are eight areas: IAM, threat detection and response, infrastructure security, data protection, compliance and privacy, application security, perimeter protection and core security.
All in all, with the announcements we made above, AWS has again taken some good steps when it comes to making and keeping the cloud as secure and compliant as possible. Especially the integration of several of these services with each other and with existing services is a good thing in our opinion. It will undoubtedly help organisations improve their security in general.