Amazon is making several new security tools and services available to its cloud computing customers.
This week at the AWS re:Inforce event, Amazon introduced its latest offerings in the security arena. Speaking at the event’s keynote, Becky Weiss, a Senior Principal Engineer at AWS, said the company aims to bring more zero-trust features further across its cloud infrastructure.
Another goal is to make it easier for Amazon customers to screen the more than 1 billion API calls per second for potential bad actors, evidence of malware, and vulnerabilities.
New security services and tools
A big step in that direction comes from Amazon’s Security Lake, which became generally available last month. This service centralizes security data from AWS environments, software as a service (SaaS) providers, on-premises, and cloud sources into a purpose-built data lake that is stored in a customer’s AWS account. With Open Cybersecurity Schema Framework (OCSF) support, the service normalizes and combines security data from AWS and a broad range of security data sources.
Another security tool is AWS Verified Access. Built on Zero Trust guiding principles, this tool validates every application request before granting access. Amazon says that Verified Access “removes the need for a VPN, which simplifies the remote connectivity experience for end users and reduces the management complexity for IT administrators”.
Amazon Verified Permissions, which became generally available on Tuesday, is a new service designed to add another layer of security to a customer’s AWS experience. This platform is for “fine-grained authorization and permissions management for applications that you build”, Amazon says. Customers can use Verified Permissions to support role – and attribute-based access control in their applications.
Expanded features for existing services
Another added feature that became generally available this week is code scanning of Lambda functions in Amazon Inspector. This expands the existing capability to scan Lambda functions and associated layers for software vulnerabilities in application package dependencies, according to the company.
AWS has also expanded its threat detection service GuardDuty, adding new features that can scan Aurora databases, EKS Runtime containers and Lambda-based threats. “Our customers want identity preventative controls so they can define a data perimeter more easily, and be able to operate at scale,” Weiss explained.