News

What's New for Security at AWS re:Invent 2024

• By David Ramel
• 12/04/2024

A new AWS Security Incident Response service heads a bevy of security, identity and compliance announcements at this week's AWS re:Invent conference.

The new service automates the triage and investigation of security alerts from Amazon GuardDuty and integrated third-party tools, providing continuous support from AWS security experts to help organizations efficiently manage and recover from security incidents.

The purpose is to help customer orgs prepare for, respond to, and recover from security events like account takeovers, data breaches, and ransomware attacks, with key features including:

• Monitoring and investigation of security findings
• Real-time tracking and measurement
• Immediate notification to key stakeholders
• Access to security playbooks
• Access to security experts within minutes
• Post-incident reporting and analysis

"Security events are becoming more pervasive and complex for customers," AWS said. "Security teams often face an overwhelming number of daily alerts, leading to potential misplaced priorities of resources and reduced effectiveness. Manual investigation of findings strains resources and may cause customers to overlook critical security alerts. Additionally, coordinating responses across multiple stakeholders, managing permissions in various environments, and documenting actions complicate the process. There is an opportunity to better support customers and remove various points of undifferentiated heavy lifting that customers face during security events."

Pricing is here.

Other security, identity and compliance news from AWS re:Invent includes:

• The launch of Amazon GuardDuty Extended Threat Detection, an enhancement to its threat detection service that utilizes advanced AI and machine learning to identify both known and previously unknown attack sequences. It aims to provide a more comprehensive and proactive approach to cloud security by correlating security signals to detect multi-stage attacks across various AWS resources and over time. It introduces critical severity findings with detailed summaries, observed activities mapped to the MITRE ATT&CK framework, and prescriptive remediation recommendations, thereby simplifying threat detection and response for organizations operating in complex cloud environments.
• AWS introduced declarative policies, a feature within AWS Organizations that enables administrators to centrally define and enforce desired configurations for AWS services across their orgs. This reportedly simplifies governance by allowing settings -- such as blocking public access to Amazon VPC resources or restricting Amazon Machine Image (AMI) usage to specific providers -- to be applied uniformly across all accounts, including any that join the organization in the future. Declarative policies ensure that these configurations are consistently maintained, even as AWS services evolve with new features or APIs. Additionally, administrators can provide custom error messages to guide users when actions are denied due to policy enforcement, enhancing transparency and compliance within the organization.
• AWS Verified Access now supports secure, VPN-less access to corporate resources over non-HTTP(S) protocols, including Secure Shell (SSH) and Remote Desktop Protocol (RDP). This enhancement enables organizations to implement zero trust access controls across a broader range of applications and resources, allowing for consistent, context-aware policies based on user identity and device security status. By eliminating the need for traditional VPNs or bastion hosts, this feature simplifies security operations and reduces the risk of over-privileged access, the company said.
• AWS announced the general availability of Amazon OpenSearch Service's zero-ETL integration with Amazon Security Lake, enabling organizations to efficiently search, analyze, and gain actionable insights from their security data without the need for complex data pipelines. This integration allows direct querying and visualization of Security Lake data using OpenSearch Dashboards, supporting multiple data sources within a unified tool and schema -- the Open Cybersecurity Schema Framework (OCSF) -- to enhance threat-hunting and investigation scenarios. Additionally, for time-sensitive investigations, users can boost query performance by enabling features like indexed views and dashboards in OpenSearch Service, thereby reducing operational overhead and costs associated with data movement.

The AWS re:Invent 2024 event continues through Dec. 6, with the announcement of new Nova foundational AI models headlining the AI space.