Unveiling the Shield: AWS re:Invent 2023’s Impactful Security Updates
AWS re:Invent is an annual conference hosted by Amazon Web Services (AWS), one of the leading cloud computing platforms. The conference takes place in Las Vegas and serves as a platform for AWS to announce new services, features, and updates, as well as to provide technical deep dives, hands-on labs, and networking opportunities for attendees. In this blog post, I will take you through AWS re:Invent 2023 Security Updates:
Amazon Identity and access management [IAM]
· AWS Analytics services, including Amazon QuickSight, Amazon Redshift, Amazon EMR, AWS Lake Formation, and Amazon S3 via S3 Access Grants, now use trusted identity propagation with AWS IAM Identity Center to manage and audit access to data and resources based on user identity.
· IAM Access Analyzer introduces custom policy checks powered by automated reasoning — Custom policy checks use the power of automated reasoning — security assurance backed by mathematic proof — to help security teams proactively detect nonconformant updates to policies.
· AWS IAM Access Analyzer now simplifies inspecting unused access to guide users toward least privilege. IAM Access Analyzer continuously analyzes user’s accounts to identify unused access and creates a centralized dashboard with findings. Security teams can use the dashboard to review findings centrally and prioritize which accounts to review based on the volume of findings.
Amazon Detective
· Amazon Detective now provides finding group summaries using generative artificial intelligence (AI) that automatically analyzes finding groups and provides insights in natural language to help users accelerate security investigations.
· Amazon Detective now integrates with Amazon Security Lake, enabling security analysts to query and retrieve logs stored in Security Lake. Users can use this integration to get additional information from AWS CloudTrail logs and VPC Flow Logs stored in Security Lake while conducting security investigations in Detective.
· Amazon Detective now supports the ability to automatically investigate AWS IAM entities for indicators of compromise (IoC).
· Amazon Detective now supports security investigations for threats detected by Amazon GuardDuty ECS Runtime Monitoring. Amazon Detective now provides enhanced visualizations and additional context for detections on ECS.
Amazon GuardDuty
· Introduced Amazon GuardDuty ECS Runtime Monitoring, including AWS Fargate — an expansion of Amazon GuardDuty that introduces runtime threat detection for Amazon ECS workloads — including serverless container workloads running on AWS Fargate.
· Amazon GuardDuty now supports runtime monitoring for Amazon EC2 (Preview)
AWS Secrets Manager
· AWS Secrets Manager now supports a single API call to identify and retrieve a group of secrets for the application. The new API, BatchGetSecretValue, offers greater simplicity to common developer workflows where users need to bring multiple secrets into their application.
AWS Config
· AWS Config now supports periodic recording: Efficiently scale change tracking — This launch extends AWS Config’s existing recording capabilities, which continuously track every change as it occurs. Periodic recording captures the latest configuration changes of your resources once every 24 hours, reducing the number of changes delivered. Both continuous and periodic recording options are priced based on the number of configurations items.
· AWS Config launches generative AI-powered natural language querying (Preview)
AWS Security Hub
· Introduced support for customer-specific inputs in AWS Security Hub controls that allow users to customize their security posture monitoring in AWS.
· Introduced new capabilities in AWS Security Hub that allow security teams to centrally enable and configure Security Hub standards and controls across accounts and Regions in just a few steps. This enhancement is designed to streamline and simplify how users set up and administer Security Hub in their multi-account, multi-Region organizations. Users can now use Security Hub central configuration to address gaps in their security coverage by creating security policies with their desired standards and controls and applying them in selected Regions across accounts and OUs.
· Introduced new data visualizations, filtering and customization enhancements to the AWS Security Hub dashboard, allowing users to more easily focus on risks that require their attention.
· Introduced new metadata enrichment for findings aggregated in AWS Security Hub that allow users to better contextualize, prioritize, and take action on their security findings. This enrichment adds resource tags, a new AWS application tag, and account name information to every finding ingested into Security Hub, including findings from AWS security services such as Amazon GuardDuty, Amazon Inspector, and AWS IAM Access Analyzer, as well as a large and growing list of AWS Partner Network (APN) solutions.
Amazon Inspector
· Amazon Inspector agentless vulnerability assessments for Amazon EC2 now in preview
· Amazon Inspector expands AWS Lambda code scanning with generative AI powered remediation
· Amazon Inspector enhances container image security by integrating with developer tools
Competencies updates
· Introduced new AWS Cyber Insurance Competency, which makes it easy for customers to find affordable insurance policies from AWS Partners that integrate their security posture assessment through a new, simplified customer experience with AWS Security Hub. With AWS Cyber Insurance Competency Partners, AWS customers can receive cyber insurance pricing estimates, purchase plans, and be confident they have the coverage for security and recovery services when needed most.
· Introduced AWS Built-in Competency to highlight partner software solutions with AWS built-in, including new infrastructure as code that integrates automatically with AWS foundational services to help customers achieve their long-term goals in the cloud. AWS Built-in software uses a well-architected Modular Code Repository designed to add value to partner software solutions. AWS Built-in Competency Partner solutions leverage key building blocks called Cloud Foundational Services across multiple domains such as identity, security, and operations.
Please feel free to write @ piyush.jalan93@gmail.com for any queries on AWS Security Updates & stay tuned for next write-up.
Thank you!
