[ad_1]
|
At AWS re:Inforce 2025 (June 16-18, Philadelphia), AWS Vice President and Chief Information Security Officer Amy Herzog delivered the keynote handle, asserting new safety improvements. Throughout the occasion, AWS introduced further safety capabilities centered on simplifying safety at scale and enabling organizations to construct extra resilient purposes within the cloud. Below is a complete roundup of the key safety launches and updates introduced at this 12 months’s convention.
Verify inner entry to crucial AWS sources with new IAM Access Analyzer capabilities
A brand new functionality in AWS Identity and Access Management Access Analyzer helps safety groups confirm which principals inside their AWS group have entry to crucial sources like S3 buckets, DynamoDB tables, and RDS snapshots by utilizing automated reasoning to judge a number of insurance policies and supply findings by means of a unified dashboard.
AWS IAM now enforces MFA for root customers throughout all account sorts
The new Multi-Factor Authentication enforcement prevents over 99% of password-related assaults. You can use a spread of supported IAM MFA strategies, together with FIDO-certified safety keys to harden entry to your AWS accounts. AWS helps FIDO2 passkeys for a user-friendly MFA implementation and means that you can register as much as 8 MFA gadgets per root and IAM person.
Improve your safety posture utilizing Amazon risk intelligence on AWS Network Firewall
This new Network Firewall managed rule group affords safety in opposition to energetic threats related to workloads in AWS. The characteristic makes use of the Amazon risk intelligence system MadPot to repeatedly monitor assault infrastructure, together with malware internet hosting URLs, botnet command and management servers, and crypto mining swimming pools, figuring out indicators of compromise (IOCs) for energetic threats.
AWS Certificate Manager introduces exportable public SSL/TLS certificates to make use of anyplace
You can now use AWS Certificate Manager to subject exportable public certificates in your AWS, hybrid, or multicloud workloads that require safe TLS visitors termination.
AWS WAF simplified console expertise
The new AWS WAF console expertise reduces safety configuration steps by as much as 80% by means of pre-configured safety packs. Security groups can shortly implement complete safety for particular utility sorts, with consolidated safety metrics and customizable controls by means of an intuitive interface.
Amazon CloudFront simplifies net utility supply and safety with new user-friendly interface
Try the simplified console expertise with Amazon CloudFront to speed up and safe net purposes inside just a few clicks by automating TLS certificates provisioning, DNS configuration, and safety settings by means of an built-in interface with AWS WAF’s enhanced Rule Packs.
New AWS Shield characteristic discovers community safety points earlier than they are often exploited (Preview)
Shield community safety posture administration mechanically discovers and analyzes community sources throughout AWS accounts, prioritizes safety dangers primarily based on AWS greatest practices, and supplies actionable remediation suggestions to guard purposes in opposition to threats like SQL injections and DDoS assaults.
Unify your safety with the brand new AWS Security Hub for danger prioritization and response at scale (Preview)
AWS Security Hub has been enhanced to remodel safety alerts into actionable insights, serving to safety groups prioritize and reply to crucial points at scale. This unified resolution supplies complete visibility throughout your cloud atmosphere whereas decreasing the complexity of managing a number of safety instruments.
Amazon GuardDuty expands Extended Threat Detection protection to Amazon EKS clusters
Amazon GuardDuty Extended Threat Detection now helps Amazon EKS clusters, serving to you detect refined multistage assaults by correlating safety alerts throughout Kubernetes audit logs, runtime behaviors, and AWS API actions. This enhancement mechanically identifies crucial assault sequences that may in any other case go unnoticed, enabling sooner response to threats.
New classes for the AWS MSSP Competency
The AWS MSSP Competency (beforehand AWS Level 1 MSSP Competency) now consists of new classes protecting infrastructure safety, workload safety, utility safety, information safety, identification and entry administration, incident response, and cyber restoration. Partners present 24/7 monitoring and incident response by means of devoted Security Operations Centers.
Secure your Express utility APIs in minutes with Amazon Verified Permissions
Amazon Verified Permissions introduced the discharge of the verified-permissions-express-toolkit, an open-source bundle that enables builders to implement authorization for Express net utility APIs in minutes utilizing Amazon Verified Permissions.
Beyond compute: Shifting vulnerability detection left with Amazon Inspector code safety
Amazon Inspector code safety capabilities at the moment are usually accessible, serving to you safe purposes earlier than manufacturing by quickly figuring out and prioritizing safety vulnerabilities and misconfigurations throughout utility supply code, dependencies, and infrastructure as code (IaC).
AWS Backup provides new Multi-party approval for logically air-gapped vaults
Multi-party approval for AWS Backup logically air-gapped vaults allows you to get well your backup information even when your AWS account is compromised, by leveraging authorization from a delegated approval workforce of trusted people who can allow vault sharing with a restoration account.