AWS launches new cloud security features
Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference.
The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to protect all AWS root users’s accounts with multi-factor authentication.
AWS Shield network security director (Preview)
AWS Shield, the managed DDoS protection service that protects applications running on AWS, is gaining the ability to pinpoint network issues that could be exploited by attackers.
AWS Shield network security director:
- Performs a network analysis of a customers’ AWS resources and identifies how they are connected and which configurations are in place
- Compares those against AWS network security best practices and threat intelligence
- Provides advice and step-by-step instructions for implementing AWS security services, groups, ACLs, etc. to protect the resources.
Threat detection for container-based applications
Amazon GuardDuty Extended Threat Detection now offers security monitoring across customers’ Kubernetes environment.
“[It] correlates security signals across Amazon [Elastic Kubernetes Service] audit logs, runtime behaviors of processes associated with EKS clusters, malware execution in EKS clusters, and AWS API activity to identify sophisticated attack patterns that might otherwise go unnoticed,” the company says.
“For example, GuardDuty can now detect attack sequences in which a threat actor exploits a container application, obtains privileged service account tokens, and then uses these elevated privileges to access sensitive Kubernetes secrets or AWS resources.”
To use it, customers have to have EKS Protection or Runtime Monitoring (or both) enabled.
New Security Hub (Preview)
The centralized console where defenders can view/aggregate security alerts and compliance status across AWS accounts has been refreshed, and integrates the various security capabilities that have been enabled by customers (e.g., Amazon GuardDuty, Amazon Cloud Security Posture Management, etc.)
The new Security Hub provides exposure summaries, a widget designed to identify potential coverage gaps, enhanced data interoperability, and more.
AWS Backup offers Multi-party approval for logically air-gapped vaults
“As a backup administrator, you use AWS Backup logically air-gapped vaults to securely share backups across accounts and organizations, logically isolate your backup storage, and support direct restore to help reduce recovery time following an inadvertent or malicious event. However, if a bad or unintended actor gains root access to your backup account or the management account of your organization, your backups suddenly become inaccessible, even though they’re still safely stored in the logically air-gapped vault,” AWS says.
Customers will initiate an account recovery procedure, but Multi-party approval will allow them to access the backups before the accounts is restored.
MFA for AWS root users across all account types
In 2023, AWS announced the upcoming concerted push towards requiring multi-factor authentication for AWS root accounts.
Less than two years later, AWS Identity and Access Management (IAM) enforces MFA use for:
- AWS Organizations management account root users
- Standalone account root users
- Member account root users
“MFA is available at no additional cost and prevents over 99% of password-related attacks. You can use a range of supported IAM MFA methods, including FIDO-certified security keys to harden access to your AWS accounts,” the company commented on Tuesday.
“For AWS Organizations customers, we recommend centralizing access account management through the management account and removing root user credentials from member accounts, which represents an even stronger security posture.”
Related news:
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!