What we’ve learnt from day one of AWS re:Inforce

AWS re:Invent

Key Takeaways

AWS has enhanced its cloud security offerings with the introduction of the Software Bill of Materials export capability in Amazon Inspector, allowing for the export of consolidated security data and expanded code scanning for Lambda functions.

New management tools have been unveiled, including capabilities in AWS Config to exclude resource types and the availability of automated actions in AWS Security Hub for managing findings, alongside improved connectivity options for EC2 instances.

AWS has launched innovative encryption solutions such as dual-layer server-side encryption for Amazon S3 and introduced Amazon Verified Permissions for streamlined authorization management, while also establishing new partner programs to facilitate affordable cyber insurance for SMBs.

Day one of the AWS re:Inforce event has revealed a multitude of new functionalities for cloud security, management tools, encryption and identity, as well as announcing new partner programs.

Cloud security 

To build on its cloud security, AWS has introduced the Software Bill of Materials export capability in Amazon Inspector. Amazon Inspector, a vulnerability management service, now offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all Amazon Inspector monitored resources across an organization in industry standard formats, including CycloneDx and SPDX.

Amazon Inspector also now supports code scanning of Lambda functions, expanding the existing capability to scan Lambda functions and associated layers for software vulnerabilities in application package dependencies. 

To benefit its cloud security, Amazon Detective has expanded finding groups to include Amazon Inspector network reachability and software vulnerability findings alongside Amazon GuardDuty findings.

Management tools 

AWS’ new management tool features include the general availability of a new capability within AWS Config that lets customers exclude resource types in the configuration recorder. This feature is joined by CloudTrail Lake dashboards which provides out-of-the-box visibility and insights from audit and security data directly within the CloudTrail Lake console.

Furthermore, AWS announced that Amazon EC2 Instance Connect now supports SSH and RDP connectivity without a public IP address. With EC2 Instance Connect Endpoint (EIC Endpoint), customers now have SSH and RDP connectivity to their EC2 instances without using public IP addresses. 

AWS Security Hub has launched a new capability for automating actions to update findings. Customers can now use rules to automatically update various fields in findings that match defined criteria, allowing customers to automatically suppress findings, update findings severities according to organizational policies, change findings workflow status and add notes.

Encryption

In the interest of encryption, AWS has launched Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon Simple Storage Service (Amazon S3) that applies two layers of encryption to objects when they are uploaded to an Amazon S3 bucket. This is accompanied by the moving of payment processing to the cloud with AWS payment cryptography. 

Identity 

AWS is simplifying how you manage authorization in your applications with Amazon Verified Permissions, which was first announced as a preview at re:Invent 2022. Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for building applications which centralizes permissions in a policy store and helps developers use those permissions to authorize user actions within their applications.

AWS partner 

A Cyber Insurance Partner Program will now also make it easy for customers, particularly small and medium businesses (SMB), to find affordable cyber insurance policies that integrate their security posture assessment solutions. The new assessment solutions from AWS Cyber Insurance Partners allow organizations to receive cyber insurance pricing estimates, purchase plans and be confident in their coverage for security and recovery services.

Additionally, AWS built-in partner solutions (in preview) are now available in AWS Marketplace, and are designed to automate, configure and scale across multi-account environments. 

Lastly, AWS introduced the AWS Global Security Initiative, which provides Global System Integrators (GSI) partners the opportunity to jointly develop innovative and transformational security and compliance services with AWS, delivering on the promise of actionable security data leveraging the power of Generative AI.