This content is part of the Conference Coverage: A conference guide to AWS re:Invent 2023

Key cybersecurity takeaways from AWS re:Invent

Security was strongly emphasized throughout the AWS re:Invent user conference, with product updates to help companies secure data as they build apps and scale in the cloud.

While generative AI (GenAI) took center stage at AWS re:Invent this month, security and data privacy were also emphasized throughout the event.

This year, GenAI is the disruptive technology that can enable companies to scale and gain a competitive advantage, but AWS users need to ensure their security can scale to protect company and customer data as their businesses grow.

With that, AWS delivered a slew of security updates. In this blog, I'll describe the key cybersecurity takeaways from the conference.

Secure, responsible use of AI

We've seen the growth of AI over the years, but this year, organizations are excited about GenAI and its applications, including software development and assisting humans with time-consuming tasks and decision-making for their jobs. AI, including GenAI, depends on data to train models, and there has been growing concern over data privacy and accuracy.

In his keynote, AWS CEO Adam Selipsky proclaimed that "the cloud is for everyone," saying small and large companies can leverage advanced technologies, like GenAI, to grow their businesses. While other cloud service providers -- Microsoft and Google -- have touted leadership in GenAI, Selipsky made the case that AWS commitment to performance, scale and cost optimization would give AWS customers powerful GenAI capabilities.

To help with security and privacy and to promote responsible use of AI, AWS customers can configure harmful content filtering based on responsible AI policies, and apply guardrails to any foundational model or agent. Coming soon, they will have the ability to redact personal identifying information (PII) in PII responses.

AWS also introduced new capabilities in their GenAI applications and models, including built-in security scanning in Amazon CodeWhisperer, training to detect and block harmful content in Amazon Titan, data privacy protections in Amazon Bedrock and machine learning (ML) governance with Amazon SageMaker, which helps simplify access and permissions.

For example, if a customer wanted to utilize GenAI on AWS to create a new application for business planning utilizing confidential company data from multiple sources, these security and privacy features would keep the data secure and help prevent misuse or tampering that could affect accuracy.

Growing cloud use requires security to scale

AWS' latest updates make it easier than ever to migrate workloads to the cloud. For example, their zero-ETL integrations eliminate the need to build ETL data pipelines, a previously tedious process. AWS claims it is now possible to migrate thousands of applications within days.

We can expect increased cloud adoption, and security teams need a strategy in place to ensure they can scale to support business goals and objectives.

My research earlier this year on cloud security posture management (CSPM) showed that as organizations increasingly move production workloads to the cloud, security teams need effective ways to mitigate security risks to support growth and scale. AWS announced updates to their CSPM service, AWS Security Hub, that will be useful, including the following:

  • Customized security controls for security posture monitoring.
  • Metadata enrichment findings aggregated to better contextualize, prioritize and act on security findings.
  • New dashboard including data visualizations with filtering and customization enhancements to focus on risks requiring attention.
  • Enhancements to centrally enable and configure Security Hub standards and controls across accounts and Regions in just a few steps.
  • New natural language querying feature in AWS Config uses GenAI to aid search of resource configurations and compliance metadata to help with configuration management and policy compliance.

Increasing remediation efficiency for vulnerability management

Amazon Inspector is the AWS vulnerability management service that continually scans workloads for software vulnerabilities, code vulnerabilities and unintended network exposure. The following updates will help security teams scale vulnerability management:

  • Code scanning for AWS Lambda functions now uses GenAI for assisted code remediation, providing code patches for detected vulnerabilities.
  • Integration with developer tools, including Jenkins and TeamCity, for container image assessments incorporated in developer continuous integration and continuous delivery (CI/CD) tools.
  • Agentless vulnerability assessments for Amazon EC2 environments (in preview) enables continuous monitoring of EC2 instances without the need to install additional software or agents.

AWS is also helping developers secure their code to minimize vulnerabilities with updates to Amazon CodeWhisperer, the AI-powered tool that generates code suggestions in the developer's integrated development environment (IDE). It now includes support for Infrastructure as Code (IaC) remediation and expanded scanning language support.

My research on developer-focused security revealed increased misconfigurations and security incidents from the use of IaC templates because it is easy for developers to deploy their applications on IaC with mistakes. AWS CodeWhisperer now scans IaC, including AWS CloudFormation (YAML, JSON), AWS CDK (TypeScript, Python) and HashiCorp Terraform (HCL), and application code for vulnerabilities and recommends necessary remediation.

Enabling developers to remediate coding issues in IaC and their code early in development can have a significant impact in mitigating security risk, as the research showed high numbers of security incidents caused by misconfigurations.

Helping with threat detection, investigation and response

My new research with my colleague Jon Oltsik covered cloud threat detection, investigation and response. It revealed that organizations face challenges due to the speed and volume of releases, the need to automate processes, visibility and monitoring gaps with highly distributed applications using dynamic, ephemeral resources, and issues with data sources.

A number of enhancements from AWS support cloud threat detection and response include the following:

  • Amazon GuardDuty runtime monitoring of Amazon Elastic Container Service (ECS), including serverless container workloads running on AWS Fargate.
  • Preview launch of Amazon GuardDuty runtime monitoring of Amazon Elastic Compute Cloud (Amazon EC2).
  • Amazon Detective support for security investigations of threats detected by Amazon GuardDuty ECS, with advanced visualizations and context.
  • Amazon Detective support for the ability to automatically investigate AWS Identity and Access Management (IAM) entities for indicators of compromise, helping determine wither IAM entities have been compromised or involved in known tactics, techniques and procedures of the MITRE ATT&CK framework.
  • Amazon Detective integration with Amazon Security Lake, enabling security analysts to query and retrieve logs stored in Security Lake and get additional information from AWS CloudTrail logs and Amazon Virtual Private Cloud Flow logs stored in Security Lake.
  • CloudWatch provides automated log pattern analysis and anomaly detection to ease interpretation of logs and identify unusual events for faster investigation.

Although AWS holds a separate conference focused on security, AWS re:Inforce, it was good to see security strongly emphasized throughout their main user conference because security needs to be a requirement with technology adoption to fuel business growth.

Senior Analyst Melinda Marks covers application and cloud security at TechTarget's Enterprise Strategy Group.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.

Next Steps

Amazon's innovative generative AI moves at re:Invent 2023

Dig Deeper on Cloud security

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing