AWS Rolls Out Improved Dashboards and Improved Malware Detection at re:Inforce

0
Attendees walk through an exhibit hall during AWS re:Invent 2021, a conference hosted by Amazon Web Services, at The Venetian Las Vegas on Nov. 30, 2021 in Las Vegas. (Photo by Noah Berger/Getty Images for Amazon Web Services)

Amazon Web Services (AWS) this week held re: in force in Boston, a learning conference focused on cloud security, compliance, identity and privacy.

SC Media spoke with leading cloud security analysts to share what they found most useful during the conference for security teams.

Melinda Marks, Senior Analyst at Enterprise Strategy Group, shared the following points, centered around improved dashboards, better visibility into container environments, and better malware protection:

  • AWS announced new vendor insights with a simple dashboard to offer certification information and other information, such as cost estimates. Marks said this should enable efficient customer transactions with AWS partners, helping customers facilitate provisioning, governance and control, professional support, and cost optimization.
  • Amazon Detective now provides better visibility into container environments by adding support for Elastic Kubernetes Services (EKS). Because Kubernetes is widely used in the industry to orchestrate container usage, Amazon Detective now provides visibility and analysis of EKS activity, including API usage, container services, server behavior, and more. users and pod details, without the need for agents. This should help security teams in their investigations, by providing access to information about the underlying nodes.
  • AWS also announced GuardDuty Malware Protection, agentless detection of malware on AWS workloads. When enabled, it detects activity and takes a snapshot for analysis without disrupting the workload. Thus, if malware is detected, more contextual information is available to access the source of the activity.

Frank Dickson, who covers security and trust at IDC, added that he thinks Guard Duty malware protection is one of re:Inforce’s “coolest” announcements. Dickson said that integrated with GuardDuty, Malware Protection seeks to detect malicious files residing on an instance or container, based on known signatures.

Dickson said integration with GuardDuty makes detections possible without deploying an agent, making adoption virtually risk-free. Malware Protection also provides file scanning for workloads using Amazon Elastic Block Store. Security professionals can enable malware protection with a single click in the GuardDuty console or via the GuardDuty API.

Dickson said he thought GuardDuty was inexpensive because it was priced close to cost.

“AWS doesn’t like price being a barrier to implementing security features, monetization will happen through greater adoption of AWS cloud services,” Dickson explained. “The offer is good but still imperfect. It seems best suited for uncovering cryptominers that can exploit known malware that exists on networks and is not necessarily time-sensitive. The speed of a ransomware attack can probably elude the service, but you have to recognize that the malware protection offering is new, let’s call it 1.0. AWS tends to learn quickly, so it will likely improve as customer feedback drives development. »

Share.

Comments are closed.