Amazon Web Services (AWS) this week held re:Inforce in Boston, a learning conference focused on cloud security, compliance, identity and privacy.
SC Media spoke with leading cloud security analysts to share what they found most useful at the conference for security teams.
Melinda Marks, a senior analyst at the Enterprise Strategy Group, laid out the following points, which centered around improved dashboards, better visibility into container environments, and improved malware protection:
- AWS announced new Vendor Insights with a simple dashboard to offer information about certifications and other information, such as cost estimates. Marks said this should enable efficiency for customer transactions with AWS partners, helping customers with ease of procurement, governance and control, professional support, and cost optimization.
- Amazon Detective now delivers deeper visibility of container environments by adding support for Elastic Kubernetes Services (EKS). Because there’s a high usage in the industry of Kubernetes to orchestrate use of containers, Amazon Detective now provides visibility and analysis of EKS activity, including API usage, container services, user behavior and pod details, without the need for agents. This should help security teams with investigations, giving access to information on underlying nodes.
- AWS also announced GuardDuty Malware Protection, agentless detection of malware on AWS workloads. When enabled, it will detect activity and take a snapshot for analysis without disturbing the workload. So if malware gets detected, there’s more contextual information available to get to the source of activity.
Frank Dickson, who covers security and trust at IDC, added that he thought the Guard Duty Malware Protection was one of the “coolest” announcements at re:Inforce. Dickson said integrated into GuardDuty, Malware Protection looks to detect malicious files residing on an instance or container, based on known signatures.
Dickson said the integration with GuardDuty makes the detections possible without deploying an agent, making adoption virtually risk free. Malware Protection also provides file scanning for workloads utilizing Amazon Elastic Block Store. Security pros can enable Malware Protection with a single click in the GuardDuty console or through the GuardDuty API.
Dickson said he thought GuardDuty was inexpensive, as it was priced close to cost.
“AWS does not like price to be an inhibiter to implementing security features, monetization will occur through greater AWS cloud service adoption,” Dickson explained. “The offering is good but yet imperfect. It seems best suited for discovering cryptominers that may leverage known malware that exist on networks and are not necessarily time sensitive. The velocity of a ransomware attack may likely elude the service, but you have to acknowledge that the Malware Protection offering is new, let’s call it 1.0. AWS tends to learn fast, so it will likely be improved as customer feedback drives development.”
