AWS re:Inforce 2022: 10 Biggest News And Product Launches

AWS launches new security solutions around AWS Wickr, AWS Marketplace, Amazon GuardDuty, AWS Security Hub as well as revamped security partner programs. Here’s the 10 you need to know.

Biggest News From AWS re:Inforce 2022

The public cloud global market leader launched a slew of new security products and capabilities along with new partner program investments at AWS re:Inforce.

Hundreds of cybersecurity experts, technologies, customers and channel partners attended AWS’ security re:Inforce event this week in Boston to hear about AWS’ vision and new security launches.

“Every single month, we track quadrillions of events,” said Amazon Chief Security Officer Stephen Schmidt during his keynote at re:Inforce. “That’s a number that has 15 zeros. So we’re not reliant on the expertise of AWS security alone, we’re relying on the security interests, focus and creativity of millions of customers as well.”

New unveilings at the event include AWS Wickr collaboration, AWS Marketplace Vendor Insights, Amazon Detective, Amazon GuardDuty, AWS Security Hub and the reinvention of its popular AWS Security Competency partner program.

[Related: AWS re:Inforce Keynote: 7 Big Security, Ukraine, Ransomware Remarks]

AWS is investing heavily in security to help continue its rapid growth.

The Seattle-based Amazon cloud unit generated $18.4 billion in revenue during its first fiscal quarter, representing a 37 percent increase year over year.

At re:Inforce 2022, AWS’ security vision was on full display with a long list of new security capabilities and enhanced partner programs updates launched during the event.

AWS security executives even discussed how the company is working with Ukraine to help keep its technology and data safe amidst Russian’s invasion.

“On February 24, the date of the invasion, AWS met with Ukrainian government. The discussion focused on bringing our AWS Snowball devices, which is our secure edge computing devices, into Ukraine to help secure, store, and transfer data to the cloud,” said Schmidt.

CRN breaks down the 10 biggest talking points, new security products and partner enhancements launched at AWS re:Inforce this week in Boston.

AWS Wickr Enterprise Collaboration Product

AWS announced its enterprise secure collaboration product that provides end-to-end encrypted messaging, file transfer, screen sharing, location sharing, and voice and video conferencing capabilities—complete with administrative controls to support information governance and compliance.

AWS acquired encrypted messaging service company Wickr in 2021.

AWS Wickr, currently in preview also includes message and content ephemerality, perfect forward secrecy, message recall and delete, and administrative controls to support information governance and compliance.

The new service allows secure collaboration across messaging, voice and video calling, file sharing, and screen sharing.

AWS Wickr aims to helps organizations address evolving threats and regulations by combining security and administrative features designed to safeguard sensitive communications, enforce information governance policies, and retain information as required. Encryption takes place locally, on the endpoint. Every call, message, and file is encrypted with a new random key, and no one but intended recipients—not even AWS—can decrypt them. Information can be selectively logged to a secure, customer-controlled data store for compliance and auditing purposes.

AWS Wickr integrates with additional services such as Active Directory and single sign-on with OpenID Connect. The service also alllows customers to securely automate their workflows using Wickr Bots.

AWS Wickr is available at no cost during the preview period.

AWS ‘Protecting And Preserving’ Ukraine’s Data And Culture

During the keynote presentation at AWS re:Inforce, Amazon’s Chief Security Officer Stephen Schmidt explained how AWS immediately began helping Ukraine on Day 1 of Russia’s invasion of the country.

“On February 24, the date of the invasion, AWS met with Ukrainian government. The discussion focused on bringing our AWS Snowball devices, which is our secure edge computing devices, into Ukraine to help secure, store, and transfer data to the cloud,” said Schmidt.

“A lot of people wonder why that was such a big focus. It’s because a lot of the Russian intent was not only an acquisition of territory, but erasure of Ukrainian identity and culture. And that’s something that we didn’t think was something that should be stood for,” he said. “So two days later, the Snowballs we sent reach their destinations in Ukraine.”

AWS Snowball is a petabyte-scale data transport service that uses secure devices to transfer large amounts of data into and out of the AWS Cloud.

Snowball devices became critical in “protecting and preserving Ukraine’s data, and thus, the history of their culture,” Schmidt said.

AWS has helped migrate data from 27 Ukrainian ministries, 18 Ukrainian universities, and the country’s largest remote school. The leading cloud provider also helped 61 government data migration to AWS, with more on the way.

“There are moments in history where you have to roll up your sleeves and do the right thing,” said Schmidt. “For us, this is one of those moments and I’m really proud of the way the team has responded and will continue to respond.”

AWS Marketplace Vendor Insights

The new AWS Marketplace Vendor Insights simplifies third-party software risk assessments by compiling security and compliance information in a single unified dashboard, cutting down the buying process by weeks and even months.

AWS Marketplace Vendor Insights gives customers and partners access to evidence made available by Marketplace sellers related to data privacy and residency, application security, and access control.

Chris Grusz, general manager of worldwide ISV Alliances and Marketplace, said, the new tool streamline vendor assessments and will help channel partners sell and procure faster.

“When you go to the AWS Marketplace’s seller page for a particular ISV—anything that’s available on a publicly available process will be displayed directly on their Marketplace listing page. “So our customers will have one place that they can go look to see all of these public certifications.”

On the security front, AWS Marketplace Vendor Insights will show the security certifications and other information on a real-time basis.

“What we’re going to be doing is using some of our own AWS services to continuously look at the security controls of our ISVs,” said Grusz. “Once you look at an ISV, it will actually show the certification of those ISVs: do they have SSL enabled? Have they encrypted all the S3 buckets? And all of these types of credentials.”

There will be 150 of security credentials in total AWS will check for.

The unified web-based dashboard gives governance, risk, and compliance teams access to security and compliance information, such as data privacy and residency, application security, and access control.

Channel partners will also benefit greatly from new dashboard.

“As a channel partner selling one of these products, they’re now enabled through Vendor Insights to be able to get their deals done dramatically faster,” said Grusz. “Because oftentimes they had to play kind of the broker between the customer and the ISV to gather this information back and they became a middleman. … It’s going to simplify our channel partners role because now they won’t have to play that middle person between the ISV and customer.”

Amazon Detective Supports Kubernetes Workloads On Amazon EKS

AWS launched Amazon Detective for Elastic Kubernetes Service (EKS) to help in security investigations.

The new feature helps users analyze, investigate, and identify the root cause of security findings or suspicious control plane activity on Amazon EKS clusters.

“With a single click setting and no agent requirement, it is much easier to start analyzing Amazon EKS specific activity,” Kurt Kufeld, vice president of AWS Platform on stage during his keynote at AWS re:Inforce. “It uses advanced correlation and graph-based analytics to investigate security findings from suspicious container images or container misconfigurations that may allow access to the underlying EC2 Nodes.”

AWS has expanded Amazon Detective to include new capabilities that expand security investigation coverage for Kubernetes workloads running on Amazon EKS.

After enabling the new feature, Amazon Detective automatically starts ingesting EKS audit logs to capture chronological API activity from users, applications and control plan in Amazon EKS for clusters, pods, container images, and Kubernetes subjects.

AWS Security Competency For Partners

Amazon Web Services has reinvented its popular AWS Security Competency program with eight new categories to help customers more easily find partner software and service solutions while also providing the channel with over 40 specific customer use cases.

Each of the eight categories are defined by AWS security experts to help customers find specific system integrators, security managed service providers and independent software vendor (ISV) offerings to fit their specific cloud security needs.

“We’ve created common customer use cases based off of real, boots on the ground, in the field experience we’ve seen at the customer level,” said Ryan Orsi, AWS’ worldwide head of Cloud Foundations for the AWS Partner Network.

“So the partner opportunity is around aligning their product or service, their messaging, and their go-to-market strategy to what AWS is seeing as the most highly in-need challenges out there for security with these new categories,” said Orsi. “It’s a great way for partners to increase their business, increase their trust and visibility with their customers and prospects out there to show they have all the right skill sets and knowledge about AWS environments.”

The new AWS Security Competency categories are aligned to work with common security problems businesses encounter during their cloud journey, with AWS matching a customer with partner to help with deployment, staff training, multi-cloud implementations, hybrid security tools and automation.

The AWS Security Competency helps customers easily identify software and service partners that have expertise in specific security categories.

The revamped security competency highlights partners that hold deep technical expertise and proven customer success securing every stage of cloud adoption, from initial migration through ongoing day-to-day management.

Amazon GuardDuty Malware Detection For EBS Volumes

Amazon GuardDuty allows customers to monitor their AWS accounts and workloads to detect malicious activity and behavior.

AWS has added GuardDuty the capability to now detect malware.

“When you have GuardDuty Malware Protection enabled, a malware scan is initiated when GuardDuty detects that one of your EC2 instances or container workloads running on EC2 is doing something suspicious,” said Danilo Poccia, chief evangelist at AWS in a blog post.

The service helps detect malicious files residing on an instance or container workload running on Amazon EC2 without deploying security software or agents.

Amazon GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon EBS volumes to detect malware that can be used to place resources at risk.

For example, a malware scan is triggered when an EC2 instance is communicating with a command-and-control server that is known to be malicious or is performing denial of service (DoS) or brute-force attacks against other EC2 instances.

“When potential malware is identified, actionable security findings are generated with information such as the threat and file name, the file path, the EC2 instance ID, resource tags and, in the case of containers, the container ID and the container image used. GuardDuty supports container workloads running on EC2, including customer-managed Kubernetes clusters or individual Docker containers,” said Poccia.

Existing customers can enable the GuardDuty Malware Protection feature with a single click in the GuardDuty console or through the GuardDuty API.

AWS Security Hub Integrates With Amazon GuardDuty Malware Protection

The AWS Security Hub now automatically receives Amazon GuardDuty Malware Protection findings.

GuardDuty Malware Protection delivers agentless detection of malware on Amazon Elastic Cloud Compute (EC2) instances and container workloads.

The integration between Security Hub and GuardDuty expands the centralization and single pane of glass experience in Security Hub by consolidating malware findings alongside other security findings, allowing customers to more easily search, triage, investigate, and take action on their security findings.

GuardDuty Malware Protection findings within Security Hub also contain an investigation link that allows you to quickly dive deeper to investigate the finding in Amazon Detective.

Now available globally, AWS Security Hub provides a comprehensive view of a customers’ security posture across AWS accounts.

With Security Hub, businesses have a single place that aggregates, organizes, and prioritizes security alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer, as well as from over 65 AWS Partner Network (APN) solutions.

Businesses can enable a 30-day free trial of AWS Security Hub with a single-click in the AWS Management console.

Six New Specializations For Level 1 MSSP Competency Partners

AWS launched six new specialized managed security services for the Level 1 MSSP Competency to help customers discover partner solutions validated by AWS security experts and provide 24x7 monitoring and response services.

The six specialization categories include: identity behavior monitoring; data privacy event management; modern compute security monitoring for containers and serverless technologies; managed application security testing; digital forensics and incident response support; and business continuity and ransomware readiness to recover from potentially disruptive events.

“We’re really removing a lot of the traditional ambiguity that exists in the security space in general,” Ryan Orsi, AWS’ worldwide head of Cloud Foundations for the AWS Partner Network. “There’s sort of an ambiguity from a customer perspective on: what’s included in the software, or what’s delivered in that scope of work from the contract? And we’re really being super prescriptive with this.”

In August 2021, AWS introduced the Level 1 Managed Security Services (MSS) baseline detailing ten foundational capabilities for MSSP partners to align their managed services to, along with the Level 1 MSSP Competency.

AWS said it established an industry-first quality of standard for customers to measure their security operations to.

For the new Level 1 MSSP Competency specializations, AWS is treating partners in the program as an extension of AWS’ own security team.

“We’re basically delivering what used to be internal AWS training for new staff members, we’re delivering that now directly into our Level One MSSP Competency partners,” said Orsi. “Because we really want to share all the knowledge and all the best practices with them.”

AWS is hosting four technical training events this year for Level One MSSP partners only.

AWS Config Now Provides Resource Compliance

AWS Compliance Scores assign a numeric compliance measurement value to Conformance Packs so AWS users can quickly identify major deviations in their compliance posture.

At re:Inforce this week, the company unveiled that AWS Config now supports compliance scores as an enhancement to conformance packs.

Compliance scores offer a consistent measurement to track remediation progress, perform comparisons across different sets of requirements, and see the impact a specific change or deployment has on your compliance posture. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an AWS account or AWS Region, or across an organization in AWS Organizations.

Furthermore, compliance scores are emitted to Amazon CloudWatch metrics which allows for tracking over time.

Compliance scores are part of conformance packs and are available in all AWS Regions where AWS Config conformance packs are available.

Amazon Macie New Validation Capability For Amazon S3 Object

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

At re:Inforce 2022, AWS launched a new capability in Amazon Macie that allows for one-click, temporary retrieval of up to 10 examples of sensitive data found in Amazon Simple Storage Service (Amazon S3) by Amazon Macie.

This new capability enables customers to more easily view and understand which contents of an S3 objects were identified to be sensitive, in order to be reviewed, validated and take action as needed.

All sensitive data examples captured with this new capability are encrypted using customer-managed AWS Key Management Service (AWS KMS) keys and are temporarily viewable within the Amazon Macie console after being retrieved.

Previously, users could only see the locations of the sensitive data discovered by Amazon Macie. To review the sensitive data, customers had to manually go back to the original dataset using the location information provided by Amazon Macie which slowed down security investigations.

Getting started with Amazon Macie is fast with one-click in the AWS Management Console or with a single API call.

Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access controls and encryption.