Amazon Web Services (AWS) this week introduced a host of updates to improve cloud security, including artificial intelligence (AI) algorithms for Amazon GuardDuty that make it easier to detect attack patterns.
AWS re:Invent 2024 was announced at the AWS re:Invent 2024 conference, where AWS also made Amazon OpenSearch available for Amazon Security Lake, a data lake the company provides to normalize all the security data an organization collects. Amazon Security Lake is based on the Open Cybersecurity Schema Framework (OCSF), originally created in 2022, and which is being developed under the auspices of the Linux Foundation as of last month.
Finally, AWS is previewing an extension to AWS Verified Access that enables organizations to apply access controls to resources such as databases and Git repositories that do not use HTTP. The overall goal is to eliminate the need to rely on insecure virtual private networks (VPNs) to access cloud resources.
Together, these capabilities are part of an ongoing effort to make it easier for cybersecurity teams to not only secure cloud resources but also prioritize any remediation efforts that may be required, said Mark Tirinzoni, general manager of Security Services at AWS.
For example, the AI ​​algorithms added to Amazon GuardDuty enable security signals to be correlated in a way that makes it easier to identify attack patterns used by cybercriminals, including privilege detection scanning, API manipulation, and data exfiltration. The algorithms also classify these threats by their potential severity within a natural language summary that also provides remediation recommendations, in a way that any cybersecurity team member can understand and share with their IT colleagues.
When combined with research tools that make it easier to proactively hunt down threats, an organization's overall cloud security posture improves dramatically, Tirinzoni noted.
He added that OCSF plays a critical role in achieving this goal because it makes it easy to use a simple search interface to help discover those issues. In addition to AWS, Cisco, IBM, and Splunk, several other cybersecurity platform providers now support the scheme originally developed by Broadcom. This joint effort made it possible to more easily normalize and then through a research tool to analyze data that previously would have been stored using multiple incompatible data formats, Tirinzoni said.
This approach also reduces reliance on security information event management (SIEM) and extended detection and response (XDR) platforms that increase the overall cost of cybersecurity, he added.
It is not clear how much the overall state of cloud security is improving, as more organizations realize that different tools and practices are needed to secure cloud services the easier they become to achieve. There may never be such a thing as perfect cloud security, but in the age of shared responsibility for cloud security, available tools and platforms are finally becoming much easier to deploy and master. The challenge now is to reduce the average time to remediation, as hopefully more issues will be caught before cybercriminals have a chance to exploit them.
