Amazon Web Services Unveils Improved Cloud Vulnerability Management
Hear from CIOs, CTOs, and other executives and senior executives on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more
Amazon Web Services (AWS) today announced several new features to improve and automate vulnerability management on its platform, in response to changing security requirements in the cloud.
Newly added capabilities to the Amazon Inspector service will address the “critical need to detect and remediate quickly” in order to secure workloads in the cloud, according to an article on the AWS Blog, written by developer advocate Steve Roberts. The announcement came as part of the AWS re: Invent conference, which kicked off today.
In a second security announcement, AWS unveiled a new secret detector feature for its Amazon CodeGuru Reviewer tool, aimed at automatically detecting secrets such as passwords and API keys that were inadvertently committed in source code. .
AWS security updates come as businesses continue their accelerated journey to the cloud, even as security teams struggle to keep pace. Gartner estimates that 70% of workloads will run in the public cloud within three years, up from 40% today. But a recent survey of cloud engineering professionals found that 36% of organizations have experienced a cloud security data breach or serious breach in the past 12 months.
Changing cloud security needs
In the Amazon Inspector Updates post, Roberts acknowledged that “vulnerability management for cloud customers has changed significantly” since the service was launched in 2015. New requirements include “the ability to deploy large-scale frictionless support, support for a wider set of resource types requiring evaluation, and a critical need to detect and correct quickly, âhe said in the post.
The major updates to Amazon Inspector announced today include continuous and automated assessment scans, replacing manual scans that only occur periodically, as well as automated asset discovery.
âThere are tens of thousands of vulnerabilities, new discoveries and made public regularly. With this ever-growing threat, manual review can cause customers to be unaware of exposure and therefore potentially vulnerable between reviews, âRoberts wrote in the post.
Using the updated Amazon Inspector will enable autodiscover and begin an ongoing assessment of a customer’s Elastic Compute Cloud (EC2) and Amazon Elastic Container Registry-based container workloads – ultimately evaluating the security posture customer “even when the underlying resources change,” he wrote. .
More feature updates
AWS also announced a number of other new features for Amazon Inspector, including additional support for container-based workloads, with the ability to assess workloads on EC2 and container infrastructure; integration with AWS Organizations, allowing customers to use Amazon Inspector across all accounts in their organization; elimination of the stand-alone Amazon Inspector analysis agent, as the evaluation analysis is now performed by the AWS Systems Manager agent (so that a separate agent does not need to be installed); and improved risk scoring and easier identification of the most critical vulnerabilities.
A âhighly contextualizedâ risk score can now be generated by correlating common vulnerability and exposure (CVE) metadata with factors such as network accessibility, Roberts said.
Meanwhile, with Amazon CodeGuru Reviewer’s new Secret Finder feature, AWS solves the problem of developers accidentally engaging secrets in source code or configuration files, including passwords, API keys, SSH keys and access tokens.
“Like many other developers facing a tight deadline, I have often taken shortcuts when managing and consuming secrets in my code, using clear text environment variables or hard-coded static secrets. during local development, then I inadvertently validated them, âwrote Alex Casalboni, Developer Advocate at AWS, in a blog post announcing updates to CodeGuru Reviewer. “Of course, I’ve always regretted it and wish there was an automated way to detect and secure these secrets in all of my repositories.”
The new ability takes advantage of machine learning to detect hard-coded secrets during a code review process, “ultimately helping you to ensure that any new code does not contain hard-coded secrets before being merged and deployed, âCasalboni wrote.
AWS re: Invent 2021 takes place today through Friday, both in person in Las Vegas and online.
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more
Become a member