fbpx

Posted on by admin

AWS re:Invent 2023: Security, identity, and compliance recap

In this post, we share the key announcements related to security, identity, and compliance at AWS re:Invent 2023, and offer details on how you can learn more through on-demand video of sessions and relevant blog posts. AWS re:Invent returned to Las Vegas in November 2023. The conference featured over 2,250 sessions and hands-on labs, with over 52,000 attendees over five days. If you couldn’t join us in person or want to revisit the security, identity, and compliance announcements and on-demand sessions, this post is for you.

   <p><img src="https://infracom.com.sg/wp-content/uploads/2024/01/main-2288.png" alt width="780" class="aligncenter size-full wp-image-33180"></p> 
   <p>At re:Invent 2023, and throughout the AWS security service announcements, there are key themes that underscore the security challenges that we help customers address through the sharing of knowledge and continuous development in our native security services. The key themes include helping you architect for zero trust, scalable identity and access management, early integration of security in the development cycle, container security enhancement, and using generative artificial intelligence (AI) to help improve security services and mean time to remediation.</p> 
   <h2>Key announcements</h2> 
   <p>To help you more efficiently manage identity and access at scale, we introduced several new features:</p> 
   <ul> 
    <li>A week before re:Invent, we announced two new features of <a href="https://aws.amazon.com/verified-permissions/" target="_blank" rel="noopener">Amazon Verified Permissions</a>: 
     <ul> 
      <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-verified-permissions-supports-batch-authorization/" target="_blank" rel="noopener">Batch authorization</a> — Batch authorization is a new way for you to process authorization decisions within your application. Using this new API, you can process 30 authorization decisions for a single principal or resource in a single API call. This can help you optimize multiple requests in your user experience (UX) permissions.</li> 
      <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-verified-permissions-enhanced-visual-mode-schema-editing/" target="_blank" rel="noopener">Visual schema editor</a> — This new visual schema editor offers an alternative to editing policies directly in the JSON editor. View relationships between entity types, manage principals and resources visually, and review the actions that apply to principal and resources types for your application schema.</li> 
     </ul> </li> 
    <li>We launched two new features for <a href="https://aws.amazon.com/blogs/aws/iam-access-analyzer-updates-find-unused-access-check-policies-before-deployment/" target="_blank" rel="noopener">AWS Identity and Access Management (IAM) Access Analyzer</a>: 
     <ul> 
      <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/iam-access-analyzer-inspecting-unused-access/" target="_blank" rel="noopener">Unused access</a> — The new analyzer continuously monitors IAM roles and users in your organization in <a href="https://aws.amazon.com/organizations/" target="_blank" rel="noopener">AWS Organizations</a> or within AWS accounts, identifying unused permissions, access keys, and passwords. Using this new capability, you can benefit from a dashboard to help prioritize which accounts need attention based on the volume of excessive permissions and unused access findings. You can set up automated notification workflows by integrating IAM Access Analyzer with <a href="https://aws.amazon.com/pm/eventbridge/" target="_blank" rel="noopener">Amazon EventBridge</a>. In addition, you can aggregate these new findings about unused access with your existing <a href="https://aws.amazon.com/security-hub/" target="_blank" rel="noopener">AWS Security Hub</a> findings.</li> 
      <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/iam-access-analyzer-custom-policy-check/" target="_blank" rel="noopener">Custom policy checks</a> — This feature helps you validate that IAM policies adhere to your security standards ahead of deployments. Custom policy checks use the power of automated reasoning—security assurance backed by mathematical proof—to empower security teams to detect non-conformant updates to policies proactively. You can move AWS applications from development to production more quickly by automating policy reviews within your continuous integration and continuous delivery (CI/CD) pipelines. Security teams automate policy reviews before deployments by collaborating with developers to configure custom policy checks within <a href="https://aws.amazon.com/codepipeline/" target="_blank" rel="noopener">AWS CodePipeline</a> pipelines, <a href="https://aws.amazon.com/cloudformation/" target="_blank" rel="noopener">AWS CloudFormation</a> hooks, GitHub Actions, and Jenkins jobs.</li> 
     </ul> </li> 
    <li>We announced <a href="https://aws.amazon.com/about-aws/whats-new/2023/11/aws-analytics-users-data-access-iam-identity-center/" target="_blank" rel="noopener">AWS IAM Identity Center trusted identity propagation</a> to manage and audit access to AWS Analytics services, including <a href="https://aws.amazon.com/quicksight/" target="_blank" rel="noopener">Amazon QuickSight</a>, <a href="https://aws.amazon.com/pm/redshift/" target="_blank" rel="noopener">Amazon Redshift</a>, <a href="https://aws.amazon.com/emr/" target="_blank" rel="noopener">Amazon EMR</a>, <a href="https://aws.amazon.com/lake-formation/" target="_blank" rel="noopener">AWS Lake Formation</a>, and <a href="https://aws.amazon.com/s3/" target="_blank" rel="noopener">Amazon Simple Storage Service (Amazon S3)</a> through S3 Access Grants. This feature of IAM Identity Center simplifies data access management for users, enhances auditing granularity, and improves the sign-in experience for analytics users across multiple AWS analytics applications.</li> 
   </ul> 
   <p>To help you improve your security outcomes with generative AI and automated reasoning, we introduced the following new features:</p> 
   <ul> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-inspector-aws-lambda-code-scanning/" target="_blank" rel="noopener">Amazon Inspector expands AWS Lambda code scanning with generative AI-powered remediation</a> — Now you can assess your custom proprietary <a href="https://aws.amazon.com/lambda/" target="_blank" rel="noopener">AWS Lambda</a> code for security issues such as injection flaws and data leaks. This update provides you with actionable security findings, including affected code snippets and remediation suggestions, simplifying updates to vulnerable code.</li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-codewhisperer-new-enhancements/" target="_blank" rel="noopener">Amazon CodeWhisperer provides code suggestions to help remediate identified security and code quality issues tailored to your application code</a>. You can use this new capability to help review and accept fixes quickly with confidence. Security scanning is available for Java, Python, and JavaScript, and is now also available for TypeScript, C#, CloudFormation (YAML, JSON), AWS CDK (TypeScript, Python), and HashiCorp Terraform. </li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-detective-group-summaries-generative-ai/" target="_blank" rel="noopener">Amazon Detective introduces finding group summaries using generative AI</a> — With <a href="https://aws.amazon.com/detective/" target="_blank" rel="noopener">Amazon Detective</a> finding group summaries, you can more quickly locate and review key insights on suspicious activity identified in finding groups in natural language. This makes it simpler to investigate and understand unusual or suspicious activities.</li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/aws-config-generative-ai-powered-natural-language-querying-preview/" target="_blank" rel="noopener">AWS Config launches generative AI-powered natural language querying (Preview)</a> — With this feature, you can simplify your investigation and search of AWS resource configurations and compliance metadata.</li> 
   </ul> 
   <p><a href="https://aws.amazon.com/controltower/" target="_blank" rel="noopener">AWS Control Tower</a> launched a set of <a href="https://aws.amazon.com/blogs/aws/aws-control-tower-helps-customers-meet-digital-sovereignty-requirements/" target="_blank" rel="noopener">65 purpose-built controls</a> designed to help you meet your digital sovereignty needs. In November 2022, we launched <a href="https://aws.amazon.com/blogs/security/aws-digital-sovereignty-pledge-control-without-compromise/" target="_blank" rel="noopener">AWS Digital Sovereignty Pledge</a>, our commitment to offering all AWS customers the most advanced set of sovereignty controls and features available in the cloud. Introducing AWS Control Tower controls that support digital sovereignty is an additional step in our roadmap of capabilities for data residency, granular access restriction, encryption, and resilience. AWS Control Tower offers you a consolidated view of the controls enabled, your compliance status, and controls evidence across multiple accounts.</p> 
   <p>We announced two new feature expansions for <a href="https://aws.amazon.com/guardduty/" target="_blank" rel="noopener">Amazon GuardDuty</a> to provide the broadest threat detection coverage:</p> 

   <p>We launched two new capabilities for <a href="https://aws.amazon.com/inspector/" target="_blank" rel="noopener">Amazon Inspector</a> in addition to <a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-inspector-aws-lambda-code-scanning/" target="_blank" rel="noopener">Amazon Inspector code remediation for Lambda function</a> to help you detect software vulnerabilities at scale:</p> 

   <p>We introduced four new capabilities in <a href="https://aws.amazon.com/security-hub/" target="_blank" rel="noopener">AWS Security Hub</a> to help you address security gaps across your organization and enhance the user experience for security teams, providing increased visibility:</p> 
   <ul> 
    <li><a href="https://aws.amazon.com/blogs/security/introducing-new-central-configuration-capabilities-in-aws-security-hub/" target="_blank" rel="noopener">Central configuration</a> — Streamline and simplify how you set up and administer Security Hub in your multi-account, multi-Region organizations. With central configuration, you can use the delegated administrator account as a single pane of glass for your security findings—and also for your organization’s configurations in Security Hub.</li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/customize-security-controls-aws-security-hub/" target="_blank" rel="noopener">Customize security controls</a> — You can now refine the best practices monitored by Security Hub controls to meet more specific security requirements. There is support for customer-specific inputs in Security Hub controls, so you can customize your security posture monitoring on AWS.</li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/new-finding-enrichment-aws-security-hub/" target="_blank" rel="noopener">Metadata enrichment for findings</a> — This enrichment adds resource tags, a new AWS application tag, and account name information to every finding ingested into Security Hub. This includes findings from AWS security services such as GuardDuty, Amazon Inspector, and IAM Access Analyzer, in addition to a large and growing list of <a href="https://aws.amazon.com/partners/" target="_blank" rel="noopener">AWS Partner Network (APN)</a> solutions. Using this enhancement, you can better contextualize, prioritize, and act on your security findings.</li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/dashboard-enhancements-aws-security-hub/" target="_blank" rel="noopener">Dashboard enhancements</a> — You can now filter and customize your dashboard views, and access a new set of widgets that we carefully chose to help reflect the modern cloud security threat landscape and relate to potential threats and vulnerabilities in your AWS cloud environment. This improvement makes it simpler for you to focus on risks that require your attention, providing a more comprehensive view of your cloud security.</li> 
   </ul> 
   <p>We added three new capabilities for <a href="https://aws.amazon.com/detective/" target="_blank" rel="noopener">Amazon Detective</a> in addition to <a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-detective-group-summaries-generative-ai/" target="_blank" rel="noopener">Amazon Detective finding group summaries</a> to simplify the security investigation process:</p> 

   <p>We introduced <a href="https://aws.amazon.com/about-aws/whats-new/2023/11/aws-secrets-manager-batch-retrieval-secrets/" target="_blank" rel="noopener">AWS Secrets Manager batch retrieval of secrets</a> to identify and retrieve a group of secrets for your application at once with a single API call. The new API, BatchGetSecretValue, provides greater simplicity for common developer workflows, especially when you need to incorporate multiple secrets into your application.</p> 
   <p>We worked closely with AWS Partners to create offerings that make it simpler for you to protect your cloud workloads: </p> 
   <ul> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/aws-built-in-competency-partner-software-automates-installation/" target="_blank" rel="noopener">AWS Built-in Competency</a> — AWS Built-in Competency Partner solutions help minimize the time it takes for you to figure out the best AWS services to adopt, regardless of use case or category.</li> 
    <li><a href="https://aws.amazon.com/about-aws/whats-new/2023/11/aws-cyber-insurance-competency-partner-quote/" target="_blank" rel="noopener">AWS Cyber Insurance Competency</a> — AWS has worked with leading <a href="https://aws.amazon.com/partners/cyber-insurance-partner-solutions/" target="_blank" rel="noopener">cyber insurance partners</a> to help simplify the process of obtaining cyber insurance. This makes it simpler for you to find affordable insurance policies from AWS Partners that integrate their security posture assessment through a user-friendly customer experience with Security Hub.</li> 
   </ul> 
   <h2>Experience content on demand</h2> 
   <p>If you weren’t able to join in person or you want to watch a session again, you can see the many sessions that are available <a href="https://reinvent.awsevents.com/on-demand/?trk=direct" target="_blank" rel="noopener">on demand</a>.</p> 
   <h3>Keynotes, innovation talks, and leadership sessions</h3> 
   <p>Catch the <a href="https://www.youtube.com/watch?v=PMfn9_nTDbM" target="_blank" rel="noopener">AWS re:Invent 2023 keynote</a> where AWS chief executive officer Adam Selipsky shares his perspective on cloud transformation and provides an exclusive first look at AWS innovations in generative AI, machine learning, data, and infrastructure advancements. You can also<a href="https://www.youtube.com/playlist?list=PL2yQDdvlhXf_yTJdRlfK7K1ARdhYHhUvR" target="_blank" rel="noopener"> replay the other AWS re:Invent 2023 keynotes.</a></p> 
   <p>The security landscape is evolving as organizations adapt and embrace new technologies. In this talk, discover the AWS vision for security that drives business agility. Stream the <a href="https://www.youtube.com/watch?v=T-LwDlZbbU4" target="_blank" rel="noopener">innovation talk</a> from Amazon chief security officer, Steve Schmidt, and AWS chief information security officer, Chris Betz, to learn their insights on key topics such as <a href="https://aws.amazon.com/security/zero-trust/" target="_blank" rel="noopener">Zero Trust</a>, builder security experience, and generative AI.</p> 
   <p>At AWS, we work closely with customers to understand their requirements for their critical workloads. Our work with the <a href="http://www.tech.gov.sg" target="_blank" rel="noopener">Singapore Government’s Smart Nation and Digital Government Group (SNDGG)</a> to build a Smart Nation for their citizens and businesses illustrates this approach. Watch the <a href="https://www.youtube.com/watch?v=nU4HkNmpG8w" target="_blank" rel="noopener">leadership session</a> with Max Peterson, vice president of Sovereign Cloud at AWS, and Chan Cheow Hoe, government chief digital technology officer of Singapore, as they share how AWS is helping Singapore advance on its cloud journey to build a Smart Nation.</p> 
   <h3>Breakout sessions and new launch talks</h3> 
   <p>Stream<a href="https://www.youtube.com/watch?v=sopvoguWHOg&list=PL2yQDdvlhXf-901GvlqhZJ3pIQtw6aeZq&index=14" target="_blank" rel="noopener"> breakout sessions and new launch talks on demand</a> to learn about the following topics:</p> 
   <ul> 
    <li>Discover how AWS, customers, and partners work together to raise their security posture with AWS infrastructure and services.</li> 
    <li>Learn about trends in identity and access management, detection and response, network and infrastructure security, data protection and privacy, and governance, risk, and compliance.</li> 
    <li>Dive into our launches! Learn about the latest announcements from security experts, and uncover how new services and solutions can help you meet core security and compliance requirements.</li> 
   </ul> 
   <p>Consider joining us for more in-person security learning opportunities by saving the date for <a href="https://reinforce.awsevents.com/" target="_blank" rel="noopener">AWS re:Inforce 2024,</a> which will occur June 10-12 in Philadelphia, Pennsylvania. We look forward to seeing you there!</p> 
   <p>If you’d like to discuss how these new announcements can help your organization improve its security posture, AWS is here to help. <a href="https://aws.amazon.com/compliance/contact/" target="_blank" rel="noopener">Contact</a> your AWS account team today.</p> 
   <p>If you have feedback about this post, submit comments in the <strong>Comments</strong> section below. If you have questions about this post, <a href="https://console.aws.amazon.com/support/home" target="_blank" rel="noopener">contact AWS Support</a>.</p> 
   <p><strong>Want more AWS Security news? Follow us on <a title="Twitter" href="https://twitter.com/AWSsecurityinfo" target="_blank" rel="noopener noreferrer">Twitter</a>.</strong></p> 

   <!-- '"` -->