Security News

This week, Amazon announced AWS Nitro Enclaves, a new feature of EC2 that will allow customers to securely process highly sensitive data and protect it when it must be unencrypted at the point of use by providing an isolated environment for data processing. "With this isolation, the AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what is being processed inside of AWS Nitro Enclaves. AWS also announced the launch of AWS Certificate Manager for Nitro Enclaves, a new Enclave application that makes it easy for customers to protect and manage Secure Sockets Layer/Transport Layer Security certificates for their web servers running on Amazon EC2.".

AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing. With this isolation, the AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what is being processed inside of AWS Nitro Enclaves.

AWS Security Hub gives AWS customers a comprehensive view of security posture across all their AWS accounts. As a single place that aggregates, organizes, and prioritizes security information from multiple sources, AWS Security Hub helps identify security findings and remediate security threats.

Review: Practical Vulnerability Management: A Strategic Approach to Managing Cyber RiskAndrew Magnusson started his information security career 20 years ago and he decided to offer the knowledge he accumulated through this book, to help the reader eliminate security weaknesses and threats within their system. AWS adds new S3 security and access control featuresAmazon Web Services has made available three new S3 security and access control features.

Object Ownership is a permission that can be set when creating a new object within an S3 bucket, to enforce the transfer of new object ownership onto the bucket owner. "With the proper permissions in place, S3 already allows multiple AWS accounts to upload objects to the same bucket, with each account retaining ownership and control over the objects. This many-to-one upload model can be handy when using a bucket as a data lake or another type of data repository. Internal teams or external partners can all contribute to the creation of large-scale centralized resources," explained Jeff Barr, Chief Evangelist for AWS. But with this set up, the bucket owner doesn't have full control over the objects in the bucket and therefore cannot use bucket policies to share and manage objects.

Amazon Timestream addresses these challenges by giving customers a purpose-built, serverless time series database for collecting, storing, and processing time series data. Amazon Timestream integrates with popular data collection, visualization, and machine learning tools that customers use today, including services like AWS IoT Core, Amazon Kinesis and Amazon MSK, Amazon QuickSight, and Amazon SageMaker, as well as open source, third-party tools like Grafana and Telegraf.

Sysdig announced automated inline image scanning for AWS Fargate containers, directly in Amazon Elastic Container Registry. The first Fargate inline scanning increases visibility and reduces risk - By extending the Amazon ECR integration to listen for Fargate tasks, Sysdig triggers automated scans directly within Amazon ECR. With this unique inline scanning approach, registry credentials and image contents are not shared outside of the AWS environment.

SecureCloud addresses a daunting challenge for business, DevOps, and security leaders: rapid deployment of applications and services to customers - without sacrificing security measures or privacy protections. "We greatly benefited from Anitian's Compliance Automation Platform to migrate our application to the AWS cloud and achieve our FedRAMP authorization," said Ignacio Martinez, vice president of security, risk, and compliance for Smartsheet.

ScaleMP announced it is expanding its memory expansion product portfolio to offer vSMP MemoryONE software for a wide range of AWS EC2 instances with NVMe SSDs. Available via AWS Marketplace, vSMP MemoryONE enables customers to easily expand instance memory to higher capacities and at a much lower cost. Bare-metal instances are supported by vSMP MemoryONE v9.

Trend Micro announced that its hybrid cloud security offerings have received the AWS Outposts Ready designation, part of the Amazon Web Services Service Ready Program. Teams using Trend Micro for their hybrid cloud security benefit from a truly consistent hybrid experience that combines the agility, breadth of services, and pace of innovation of AWS with seamless security protection across an enterprise infrastructure.