AWS Shield Advanced Update – Automatic Application Layer DDoS Mitigation

In 2016, we launched AWS Shield, a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency without needing to contact AWS Support. There are two tiers of AWS Shield: Standard and Advanced. All AWS customers Read more about AWS Shield Advanced Update – Automatic Application Layer DDoS Mitigation[…]

Monitor, Evaluate, and Demonstrate Backup Compliance with AWS Backup Audit Manager

Today, I’m happy to announce the availability of AWS Backup Audit Manager, a new feature of AWS Backup that helps you monitor and evaluate the compliance status of your backups to meet business and regulatory requirements, and enables you to generate reports that help demonstrate compliance to auditors and regulators. AWS Backup is a fully Read more about Monitor, Evaluate, and Demonstrate Backup Compliance with AWS Backup Audit Manager[…]

Multi-Cloud and Hybrid Threat Protection with Sumo Logic Cloud SIEM Powered by AWS

IT security teams need to have a real-time understanding of what’s happening with their infrastructure and applications. They need to be able to find and correlate data in this continuous flood of information to identify unexpected behaviors or patterns that can lead to a security breach. To simplify and automate this process, many solutions have Read more about Multi-Cloud and Hybrid Threat Protection with Sumo Logic Cloud SIEM Powered by AWS[…]

Happy 10th Birthday – AWS Identity and Access Management

Amazon S3 turned 15 earlier this year, and Amazon EC2 will do the same in a couple of months. Today we are celebrating the tenth birthday of AWS Identity and Access Management (IAM). The First Decade Let’s take a walk through the last decade and revisit some of the most significant IAM launches: May 2011 Read more about Happy 10th Birthday – AWS Identity and Access Management[…]

New – Attribute-Based Access Control with AWS Single Sign-On

Starting today, you can pass user attributes in the AWS session when your workforce sign-in into the cloud using AWS Single Sign-On. This gives you the centralized account access management of AWS Single Sign-On and ABAC, with the flexibility to use AWS SSO, Active Directory, or an external identity provider as your identity source. To Read more about New – Attribute-Based Access Control with AWS Single Sign-On[…]

AWS Network Firewall – New Managed Firewall Service in VPC

Our customers want to have a high availability, scalable firewall service to protect their virtual networks in the cloud. Security is the number one priority of AWS, which has provided various firewall capabilities on AWS that address specific security needs, like Security Groups to protect Amazon Elastic Compute Cloud (EC2) instances, Network ACLs to protect Read more about AWS Network Firewall – New Managed Firewall Service in VPC[…]

New – Using Amazon GuardDuty to Protect Your S3 Buckets

As we anticipated in this post, the anomaly and threat detection for Amazon Simple Storage Service (S3) activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your Read more about New – Using Amazon GuardDuty to Protect Your S3 Buckets[…]

Single Sign-On between Okta Universal Directory and AWS

Enterprises adopting the AWS Cloud want to effectively manage identities. Having one central place to manage identities makes it easier to enforce policies, to manage access permissions, and to reduce the overhead by removing the need to duplicate users and user permissions across multiple identity silos. Having a unique identity also simplifies access for all Read more about Single Sign-On between Okta Universal Directory and AWS[…]

New – Enhanced Amazon Macie Now Available with Substantially Reduced Pricing

Amazon Macie is a fully managed service that helps you discover and protect your sensitive data, using machine learning to automatically spot and classify data for you. Over time, Macie customers told us what they like, and what they didn’t. The service team has worked hard to address this feedback, and today I am very happy Read more about New – Enhanced Amazon Macie Now Available with Substantially Reduced Pricing[…]

Amazon Detective – Rapid Security Investigation and Analysis

Almost five years ago, I blogged about a solution that automatically analyzes AWS CloudTrail data to generate alerts upon sensitive API usage. It was a simple and basic solution for security analysis and automation. But demanding AWS customers have multiple AWS accounts, collect data from multiple sources, and simple searches based on regular expressions are Read more about Amazon Detective – Rapid Security Investigation and Analysis[…]