Amazon Web Services Inc. is branching out further into multicloud security with the launch of new capabilities that extend its protections to Microsoft Corp.’s Azure cloud platform.
The new features were announced today alongside a host of artificial intelligence-focused updates to AWS Security Hub, as the company strives to transform it into a comprehensive, full-stack control plane that spans fragmented cloud infrastructures.
In addition to extending its security management to Microsoft Azure, the company introduced new Amazon GuardDuty AI Protection tools aimed at bolstering the security of intelligent applications, and a new inventory system that gives organizations full visibility into all of their AI assets.
The updates were unveiled by AWS Director of Security Service Michael Fuller, who said that the company is witnessing a fundamental shift in where enterprise security is headed. He explained that traditional security tools are designed to aggregate data into a single dashboard. But as faster and more sophisticated cyberattack techniques emerge, he believes that simply gathering all of this data is no longer enough.
“Collecting findings was never the hard part,” Fuller wrote. “The hard part is understanding them, connecting them and acting before an attacker does, and doing it at the speed attacks now move. The programs that win from here will be the ones that see across their whole estate and respond fast, not the ones with the most dashboards.”
That explains why AWS Security Hub is being expanded to Microsoft Azure. The new multicloud security management capabilities for Azure are being made generally available to all AWS customers from today, and enable Security Hub to natively discover and monitor Azure resources such as virtual machines, containers, function applications and user identities.
Fuller explained that the service will evaluate these assets for threats such as misconfigurations, software vulnerabilities and internet exposure, based on posture checks aligned with the CIS Azure Foundations Benchmark. All of the findings it generates will be displayed in the same format as the alerts for AWS-based assets, he said.
“Azure findings are prioritized next to your AWS findings using the same finding format, automation, and response workflows, so your team works from one understanding of risk instead of reconciling several,” Fuller wrote.
Meanwhile, the new GuardDuty AI protections are designed to safeguard against a trend Fuller called “cost harvesting,” which is where bad actors steal user’s credentials to run expensive foundation models at the victim’s expense. The new protections, also generally available today, with a 30-day free trial, work by analyzing CloudTrail data events to look for anomalous model invocations in Amazon Bedrock and Amazon SageMaker that could signal cost harvesting attacks are underway, so defenders can shut them down.
“Cost harvesting is accelerating,” Fuller said. “When credentials are compromised, attackers increasingly use them to invoke foundation models. Inference is expensive, demand is high, and stolen access converts straight to value without deploying any infrastructure.”
AWS GuardDuty gets a second new capability with AI-powered investigations, which are designed to overcome the problem of alert fatigue that’s becoming increasingly common among security teams. Available in preview now, it works by using AI agents to automate security investigations, analyze the context of their findings and identify those alerts that signify genuine threats. “Each investigation returns a disposition assessment with confidence scoring, MITRE ATT&CK classification, supporting evidence, and clear recommendations to suppress, contain or remediate,” Fuller said. “Your team focuses on genuine threats, whether across a single account or an entire AWS Organization, and mean time to resolution drops.”
Elsewhere, the new Security Hub AI Inventory promises to be an extremely useful addition. Enterprises cannot secure assets if they don’t even know they exist, which is why the inventory sets out to automatically discover them, tracking managed services such as Bedrock and SageMaker via the AWS Config tool.
It can also identify self-hosted and external third-party models running on Amazon EC2, ECS and EKS through runtime analysis and map them directly to the underlying infrastructure, Fuller said. This too is generally available starting today, at no extra cost.
Last but not least, AWS said it’s expanding its Security Hub Extended ecosystem to encompass 21 curated partner systems. It leverages the Open Cybersecurity Framework to build an integration layer that allows third-party tools from companies such as Zscaler Inc., Splunk and CrowdStrike Holdings Inc. to share security data and map live attack paths in real-time.
According to Fuller, the updates reflect a new philosophy around cloud security that emphasizes operational unity for multicloud environments. It makes total sense given that most enterprises use multiple cloud providers these days.
“You didn’t procure AI protection as a separate product, and you won’t stand up separate operations for Azure,” he said. “You add them to the Security Hub you already run, and they show up in your prioritized view of risk…. That’s the differentiated future we’re investing in, and we’re doing it in the open, guided by what customers ask for next.”
Photo: AWS
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
