top of page

What did AWS Re: Invent bring us in terms of Security?


Re: Invent is the most anticipated event by the AWS community, not only because of the networking and relationships that are based there but also because it is time to learn first-hand what new tools or features AWS will offer us for this new cycle.

In the case of security, the announcements have contemplated various tools, let's see what they are about.

Amazon Security Lake

Allows you to centralize security events automatically from cloud, on-premises, and custom security sources across Regions, giving you the chance to optimize and manage security data for more efficient storage and query performance.

The current AWS services that provide info to compile logs activity are:

  • Amazon VPC

  • Amazon S3

  • AWS Lambda

  • Amazon Route 53

  • AWS CloudTrail

  • AWS Security Hub

Also, by intermediating Security Hub, any service that has integration with it can send info to the data lake.

The principal benefit of this data lake is that it allows you to analyze the data using your preferred analytics tools while retaining control and ownership of your security data. You can use Amazon Athena, Detective, OpenSearch or SageMaker from the AWS side, or any other 3rd party tool. This is possible because the data is normalized to an industry standard like Open Cybersecurity Schema Framework, avoiding vendor lock-in.

Amazon GuardDuty RDS Protection

It’s a threat detection for Amazon Aurora databases that allows you to identify potential threats to data stored in your Amazon Aurora databases. It uses machine learning by continuously monitoring existing and new Amazon Aurora databases in your organization.

So now, you will easily identify if your DB users are having anomalous behavior, like trying to connect from outside the organization when always connecting from inside, or if your database is facing password spraying, or suffering brute force attacks trying to discover your user's passwords.

It has a free trial and you shouldn’t have a database performance impact or require modifications to enable it.

Amazon Inspector for Lambda Functions

With this, Amazon Inspector is able to map vulnerabilities detected in software dependencies (CVE) used in AWS Lambda functions and in the underlying Lambda layers. It supports automatic exclusion for functions that haven’t been invoked during 90 days and manual exclusion based on tags. -it costs 0.30 U$S per function, per month (don’t need to pay extra per re-scan)