Amazon Web Services (AWS) added a bevy of additional cybersecurity tools and services to its portfolio that collectively make securing its cloud computing platform simpler.
Announced at the AWS re:Inforce 2025 conference, the additions include a preview of a revamped AWS Security Hub that now identifies which vulnerabilities from a threat perspective are potentially the most lethal.
Additionally, AWS previewed an update to the AWS Shield service that adds an ability to visually identify via a dashboard network security configuration mistakes and weaknesses, along with integrations with Amazon Q artificial intelligence (AI) agents to provide remediation guidance.
AWS has also extended the AWS Network Firewall to make it possible to automatically apply new rules to block suspicious traffic, such as command-and-control (C2) communication, embedded URLs, and malicious domains, discovered by AWS and made generally available an update to its console for configuring its web application firewall (WAF) now in three simple steps.
Fernando Montenegro, vice president and practice lead for cybersecurity at The Futurum Group, said the updates to the AWS Security Hub and other enhancements are yet another example of how undifferentiated heavy lifting pertaining to cloud security operations can actually be eliminated. AWS is bringing together threat information and exposure information from various sources with prioritization insights in a way security operations teams are going to appreciate, he added.
AWS has also expanded the capabilities of Amazon GuardDuty Extended Threat Detection (XTD) to now include support for container-based applications running on Amazon Elastic Kubernetes Service (EKS).
At the same time, AWS also revealed it is now requiring multifactor authentication (MFA) for root-level access across all account types and that is making available an access analyzer tool within the AWS Identity Access Management (IAM) service to make it easier to verify which roles and users have access to specific AWS resources. AWS is also now making backups available when AWS accounts are unavailable using a multi-party verification capability.
AWS also announced that the public SSL/TLS certificates generated by the AWS Certificate Manager (ACM) service can now be exported to any on-premises IT environment. AWS has also revamped the console for Amazon CloudFront, its content delivery network (CDN), to automatically provision and manage DNS records using Amazon Route 53 and TLS certificates using ACM.
Finally, AWS has made Amazon Inspector, a tool for identifying code vulnerabilities, generally available, in addition to making available a software package for implementing authorizations in JavaScript code under an open source license.
Robert Kennedy, vice president of network services for AWS, said that despite long-standing perceptions, these and other investments in security should make it apparent that the AWS cloud is generally more secure than the average on-premises IT environment. In fact, most organizations would be generally more secure if they simply relied on the automated networking and security management capabilities provided by AWS versus continuing to configure and manage those services themselves in an era where threats are more dynamic in terms of their ability to evade cybersecurity defenses, he added. IT organizations that rely on manual processes to respond to threats are not going to be able to respond fast enough to prevent breaches, noted Kennedy.
That level of automation is also why, to this day, Amazon has never invested in building its own network operations center (NOC), he added.
It’s not clear what impact security concerns are having on where workloads are deployed, but the one clear thing is that the nature of the contest between defenders and a wide range of adversaries has fundamentally changed.
