CTO News Hubb
Advertisement
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact
No Result
View All Result
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact
No Result
View All Result
CTO News Hubb
No Result
View All Result
Home IT

AWS’ Inspector offers vulnerability management for Lambda serverless functions

November 30, 2022
in IT


Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie.

Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused AWS releases including the launch of Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes an organization’s security data from cloud and on-premises sources into a purpose-built data lake in its AWS account.

Inspector adds vulnerability assessment for serverless workloads

Amazon Inspector scans AWS workloads for software vulnerabilities and unintended network exposure. Its new support for AWS Lambda functions adds continual, automated vulnerability assessments for serverless compute workloads, according to AWS’ announcement. AWS Lambda runs code in response to events and automatically manages the computing resources that the code requires.

 “With this expanded capability, Amazon Inspector now automatically discovers all eligible Lambda functions and identifies software vulnerabilities in application package dependencies used in the Lambda function code,” the company said. All functions are initially assessed upon deployment to the Lambda service and continually monitored and reassessed, informed by updates to the function and newly published vulnerabilities, AWS stated.

“When vulnerabilities are identified in the Lambda function or layer, actionable security findings are generated, aggregated in the Amazon Inspector console, and pushed to AWS Security Hub and Amazon EventBridge to automate workflows,” AWS said.

Amazon Inspector also provides a contextualized vulnerability risk score by correlating vulnerability information with environmental factors such as external network accessibility to help prioritize the highest risks to address.

A list of regions where Amazon Inspector is currently is available here, and accounts can scan their environment for vulnerabilities with a free 15-day trial, AWS stated.

Macie sensitive data discovery provides visibility across S3 buckets

New automated sensitive data discovery capabilities in Amazon Macie give users visibility into where sensitive data resides across their Amazon Simple Storage Service (Amazon S3) estate, AWS wrote.

 “With this new capability, Macie automatically and intelligently samples and analyzes objects across your S3 buckets, inspecting them for sensitive data such as personally identifiable information (PII), financial data, and AWS credentials,” AWS said. “Macie then builds and continuously maintains an interactive data map of where your sensitive data in S3 resides across all accounts and regions where you’ve enabled Macie, and provides a sensitivity score for each bucket.”

Amazon Macie uses multiple automated techniques including resource clustering by attributes such as bucket name, file types, and prefixes to minimize the data scanning needed to uncover sensitive data in S3 buckets, AWS added.

 Macie offers multi-account support using AWS Organizations with 30 days of automated sensitive data discovery available at no additional charge for existing Macie accounts. For new accounts, automated sensitive data discovery is part of the 30-day Amazon Macie free trial.

AWS releases offer security benefits for businesses

The new AWS releases are likely to deliver notable security benefits for businesses, analysts say. “These announcements target key customer needs when you consider how organizations are trying to balance moving to technologies such as Lambda whilst maintaining proper security controls. The Macie announcement is also interesting as it helps to tackle data sprawl’ around cloud,” said Fernando Montenegro, a senior principal analyst at tech research company Omdia.

 The new features will help security teams apply the necessary controls —runtime protection and data security, respectively—to cloud-based workloads, equipping them to tackle securing the cloud initiatives that have become part and parcel of any digital transformation effort, he added.

Copyright © 2022 IDG Communications, Inc.



Source link

Previous Post

Progress in Workforce Culture, But Problems Persist

Next Post

Google Exposes Heliconia Exploit Framework Targeting Chrome, Firefox, Windows

Next Post

Google Exposes Heliconia Exploit Framework Targeting Chrome, Firefox, Windows

From Zero to CTO - Klaas Ardinois

Trending News

Who Will Blockchain Put out of Business?

December 26, 2022

The Hard Truth About Performance — A Guide for CTOs

December 31, 2022

R1/beta4 – Release Notes | Haiku Project

December 23, 2022

© 2022 CTO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • CTO News
  • IT
  • Technology
  • AI
  • QC
  • Robotics
  • Blockchain
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact

© 2021 JNews – Premium WordPress news & magazine theme by Jegtheme.

SUBSCRIBE TO OUR WEEKLY NEWSLETTERS