Product of the Day
AWS streamlines risk assessments
A new software risk assessment tool was launched among numerous security products launched at the AWS re:Inforce conference in Boston this week
The first day of the AWS re:Inforce security conference in Boston this week saw the announcement of 10 new products and services across cloud security, privacy, and compliance.
One of the highlights was AWS Marketplace Vendor Insights, which helps streamline the complex third-party software risk assessment process by enabling sellers to make security and compliance information available through AWS Marketplace.
A unified web-based dashboard gives governance, risk, and compliance (GRC) teams access to security and compliance information, such as data privacy and residency, application security, and access control. The dashboard also provides evidence backed by AWS Config and AWS Audit Manager assessments, external audit reports (such as ISO 27001 and SOC2 Type 2), and software vendor self-assessments.
Vendor Insights serves buyers who need help to efficiently validate that third-party software meets their business compliance needs. Vendor Insights also serves sellers who want to showcase their strong security posture, while reducing the operational burden from responding to buyer requests for risk assessment information.
Using Vendor Insights can help buyers reduce assessment lead time to a few hours by allowing buyers to access the vendor’s validated security profile, saving months of effort from questionnaires and back-and-forth with vendors. Using Vendor Insights notifications also helps buyers remove the need for periodic reassessments. Vendor Insights provides ongoing visibility and alerts about the vendor’s security hygiene, such as if a compliance certification expires.
Vendor Insights is available in all public AWS Regions.
Other products showcased during keynote presentations from Amazon chief security officer Stephen Schmidt, AWS chief information security officer CJ Moses, and AWS Platform vice president Kurt Kufeld, included:
- Amazon GuardDuty Malware Protection: The service helps detect malicious files residing on an instance or container workload running on Amazon EC2 without deploying security software or agents.
- AWS Security Hub and Amazon GuardDuty Malware Protection Integration: AWS Security Hub now automatically receives Amazon GuardDuty Malware Protection findings. By consolidating malware findings alongside other security findings, customers can more easily search, triage, investigate, and take action.
- AWS Wickr: AWS announced the preview of its enterprise grade, secure collaboration product that provides end-to-end encrypted (E2EE) messaging, file transfer, screen sharing, location sharing, and voice and video conferencing capabilities—complete with administrative controls to support information governance and compliance.
- Amazon Detective supports Kubernetes: A new feature helps users analyse, investigate, and identify the root cause of security findings or suspicious control plane activity on Amazon Elastic Kubernetes Service (EKS) clusters.