AWS Previews Generative AI Tool for CloudTrail Activity Logs
Amazon Web Services (AWS) today previewed a generative artificial intelligence (AI) tool for the data lake it provides to capture, store, access and analyze AWS CloudTrail activity logs that eliminates the need to know SQL to interrogate that data.
Announced at the AWS re:Inforce conference, the goal is to make it simpler to streamline DecSecOps workflows across teams of application developers, DevOps engineers and cybersecurity professionals.
AWS CISO Chris Betz told conference attendees that good DevSecOps intentions are not good enough. Organizations need access to tools platforms that enable them to create a culture that prioritizes cybersecurity, he added.
Mitch Ashley, principal analyst for Techstrong Research, said the challenge organizations face today is that many of the gates put in place by security teams fail to work at scale. As a result, developers will work to find ways around them, he added.
Organizations need to focus their efforts on creating guardrails, rather than gates, to create a culture that developers will embrace rather than resist, noted Ashley.
In general, AWS is focusing most of its cybersecurity efforts on a new generation of cloud infrastructure that is inherently more secure.
For example, AWS today launched AWS Service Insertion, an addition to AWS Cloud WAN that provides more control over how network traffic is routed Amazon Virtual Private Clouds (VPCs), AWS Regions, on-premises locations, security appliances and other inspection services using Cloud WAN policies or the AWS management console.
AWS also added support for FIDO2 passkeys as a method for multi-factor authentication (MFA) along with an AWS Identity and Access Management (IAM) Access Analyzer tool that enables DevSecOps teams to set, verify, and refine permissions, including recommendations for remediating unused access privileges. IAM Access Analyzer also now extends custom policy checks to proactively detect nonconformant updates to policies granting public access to critical AWS resources within the context of a DevSecOps workflow.
There is also now an instance of AWS Private Certificate Authority (AWS Private CA) that supports a Simple Certificate Enrollment Protocol (SCEP) connector and a previously launched Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon S3) tool is now generally available.
Finally, AWS updated AWS Audit Manager to provide additional controls for tracking usage of generative AI frameworks such as AWS Sagemaker.
Organizations Struggle With Cloud Security
Despite cloud platforms being widely used for more than a decade, many organizations continue to struggle with cloud security. In many instances, developers with limited cybersecurity expertise continue to build and deploy applications with little supervision. AWS is clearly encouraging organizations to apply those controls in addition to taking advantage of next-generation Graviton processors based on an Arm architecture, which in addition to being faster than legacy processors have more built-in security capabilities.
Regardless of approach, it’s now only a matter of time before more stringent software supply chain regulations require organizations to revisit their approach to cloud security. The challenge and the opportunity now is finding ways to get ahead of those regulations before a looming deadline creates a crisis that creates a level of panic that could have been avoided.
