AWS enhances Cloud Vulnerability Management
AWS announced several new features for improving and automating the management of vulnerabilities on its platform, in response to evolving security requirements in the cloud.
Newly added capabilities for the Amazon Inspector service will meet the “critical need to detect and remediate at speed” in order to secure cloud workloads.
The next one is AWS unveiled a new secrets detector feature for its Amazon CodeGuru Reviewer tool, aimed at automatically detecting secrets such as passwords and API keys that were inadvertently committed in source code.
Key updates for Amazon Inspector includes assessment scans that are continual and automated taking the place of manual scans that occur only periodically along with automated resource discovery.
Using the updated Amazon Inspector will enable auto discovery and begin a continual assessment of a customer’s Elastic Compute Cloud (EC2) and Amazon Elastic Container Registry-based container workloads ultimately evaluating the customer’s security posture even as the underlying resources change.
AWS also announced a number of other new features for Amazon Inspector, including additional support for container-based workloads, with the ability to assess workloads on both EC2 and container infrastructure; integration with AWS Organizations, enabling customers to use Amazon Inspector across all of their organization’s accounts; elimination of the standalone Amazon Inspector scanning agent, with assessment scanning now performed by the AWS Systems Manager agent; and enhanced risk scoring and easier identification of the most critical vulnerabilities.
The new secrets detector feature in Amazon CodeGuru Reviewer, AWS addresses the issue of developers accidentally committing secrets to source code or configuration files, including passwords, API keys, SSH keys, and access tokens.
The new capability leverages machine learning to detect hardcoded secrets during a code review process, ultimately helping you to ensure that all new code doesn’t contain hardcoded secrets before being merged and deployed.