Aws re: Invent: new AWS Nitro Enclaves and AWS Network Firewall security services unveiled
Source: HW Upgrade added 24th Nov 2020
AWS enhances cybersecurity with new tools to protect information in the cloud: AWS Nitro Enclaves and AWS Network Firewall. Solutions from partners McAfee and Tessian
di Alberto Falchi have also been integrated on AWS published 24 November 2020 , at 08 : 41 in the Security channel
AWS McAfee
The AWS cloud has now become a fundamental service, on which the proper functioning of many apps depends and on which the personal data of millions of individuals are stored. Security is a key issue given the amount of sensitive information it contains, and AWS and its partners are continuing to strengthen its defenses. The most recent changes are AWS Nitro Enclaves and AWS Network Firewall, as well as the integration of the CNAPP service ( Cloud Native Application Protection Platform) by McAfee and Tessian’s technology to control potentially malicious emails using machine learning algorithms.
AWS Nitro Enclave: Isolated Computing Environments for greater security
Among the security innovations presented by AWS, the one that stands out most is the introduction of Nitro Enclave , virtual machines isolated, strengthened and particularly secure, so as to guarantee greater confidentiality and control over data. These are not containers but ad hoc environments without persistent storage, administrators or operator access, and which communicate with EC2 instances through secure local channels. To ensure maximum security, they have an independent kernel and their own cryptographic keys. An approach that allows to significantly reduce the attack surface.
The Nitro Enclaves rely on the same technology as Nitro Hypervisor , which ensures CPU and RAM isolation for EC2 instances. Among the strengths of this solution we point out the cryptographic attestation , which revolves around Nitro Hypervisor and guarantees that only authorized code is running on the enclaves, and integration with AWS Key Management Service , via the which makes sure that only your own enclaves can access sensitive data.
AWS Network Firewall, a new service to protect Amazon Virtual Private Clouds
AWS Network Firewall is the latest evolutionary step of the AWS functions dedicated to the protection of services: the company had created AWS Web Application Firewall in 2015, to then present the following year AWS Shield and, in 2018, AWS Firewall Manager . The advantages of AWS Network Firewall are to be found in the flexibility of installation, in the ability to configure every aspect and to calibrate the parameters with great granularity, as well as being able to integrate with the security solutions of 14 AWS partners, including Fortinet, Trend Micro, IBM Security, Accenture, Check Point and many more . AWS Network Firewall can be configured to inspect traffic or block connections to unauthorized protocols as well as neutralize threats by relying on a detection system signature-based , i.e. relying on malware definitions.
The main benefit of AWS Network Firewall is that it automatically scales as network traffic increases, being managed by the AWS infrastructure. This means that as traffic increases, there is no need to upgrade the security infrastructure. Features include the ability to inspect VPC-to-VPC (Virtual Private Cloud) traffic, filter inbound and outbound traffic, and detailed rules setup. Everything is manageable through a centralized console, which guarantees visibility on the entire infrastructure and simplifies its management.
AWS Network Firewall can also integrate with security solutions from AWS partners, for example with third-party solutions for policy orchestration or log analysis, which may be sent to SIEM ( Security Information and Event Management).
What’s New from AWS Partners: Integrations by McAfee and Tessian
At the conference AWS Partner & Services press have also attended McAfee and Tessian , who presented the news regarding the integration of their products with AWS. McAfee, in particular, announced the integration with AWS of the MVISION Cloud Native Application Protection Platform (CNAPP) , a security architecture that combines application security; Cloud Security Posture Management , which supports IT teams in identifying incorrect configurations) and Cloud Workload Protection Platform , which protects workloads on the cloud.
Among the users of this solution is Electronic Arts, video game giant, which claims to have reduced by 90% problems of incorrect configuration, of having saved by eliminating redundant tools and having improved speed of the remediation procedures.
Integration with the products of Tessian instead, it aims to protect companies from threats delivered by e-mail. Not only does it block suspicious attachments or emails, it also improves the perception of risk and user behavior by offering contextual security “pills”. Tessian claims to have reduced clicks on phishing emails since 36 % to 4%. Data exfiltration attempts, on the other hand, dropped by 36% in three months.