We use cookies for our website. By continuing to browse the site, you agree to our use of cookies.

Home Blog News AWS re:Inforce 2023: Key Highlights From the Cloud Security Event

AWS re:Inforce 2023: Key Highlights From the Cloud Security Event

  • Amazon’s two-day annual cloud security conference, AWS re:Inforce 2023, wrapped up on the previous week.
  • AWS CISO and VP of security engineering, CJ Moses, and AWS’ senior principal engineer, Becky Weiss, took the stage to talk about a shared responsibility model, i.e., security of the cloud and security in the cloud, during the keynote.
  • The duo launched Amazon CodeGuru Security, Amazon Verified Access, Amazon Verified Permissions, and more at AWS re:Inforce 2023. The company also announced the AWS Cyber Insurance Partner Program and expanded on the recently announced AWS Security Lake.

Amazon’s two-day annual cloud security conference, AWS re:Inforce 2023, wrapped up on the previous week. As global enterprises and local SMBs increasingly rely on the cloud for day-to-day operations, security becomes a huge differentiator for businesses.

With this in mind, thousands of attendees descended upon the Anaheim Convention Center in Anaheim, CA, as AWS chief information security officer and VP of security engineering, CS Moses, and others took the stage to talk about a shared responsibility model during the keynote.

AWS’ senior principal engineer, Becky Weiss, explained that the shared responsibility model by the company is designed not only to enable security of the cloud but also in the cloud. Essentially, AWS, the largest cloud provider occupying approximately 32% of the market share, wants to enhance its position by providing a cloud foundation and tools and services to secure it.

“The one question that customers regularly asked me was, ‘What is your responsibility, and what is ours?’” Moses said during the keynote. “From that very basic question, we created a guiding principle, the Security Shared Responsibility Model.”

“90% of the service and features we build come from your requests,” Moses continued. Let us see what some of these new services are.

AWS re:Inforce 2023 Key Highlights

1. Amazon Security Lake

Introduced last month, Amazon Security Lake is AWS’ effort to usher in the centralization of data, identity and access management, and its overall security. The service automates the centralization of cybersecurity data from 80 internal and third-party sources, thereby eliminating the need for manual processes.

Amazon Security Lake is generally available from May 31, 2023. Jane Wong, SVP of Product Management at SentinelOne, said at the time that Amazon Security Lake streamlines processes which “greatly reduces complexity and enhances efficiency in threat investigations, enabling a unified data source that automatically correlates events, empowering automated correlations of events to reconstruction threats from inception to resolution.”

“Traditional threat hunting and investigations are often challenging and time-consuming. The diverse telemetry and log events required for analysis are scattered across various sources, formats, and tools, creating silos that hinder efficiency and effectiveness,” she noted.

AWS leverages Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation for the security data lake to centrally aggregate, manage, and derive value from security-related logs and event data.

2. Use of generative AI in cybersecurity

While threat actors get creative with generative AI tools to automate the creation of tailor-made attack campaigns, white hats can do the same to ward off cyberattacks, according to Moses. This is why AWS is investing in generative AI to prepare for what lies ahead, calling its potential to be “indispensable” to cybersecurity pros.

Moses pointed out that generative AI and large language models can be used to create “threat-hunting queries, summarize the event data from an attack, write a remediation code for vulnerabilities, and write penetration test scripts to automate the creation of YARA rules for malware detection.”

Amazon currently offers Amazon Bedrock to build and fine-tune generative AI foundation models for cybersecurity applications.

3. Amazon CodeGuru Security

AWS previewed its static application testing application, Amazon CodeGuru Security, on Day 1 of AWS re:Inforce 2023. The new offering leverages machine learning to automatically detect security vulnerabilities and policy discrepancies in integrated development environments and the continuous integration/continuous delivery (CI/CD) pipelines, code registries, and repositories.

This AI-driven service also detects log injection, hardcoded credentials, and resource leaks across said development stages in several languages such as Python, Java, and JavaScript. It supports integrations with GitHub, GitLab, Bitbucket, AWS CLI, Visual Studio Code and IntelliJ IDEA, Amazon SageMaker Studio, JupyterLab, Amazon Inspector, AWS CodePipeline, and Amazon CodeWhisperer for security scans.

Amazon CodeGuru Security could directly compete with third-party tools on the AWS platform, such as Checkmarx, Fortify, Snyk, and ShiftLeft CORE. AWS’ cloud competitor 15 miles east, Microsoft, can also see Amazon CodeGuru Security clubbed with Amazon CodeWhisperer as an answer to its GitHub Copilot.

4. Amazon Verified Access for zero-trust

Weiss revealed to audiences that AWS IAM handles over one billion API requests per second globally. “In a zero-trust architecture, it’s not just a network perimeter evaluated once upon entry. Rather, it’s a combination of identity, network, device, and other increasingly sophisticated factors that get evaluated ideally on each and every axis,” Weiss said.

AWS launched Amazon Verified Access, a zero-trust network access service for client workloads and application access by a distributed workforce to ease the validation of application requests in real-time.

Amazon Verified Access integrates with the AWS IAM center as well as third-party OpenID Connect (OIDC) identity providers. Weiss added that it eliminates the need for virtual private networks (VPN).

The introduction of Amazon Verified Access is partnered with the new Amazon Verified Permission, a fine-grained permissions management and authorization service for role- and attribute-based access control to applications. Amazon Verified Permissions leverages the purpose-built and open-source policy language and evaluation engine Cedar.

5. AWS Cyber Insurance Partner Program

AWS is foraying into cyber insurance by announcing a partner program to enable its customers to choose the appropriate cybersecurity insurance according to their needs. The AWS Cyber Insurance Partner Program is touted as something that will simplify the operational elements and know-how of how insurance is bought.

AWS said customers can get insured in two days or less after getting a security posture report from the platform. The program encompasses individual insurers, brokers, and dealers, who do not necessarily have to get validated to join.


To learn more about the AWS solution, please contact Wise IT specialists through the feedback form on the website, at +38 (044) 277-23-23, or send us an email at info@wiseit.com.ua. Wise IT is an official partner of AWS in Ukraine!