Amazon Web Services (AWS) unveiled new and improved security features during its annual AWS re:Inforce conference. Among the announcements, it also introduced tools designed to speed up backup recovery and confirmed that it had completed the process of protecting all AWS user root accounts with multi-factor authentication (MFA). This is undoubtedly an important step toward strengthening security from the ground up.
AWS has several new security features, and its latest release is aimed directly at making your cloud infrastructure more secure, easier to manage, and better prepared for increasingly complex threats.
AWS Shield (the service that protects your applications on AWS against DDoS attacks) now includes a very useful tool: a “Network Security Director” (currently in preview).
What exactly does it do? This new feature analyzes how your network is configured within AWS, how your resources are connected, and how aligned you are with security best practices. It then compares that information with real threat data and AWS recommendations to provide you with concrete steps on how to better protect your resources.
In short, it's like having an expert advisor who tells you:
“This is configured correctly,”
“You could be at risk here,”
and “Here's how to fix it, step by step.”
Ideal for detecting weak points before attackers do.
Another major improvement came with Amazon GuardDuty, which now offers much more advanced threat detection for Kubernetes environments (specifically those using Amazon EKS).
Essentially, this new feature cross-references data from multiple sources (such as audit logs, suspicious behavior during execution, malware in containers, and suspicious activity in the AWS API) to detect sophisticated attacks that might have gone unnoticed before.
For example, you can now identify whether an attacker exploited an app within a container, gained access to privileged tokens, and then used those permissions to attempt to access secrets or sensitive resources within the Kubernetes or AWS environment.
To use this feature, you need to have EKS protection or runtime monitoring enabled (or both).
The Amazon Web Services central security console has also been revamped. Now, from the new Security Hub, security teams can view all alerts and compliance status across all their AWS accounts from a single location.
What's new?
Exposure summaries, which show you potential gaps in security coverage.
Improved integration with services such as GuardDuty, AWS Cloud Security Posture Management, and others.
Better security data management, for faster decision-making with better context.
This is a significant improvement for centralizing all key security information and acting more efficiently.
AWS has also improved its Backup service, especially when it comes to recovery after an incident (such as an attack or malicious deletion).
Now, if you are using logically isolated backup vaults, you have an extra layer of protection: multi-party approval. What does this mean? It means that if someone gains unauthorized access to your root account (for example, an attacker), your backups will not be immediately available for restoration... unless that restoration is authorized by several responsible parties.
This greatly reduces the risk of loss or misuse of your backups. It is an important protection, especially in scenarios involving ransomware or unauthorized access.
Some time ago, AWS announced that it would require multi-factor authentication (MFA) to better protect root accounts. Well, it's now a reality. Starting this year, all AWS root accounts must use MFA. This includes:
The main account within AWS Organizations,
Individual accounts,
And also member accounts within an organization.
The best part: MFA is free and prevents more than 99% of password-related attacks, according to AWS. You can use different methods, such as FIDO-compatible security keys, authentication apps, etc.
In addition, AWS recommends that those who manage organizations centralize access through the main account and remove root credentials from secondary accounts for an even more robust security posture.
With all these updates, AWS continues to invest heavily in a more secure, more automated cloud that is better prepared for today's challenges. The improvements are not only designed for advanced technical teams, but also to help businesses protect themselves more easily and effectively.
Whether you manage complex infrastructures in Kubernetes or simply want to secure your backups and root account, these new features give you more control, more visibility, and more peace of mind.
Do you have questions or need help enabling these security features in your AWS environment?
Contact us. At TecnetOne, we are ready to support you, whether with security configuration or managed cloud services, so you can focus on your business while we make sure everything runs securely and at full capacity.