Amazon Web Services (AWS) this week made a bevy of updates to improve cloud security, including additional machine learning algorithms for the Amazon GuardDuty service that make it simpler to detect attack patterns.

Announced at the AWS re:Invent 2024 conference, AWS also made available an Amazon OpenSearch Service for Amazon Security Lake, a data lake the company provides to normalize all the security data an organization collects. The Amazon OpenSearch Service is based on the Open Cybersecurity Schema Framework (OCSF), originally created in 2022, that is being advanced under the auspices of The Linux Foundation as of last month.

Finally, AWS is previewing an extension to AWS Verified Access that enables organizations to apply access controls to resources such as databases and Git repositories that are not using HTTP. The overall goal is to eliminate the need to rely on insecure virtual private networks (VPNs) to access cloud resources.

Mark Terenzoni, general manager for security services at AWS, said collectively these capabilities are part of an ongoing effort to make it simpler for cybersecurity teams to not only secure cloud resources but also prioritize any remediation efforts that might be required.

The machine learning algorithms added to Amazon GuardDuty, for example, make it possible to correlate security signals in a way that makes it easier to identify attack patterns being employed by cybercriminals, including privilege discovery scan, application programming interface (API) manipulation and data exfiltration. The algorithms also rank those threats by potential severity within a natural language summary that also provides remediation recommendations, in a way any cybersecurity team member can comprehend and share with IT colleagues.

When combined with search tools that make it simpler to proactively hunt threats, the overall cloud security posture of an organization dramatically improves, noted Terenzoni.

OCSF plays a critical role in achieving that goal because it makes it simpler to use a simple search interface to help discover those issues, he added. In addition to AWS, Cisco, IBM and Splunk, multiple other providers of cybersecurity platforms now all support a schema originally developed by Broadcom. That joint effort has made it possible to more easily normalize, and then via a search tool analyze data that previously would have been stored using multiple incompatible data formats, said Terenzoni.

That approach also serves to reduce dependencies on security information event management (SIEM) and extended detection and response (XDR) platforms that increase the total cost of cybersecurity, he added.

It’s not clear at what rate the overall state of cloud security is improvising, however, as more organizations realize that different tools and practices are required to secure cloud services the easier it becomes to achieve. There may never be such a thing as perfect cloud security, but in an age of shared responsibility for cloud security the tools and platforms being made available are finally becoming a lot simpler to deploy and master. The challenge now is reducing the mean time to remediation as more issues are hopefully discovered before cybercriminals ever get a chance to exploit them.