AWS is expanding the protection scope of Security Hub to include Microsoft Azure as it grows its multi-cloud security business, SiliconANGLE reported on July 14 local time.
AWS also added new AI-related functions to Security Hub. It is seeking to establish it as a comprehensive control platform spanning multiple cloud infrastructures.
Beyond the Azure expansion, AWS also introduced GuardDuty AI Protection to strengthen intelligent application security and an inventory system that identifies AI assets within an organisation.
Eic Fuller's (이클 풀러) director of AWS security services said corporate security workflows are changing fundamentally. "Collecting outputs was never the hard part," he said. "The hard part is understanding and connecting them to respond ahead of attackers, at the speed of attacks happening now."
The company said the Azure expansion lets AWS customers natively detect and monitor Azure resources including virtual machines, containers, function apps and user identities. It assesses threats such as configuration errors, software vulnerabilities and internet exposure against the CIS Azure Foundations Benchmark. Findings are displayed in the same format as AWS alerts so teams can work from a single understanding of risk, Fuller said.
The new GuardDuty AI protection function helps prevent attackers from stealing victim credentials and running expensive foundation models in their place, known as "cost mining". "If credentials are stolen, attackers use them for model calls," Fuller said. "Inference costs are expensive and demand is high, so stolen access turns into value immediately without separate infrastructure."
GuardDuty also supports AI-based investigation. The preview function automates security investigations with AI agents and analyses the context of findings to identify real threats. Each investigation provides an adjudication result that includes a confidence score, a MITRE ATT&CK classification, supporting evidence and response recommendations.
Security Hub AI Inventory identifies and maps to infrastructure, through runtime analysis, managed services as well as self-hosted and third-party models on EC2, ECS and EKS.
AWS is also expanding the Security Hub Extended ecosystem to 21 partners. Through the Open Cybersecurity Framework, it supports third-party tools such as Zscaler, Splunk and CrowdStrike in sharing security data and mapping real-time attack paths.