1. New AWS Security Incident Response

Official post

Highlights

• Service for security incident orchestration and response.
• Automated triage and communication coordination between teams.
• Built-in guides and best practices for fast recovery.

This new service aims to reduce incident response time by providing a consistent workflow for security teams and stakeholders, while enabling greater collaboration between specialists during an event.

---

2. Introducing Amazon GuardDuty Extended Threat Detection

Official post

Highlights

• New AI/ML capabilities to identify complex attack sequences.
• Signal correlation over time, detecting behavioral patterns that may indicate advanced threats.
• Expanded coverage for workloads, applications, and data.

With this GuardDuty extension, it becomes easier to identify attacks that unfold in multiple stages, providing additional visibility into suspicious activities that would have previously gone unnoticed.

---

3. Simplify Governance with Declarative Policies

Official post

Highlights

• Policy definition in declarative format, reducing the complexity of manual configuration.
• Automatic enforcement of desired configurations across the entire organization.
• Greater transparency for administrators and end users.

Adopting declarative policies allows you to define the "desired state" for cloud resources, and AWS takes care of ensuring compliance — reducing rework and misconfiguration risks.

---

4. AWS Verified Access Now Supports Non-HTTP(S) Protocols (Preview)

Official post

Highlights

• Expanded scope of access verification, covering protocols beyond HTTP and HTTPS.
• More flexibility for secure access to a wider range of internal services.
• Support for Zero Trust architectures, removing dependency on traditional VPNs.

With this update, AWS Verified Access enables more granular control over who and what can access internal resources, even when using protocols such as SSH, RDP, FTP, among others.

---

5. Amazon OpenSearch Service and Amazon Security Lake Integration

Official post

Highlights

• Zero-ETL: Simplified integration between Amazon Security Lake and Amazon OpenSearch Service.
• Security log analysis without data duplication.
• Greater efficiency in investigations and threat hunting.

The combination of these two solutions facilitates security event correlation at scale, allowing teams to query and analyze data quickly without the need for separate ETL processes.

---

Conclusion

AWS re:Invent 2024 reinforces AWS's commitment to providing increasingly robust security solutions, simplifying policy management, and expanding threat detection. From incident response, through AI/ML-based detection, to the evolution of services like Verified Access and the integration between OpenSearch Service and Security Lake, these announcements offer more visibility, control, and agility for security teams at any stage of cloud maturity.

For more details, I recommend reading the full announcements on the AWS blog (links above). Stay tuned for updates and innovations that continue to arrive to strengthen your security posture and cloud governance.