

Amazon Web Services Inc. today announced a range of enhancements at its annual re:Inforce 2025 conference that are aimed at simplifying cloud security at enterprise scale.
AWS Chief Information Security Officer Amy Herzog explained at the event that the company is focusing on simplifying security at large scale while also highlighting how AWS is helping organizations of all sizes manage risk and respond to threats more effectively. With that vision, the event saw three major product updates for Security Hub, Shield and GuardDuty XTD.
Leading the list of announcements was a preview release of a new version of AWS Security Hub, which prioritizes critical security issues and helps users respond at scale to reduce security risks, improve productivity and protect cloud environments. The new version correlates and contextualizes findings across GuardDuty, Inspector, Macie, CSPM and third-party tools into one actionable feed.
The new version of Security Hub also prioritizes “active risks” based on combined threat and vulnerability intelligence and supports bulk remediation workflows. AWS says that in testing, customers slashed alert volume by up to 60% and that the new version dramatically boosts both visibility and incident response efficiency.
AWS Shield is being upgraded with the addition of network posture management now in preview. The update version automatically discovers virtual private cloud resources across accounts, analyzes configurations for issues like SQL injection and distributed denial-of-service vulnerabilities and presents a prioritized topology map in a visually rich console. Notably, remediation steps are now integrated alongside conversational guidance powered by Amazon Q, helping teams address findings without the need to pull up documentation.
The third major announcement sees Amazon GuardDuty Extended Threat Detection now extending coverage to containerized environments, specifically EKS. GuardDuty XTD can uncover multi-stage attack sequences that cross boundaries and evade simpler detection by correlating Kubernetes audit logs, runtime signals, application programming interface usage and malware detection.
The new attack sequence findings cover multiple resources and data sources over an extensive time period, allowing users to spend less time on first-level analysis and more time responding to critical severity threats. The net result minimizes business impact.
Beyond the three major announcements, AWS also announced more than a dozen complementary updates across its portfolio of services.
AWS WAF’s console has been redesigned with expert-curated protection packs and a guided workflow that slashes configuration time by up to 80% while providing clear visibility into rule performance. Amazon CloudFront also received a usability boost through a unified onboarding experience, bundling TLS certificate issuance, DNS setup and recommended content delivery network settings within a single console driven by WAF-integrated rule packs.
Identity and access controls were also upgraded, with IAM Access Analyzer obtaining an expanded scope to efficiently determine who, both internal and external principals, has access to S3, DynamoDB and RDS, providing clarity around cross-account privileges. Simultaneously, AWS is now enforcing mandatory multifactor authentication for all root users across both standalone and member accounts.
On the infrastructure security front, AWS Network Firewall has been upgraded and now ingests global threat intelligence to automatically block indicators of compromise, like command-and-control domains and malicious URLs. Backup resilience also got a boost via multiparty approvals for air‑gapped vaults, ensuring there’s no single point of failure in recovery operations.
The conference also saw AWS enhance its development security offerings with Amazon Inspector becoming generally available. The service offers code scanning and integrates with GitHub and GitLab to catch vulnerabilities before code deploys. Developers also received a boost with Amazon Verified Permissions, providing an open-source Express.js authorization library to accelerate secure policy implementation.
For Express.js developers, AWS also announced the release of @verifiedpermissions/authorization-clients-js, an open-source package that allows developers to implement authorization in their Express.js web application APIs in minutes. The package simplifies development and improves application security by significantly reducing the custom authorization code compared to traditional approaches where authorization logic was embedded into the application.
THANK YOU