All news in category “Vendor and Hyperscaler Watch”

🔒 Amazon today introduced the Amazon OCSF Ready Specialization to recognize AWS Partners that have technically validated their software to integrate with OCSF-compatible Amazon services and demonstrated customer success in production. The designation helps customers find pre-validated partner solutions that send or receive logs and security events in the OCSF schema, reducing integration complexity. Partners earn AWS Specialization Program benefits and signature support, including private strategy sessions and AWS guest speaker assistance. The specialization replaces and expands the prior Amazon Security Lake Specialization to broaden standardized security data interoperability.

🔧 The AWS Serverless Model Context Protocol (MCP) Server now includes specialized tools to configure and manage AWS Lambda event source mappings (ESM), combining AI assistance with ESM expertise. The new toolset—comprising the ESM guidance tool, the ESM optimization tool, and an ESM Kafka troubleshooting tool—translates high-level throughput, latency, and reliability requirements into concrete ESM configurations and generates optimized AWS SAM templates. It also validates VPC network topology for VPC-based event sources and diagnoses common ESM issues to streamline setup, tuning, and troubleshooting workflows.

🤖 AWS announced an open-source AI agent context package for AWS IoT Greengrass that provides ready-to-use instructions, examples, and templates to accelerate edge device application development. The package is published on GitHub under the Creative Commons Attribution Share Alike 4.0 license and is designed to integrate with generative AI tools such as Amazon Q. Developers can clone the repository to jumpstart creation, testing, and fleet-wide deployment workflows across supported Regions.

🔁 AWS Backup now supports a single-action copy of database snapshots across AWS Regions and accounts for Amazon RDS, Amazon Aurora, Amazon Neptune, and Amazon DocumentDB. This eliminates the previous two-step process and removes the need for intermediate copies, custom scripts, or Lambda automation. The change reduces operational complexity and helps achieve faster RPOs while removing costs associated with intermediate snapshot storage. You can use the feature today via the AWS Management Console, AWS CLI, or AWS SDKs.

🔍 Amazon Managed Service for Prometheus now includes anomaly detection using the Random Cut Forest (RCF) algorithm to continuously analyze time series and surface unexpected metric behavior with minimal user intervention. When you create an anomaly detector in an AMP workspace, it generates four derived time series that represent detected anomalies and their confidence values. Those derived series can be used to build dynamic alerting rules in the AMP Alertmanager and visualized alongside input metrics in self‑managed Grafana or Amazon Managed Grafana. The feature is available in all regions where AMP is generally available and is configurable via the AWS CLI, SDKs, or APIs.

🔁 AWS Cloud Map now supports cross-account service discovery in AWS GovCloud (US) Regions through integration with AWS Resource Access Manager (AWS RAM). By sharing namespaces, you can allow individual accounts, Organizational Units, or an entire AWS Organization to discover resources such as Amazon ECS tasks, EC2 instances, and DynamoDB tables across accounts. The capability is available now in GovCloud (US-East) and GovCloud (US-West) via Console, API, SDK, CLI, and CloudFormation.

🔐 Amazon Bedrock AgentCore Browser now previews Web Bot Auth, a draft IETF protocol that cryptographically identifies AI agents to websites. The feature automatically generates credentials, signs HTTP requests with private keys, and registers verified agent identities to reduce CAPTCHA interruptions and human intervention in automated workflows. It streamlines verification across major providers such as Akamai, Cloudflare, and HUMAN Security, and is available in nine AWS Regions on a consumption-based pricing model with no upfront costs.

🎥 TwelveLabs' Marengo Embed 3.0 is now available on Amazon Bedrock, providing a unified video-native multimodal embedding that represents video, images, audio, and text in a single vector space. The release doubles processing capacity—up to 4 hours and 6 GB per file—expands language support to 36 languages, and improves sports analysis and multimodal search precision. It supports synchronous low-latency text and image inference and asynchronous processing for video, audio, and large files.

🖼 Amazon Bedrock now offers four new image-editing tools in Stability AI Image Services: Outpaint, Fast Upscale, Conservative Upscale, and Creative Upscale. These additions expand the platform's Edit, Upscale, and Control capabilities, enabling creators to perform targeted edits and resolution enhancements with greater precision. The tools are accessible via the Bedrock API and are initially supported in US West (Oregon), US East (N. Virginia), and US East (Ohio).

⚠️ Microsoft is experiencing a global DNS outage that began about an hour ago, causing widespread access problems to Azure and Microsoft 365 services. Customers worldwide report they cannot log into corporate networks or reach portals including Azure, Intune, and the Exchange admin center, and some report the Azure Front Door CDN is also unavailable. Microsoft attributes the interruptions to DNS failures, warns of intermittent request failures and latency, and is reviewing telemetry while working on mitigation; it recommends programmatic access (PowerShell/CLI) when portals are unreachable.

🔒 Beginning in April 2026 and completing in October 2026, Google will make the Always Use Secure Connections feature the default in Chrome, attempting HTTPS for all public site navigations and prompting users before loading non-HTTPS pages. The phased rollout starts with Enhanced Safe Browsing users in Chrome 147 and expands to all global users in Chrome 154. Internal addresses such as routers and intranets will be exempt, and Google reports early tests showed warnings on fewer than 3% of navigations, typically under one alert per week, while the browser will avoid repeatedly warning about frequently visited sites.

🚀 Fortinet announced enhancements to Fortinet Unified SASE, expanding its global footprint to over 170 points of presence and embedding AI-powered operations. FortiAI-Assist automates diagnostics and remediation to accelerate mean time to resolution, while an agentless Secure Browser and SaaS Security Posture Management extend DLP and compliance controls across 80+ SaaS apps. These updates aim to boost performance, simplify operations, and strengthen data protection for distributed workforces.

🔍 Modern patch management demands centralized visibility, faster prioritization, and accountable remediation to close growing exposure gaps. The article highlights how legacy systems such as WSUS and SCCM struggle with mixed environments, remote endpoints, and third-party applications, producing inconsistent patch states and unnoticed failures. Action1 is presented as a cloud-native platform that inventories endpoints, maps missing updates to CVEs, automates targeted deployments and retries failures, and provides audit-ready reporting to unify security and IT workflows.

📈 Amazon EBS now emits two new per-volume CloudWatch metrics—VolumeAvgIOPS and VolumeAvgThroughput—providing one-minute average I/O and throughput visibility. These metrics are enabled by default at no extra charge for all EBS volumes attached to EC2 Nitro instances in Commercial Regions, including AWS GovCloud (US) and AWS China. Use them to monitor trends, troubleshoot performance bottlenecks, tune provisioned performance, and build dashboards or alarms to automate responses.

🔐 Amazon S3 now supports conditional copy operations via the CopyObject API, enabling verification of an object's existence or content in the destination bucket before copying. You can supply the HTTP If-None-Match header to ensure the destination object does not exist, or If-Match with an ETag to validate content prior to copy. Administrators can enforce these checks using s3:if-match and s3:if-none-match bucket policy condition keys. This capability is available at no additional charge in all AWS Regions and removes the need for additional client-side coordination or pre-copy validation calls.

🚀 AWS Elastic Beanstalk now supports building and deploying Tomcat 11 applications using Amazon Corretto 25 on Amazon Linux 2023 (AL2023). The platform enables developers to leverage Java 25 and Jakarta EE 11 features such as compact object headers, ahead‑of‑time (AOT) caching, and structured concurrency while benefiting from AL2023’s security and performance improvements. Environments can be created through the Elastic Beanstalk Console, CLI, or API and are generally available in commercial and GovCloud regions.

🚀 AWS has launched Amazon EC2 U7i-8tb (u7i-8tb.112xlarge) instances in the Europe (London) region, offering 8 TiB of DDR5 memory and 448 vCPUs for memory-intensive workloads. Powered by custom fourth-generation Intel Xeon Scalable processors (Sapphire Rapids), these 7th-generation instances deliver up to 135% more compute than prior U-1 instances and support up to 100 Gbps for EBS and networking with ENA Express. They are aimed at mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server.

🌐 Web Grounding is now generally available as a built-in tool for Nova models, usable today with Nova Premier via the Amazon Bedrock tool use API. It retrieves and incorporates publicly available information with citations to support responses, enabling a turnkey RAG solution that reduces hallucinations and improves accuracy. Cross-region inference makes the tool available in US East (N. Virginia), US East (Ohio), and US West (Oregon). Support for additional Nova models will follow.

🛡️ Cloudflare explains how it initially implemented WARP as a Layer‑3 VPN by leveraging the Linux networking stack to egress arbitrary user packets from edge machines. They used a TUN device, nftables/Netfilter rules and the conntrack module to perform NAT, mark flows, and distinguish client traffic from locally‑originated traffic. Core tunnel handling was written in Rust (boringtun/WireGuard) and paired with MASQUE and defense‑in‑depth controls. The approach worked but required one IPv4 address per server, creating a scalability and cost challenge that led them to explore IP sharing.

🐟 Cloudflare describes building "fish" (SLATFATF), a service to egress packets using soft-unicast address space and the challenges encountered with the Linux networking stack. They found that conntrack and Netfilter interactions can silently rewrite source ports and break connections, so they evaluated several approaches including Netlink manipulation, TCP_FASTOPEN_CONNECT sockets, and routing fixes. Ultimately they preferred terminating and proxying TCP locally to avoid fragile kernel workarounds, after testing that disabling early demux produced only modest CPU effects.