All news in category "Vendor and Hyperscaler Watch"

CrowdStrike Expands Agentic Security Workforce With Agents

🤖 CrowdStrike announced new specialized agents and an orchestration layer designed to accelerate SOC operations and automation. The launch includes a Data Onboarding Agent, a Foundry App Creation Agent, and an updated Exposure Prioritization Agent to simplify pipeline creation, app development, and continuous authenticated scanning. Integrated with Charlotte Agentic SOAR and Charlotte AI, these agents enable coordinated, machine-speed workflows while keeping analysts in control.

Anyscale's Managed Ray on Azure for Distributed AI

🚀 Microsoft and Anyscale announced a private preview bringing Anyscale’s managed Ray to Azure, enabling developers to run distributed Python AI/ML workloads with native Azure integration. The service leverages the RayTurbo runtime and Azure Kubernetes Service (AKS) to provide elastic scaling, GPU packing, spot VM support, and enhanced observability. It aims to simplify scaling from prototype to production and reduce operational overhead.

Microsoft to Remove Defender Application Guard from Office

🔒 Microsoft will remove Defender Application Guard for Office (MDAG) from supported Office builds beginning with version 2602 in early February 2026 and expects full removal with version 2612 by mid‑2027. Files that previously opened in Application Guard will open in Protected View instead. Microsoft recommends enabling Defender for Endpoint ASR rules and Windows Defender Application Control to preserve protections; no admin action is required to trigger the removal.

Amazon OpenSearch Serverless Adds FIPS Endpoints in Regions

🔐 Amazon announced that Amazon OpenSearch Serverless now offers FIPS compliant endpoints for Data Plane APIs in US East (N. Virginia), US East (Ohio), Canada (Central), AWS GovCloud (US-East), and AWS GovCloud (US-West). The update brings the service into conformance with FIPS 140-3 cryptographic requirements. Customers in regulated or federal environments can use these endpoints to meet in-transit cryptography controls.

Automating FinOps Governance with Workload Manager

🔧 Workload Manager automates FinOps governance by codifying cost-control policies and enforcing them across Google Cloud environments. It supports both predefined checks (for example, bigquery-missing-labels) and custom rules written in Open Policy Agent (OPA) Rego, allowing organization-, folder-, or project-level scans. Scheduled evaluations can export results to BigQuery, trigger notifications (email, Slack, PagerDuty), and feed Looker Studio dashboards for reporting and trend analysis. New pricing reduces scan costs by up to 95% and includes a small free tier to accelerate adoption.

EC2 Auto Scaling: Warm Pools Now Support Mixed Instances

🚀 Starting today, AWS lets you add warm pools to EC2 Auto Scaling groups (ASGs) that use mixed instances policies. Warm pools maintain a set of pre-initialized EC2 instances that can rapidly serve traffic, reducing scale‑out latency for workloads with lengthy initialization tasks like large disk writes or complex scripts. The capability supports manual instance type lists and attribute-based selection, and is available via the Console, SDKs, and CLI in all public AWS Regions and AWS GovCloud (US). Combining warm pools with instance type flexibility helps ASGs scale to their maximum size quickly while improving availability across multiple instance types.

Kubernetes introduces control-plane minor-version rollback

🔁 Google and the Kubernetes community introduced control-plane minor-version rollback in Kubernetes 1.33, giving operators a safe, observable path to revert control-plane upgrades. The new KEP-4330 emulated-version model separates binary upgrades from API and storage transitions into a two-step process, enabling validation before committing changes. This capability is available in open-source Kubernetes and will be generally available in GKE 1.33 soon, reducing upgrade risk and shortening recovery time from unexpected regressions.

AWS Cloud WAN expands to Thailand, Taipei, New Zealand

📡 AWS Cloud WAN is now available in the AWS Asia Pacific (Thailand), AWS Asia Pacific (Taipei), and AWS Asia Pacific (New Zealand) Regions. Using a central dashboard and policy-driven model, you can connect Amazon VPCs, AWS Transit Gateways, and on-premises locations via AWS Site-to-Site VPN, AWS Direct Connect, or supported SD‑WAN products. The service automatically builds a global network using BGP and provides a consolidated view to monitor network health, security, and performance.

How Google Cloud Networking Supports AI Workloads at Scale

🔗 Networking is a critical enabler for AI on Google Cloud, connecting models, storage, and inference endpoints while preserving security and performance. The post outlines seven capabilities—from private API access and RDMA-backed GPU interconnects to hybrid Cross-Cloud links—that reduce latency, prevent data exfiltration, and simplify model serving. It also highlights options for exposing inference (managed services, GKE, load balancing) and previews AI-driven network operations using Gemini.

Prisma SASE: A Blueprint for Modern Branch Security

🔒 Prisma SASE positions Prisma SD‑WAN and Prisma Access as a unified blueprint for securing modern branch offices, embedding zero trust and local enforcement into the branch edge. It emphasizes identity‑aware controls (User‑ID, Device‑ID, App‑ID), automated IoT discovery and on‑box protections like URL filtering and DNS security to reduce appliance sprawl and contain lateral movement. By pairing on‑device enforcement with cloud services and centralized management via Strata Cloud Manager, the solution aims to simplify operations, maintain consistent policies and keep defenses up to date across distributed locations.

AWS Service Reference adds SDK operation-to-action mapping

🔐 AWS has expanded its Service Reference Information to map SDK operations to the specific IAM action(s) required to call them. This enables teams to answer questions such as “Which permission is needed for this API operation?” and to retrieve authoritative answers programmatically. You can integrate the data into policy management and automation pipelines to reduce manual effort and keep policies aligned with service updates. The capability is provided at no additional cost.

Cloudflare Introduces Isolated Testing for Workflows

🧪 Cloudflare has added local, isolated testing APIs for Workflows, enabling developers to introspect and mock workflow instances using the new cloudflare:test module. Available with @cloudflare/vitest-pool-workers v0.9.0+, the APIs (introspectWorkflowInstance and introspectWorkflow) let tests run offline inside the Workers runtime, mock step results and events, and preserve isolated storage for reliable, deterministic tests. This improves debug visibility, reduces flaky tests, and lets teams assert on intermediate steps without hitting external systems.

Ransomware Defense with the Wazuh Open Source Platform

🛡️Wazuh is a free, open-source security platform that provides SIEM and XDR capabilities to detect, prevent, and respond to ransomware. The article highlights Wazuh features such as file integrity monitoring, vulnerability detection, security configuration assessment, and automated active responses. It illustrates rule-based detections and automated remediation using practical examples (DOGE Big Balls, Gunra) and discusses Windows integration for VSS-based recovery. The coverage frames Wazuh as a practical, extensible tool for multi-layered ransomware defense.

AWS Config Adds 42 New Managed Rules for Governance

🔔 AWS Config has launched 42 new managed rules to help organizations govern security, cost, durability, and operational best practices across AWS environments. You can now search, discover, enable, and manage these rules directly from AWS Config, and apply them account-wide or across an organization, including via Conformance Packs. New checks cover services such as Amazon EKS Fargate, EC2 Network Insights, AWS Glue ML transforms, Amazon Cognito, Lightsail, Amplify, Lambda, RDS, Route53 Resolver, Kinesis Video, and more.

Amazon Bedrock AgentCore Runtime Adds Code Upload Options

🧰 Amazon Bedrock AgentCore Runtime now supports two deployment methods: direct code-zip upload and container-based deployment. Developers can use drag-and-drop code-zip uploads for rapid prototyping or opt for container images when they need custom runtime configurations and dependencies. The serverless, model-agnostic runtime is designed to scale for production while maintaining enterprise security. This capability is available across nine AWS Regions with consumption-based pricing and no upfront costs.

Amazon RDS for Oracle adds R7i memory-optimized instances

🧠 Amazon RDS for Oracle now offers R7i memory-optimized preconfigured instances powered by custom 4th Gen Intel Xeon Scalable processors, the AWS Nitro System, and DDR5 memory. These instances provide up to a 64:1 memory-to-vCPU ratio and higher storage I/O per vCPU, enabling many Oracle workloads to reduce vCPU counts without performance loss. Available under BYOL for Oracle Database Enterprise Edition and Standard Edition 2, R7i can lower Oracle licensing and support costs while meeting high-performance requirements.

Amazon Connect adds email address aliasing for branding

📧 Amazon Connect now lets organizations configure aliases for email addresses so customers continue to see trusted sender identities when messages are sent or received. For example, forwarding a public-facing address like support@company.com into Amazon Connect Email can preserve the visible sender as support@company.com. The capability is available in multiple AWS regions to simplify email management and maintain a consistent brand experience.

AWS Config Conformance Packs Expand to Five Regions

📣 AWS Config conformance packs and organization-level management are now available in additional Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei), and Mexico (Central). Conformance packs let you package managed or custom AWS Config rules into reusable bundles for security, operational, or cost-optimization governance and to monitor compliance scores. You can deploy packs via the AWS Config console, AWS CLI, or AWS CloudFormation. Note that pricing is charged per conformance pack evaluation per account and Region.

AWS and SANS Whitepaper: AI for Security Guidance Overview

🔒 AWS and SANS released a whitepaper, AI for Security and Security for AI, that examines how organizations can use generative AI safely and defend against AI-powered threats. The paper examines three lenses: securing generative AI applications, using generative AI to improve cloud security posture, and protecting against AI-enabled attacks. It offers practical action items, architecture guidance, and recommendations for responsible AI and human oversight.

CloudWatch Synthetics Adds Multi-Browser Support in GovCloud

🔍 Amazon CloudWatch Synthetics now supports running the same canary scripts across Chrome and Firefox in AWS GovCloud (US‑East, US‑West). You can use Playwright‑based or Puppeteer‑based canaries to collect browser-specific performance metrics, success rates, and visual monitoring results while retaining aggregate health views. This helps teams detect and remediate browser compatibility issues faster.