All news in category "Vendor and Hyperscaler Watch"

CloudWatch Synthetics: Bundled Multi-Check Canaries

🔧 Amazon CloudWatch Synthetics now offers bundled multi-check blueprints that let teams define comprehensive synthetic tests using a single JSON configuration file. A single canary can include up to 10 steps covering HTTP (with varied authentication), DNS, SSL certificate checks and TCP ports, and supports complex assertions on status, latency, headers and response body. Integration with AWS Secrets Manager secures credentials, while step-by-step results and console debugging simplify implementation compared with writing multiple custom canaries.

Amazon Redshift Auto-Copy Expands to Four AWS Regions

📥 Amazon Redshift Auto-Copy is now available in Asia Pacific (Malaysia), Asia Pacific (Thailand), Mexico (Central), and Asia Pacific (Taipei). The feature lets you configure an integration to continuously detect and load new files from a specified Amazon S3 prefix into Redshift tables without requiring custom COPY pipelines or external tooling. Auto-Copy records previously loaded files to prevent duplicate ingestion and exposes job status and metrics via Redshift system tables for monitoring and troubleshooting.

Amazon DCV 2025.0 Adds WebAuthn, ARM, and Keyboard Support

🔒 Amazon DCV 2025.0 is the latest release of the high-performance remote display protocol, delivering enhanced security and productivity for virtual desktop and application sessions. The update adds WebAuthn redirection on Windows and browser-based WebAuthn on Linux to enable security-key authentication in native and SaaS apps, plus server-side keyboard layout handling and alignment for Windows clients to improve input consistency. Other improvements include Linux client support for ARM, Windows Server 2025 host compatibility, and scroll wheel optimizations for smoother navigation. See AWS documentation and the DCV product page for full release notes.

Pentera Resolve Aims to Close the Remediation Gap Now

🔧 Pentera today unveiled Pentera Resolve, a platform extension that embeds automated remediation workflows into security validation to bridge the persistent remediation gap. The product converts validated findings into tracked, auditable tickets routed to owners in tools like ServiceNow, Jira, and Slack. Powered by AI-driven triage and contextual enrichment, it aims to replace manual consolidation with a measurable, repeatable remediation loop of validate, remediate, and re-test.

Amazon RDS for SQL Server: KMS Encryption for Native Backups

🔐 Amazon RDS for SQL Server now supports encrypting native backup files (.bak) stored in Amazon S3 using server-side encryption with AWS KMS keys (SSE-KMS). By default, native backups remain encrypted with Amazon S3-managed keys (SSE-S3), and customers can opt to apply their own KMS key for additional protection and key control. To enable the feature, update the KMS key policy to grant the RDS backup service access and specify the parameter @enable_bucket_default_encryption in the native backup stored procedure. This capability is available in all AWS Regions where Amazon RDS for SQL Server is offered.

Amazon RDS for SQL Server: Preserve CDC on Restore

🛡️ Amazon RDS for SQL Server now preserves Change Data Capture (CDC) settings and metadata when restoring native database backups. By specifying the KEEP_CDC option during a restore, customers retain CDC configuration and any captured change data, preventing gaps in ongoing data-capture workflows. This capability is available in all AWS Regions where Amazon RDS for SQL Server is offered and is documented in the RDS for SQL Server User Guide.

Vendor and Hyperscaler Watch: Attack Surface Tools

🔎 Cyber asset attack surface management (CAASM) and external ASM (EASM) solutions help organizations discover and continuously monitor internet-facing assets to reduce exposure and harden security. The article surveys a dozen commercial offerings — including Axonius, CrowdStrike Falcon Exposure, Microsoft Defender EASM, and Palo Alto Cortex Xpanse — highlighting discovery methods, integrations, AI features, and sample pricing. It stresses continuous monitoring, asset context and prioritization, and recommends vetting vendor automation, remediation workflows, and pricing transparency.

AWS PCS Adds Slurm Cluster Secret Rotation Support

🔐 AWS Parallel Computing Service (PCS) now supports rotation of Slurm cluster secret keys using AWS Secrets Manager. Administrators can update the credentials used for authentication between the Slurm controller and compute nodes without recreating a cluster, preserving running workloads and configuration. Regular rotation reduces the risk of credential compromise and helps meet security best practices and compliance requirements. The capability is available in all Regions where PCS operates and can be initiated from the Secrets Manager console or via API after preparing the cluster for rotation.

Amazon S3 Metadata Expands to Frankfurt, Ireland, Tokyo

🆕 Amazon has expanded S3 Metadata to three additional AWS Regions — Europe (Frankfurt), Europe (Ireland), and Asia Pacific (Tokyo). The service provides automated, near-real-time, queryable metadata for S3 objects, covering system-defined attributes (size, source, timestamps) and custom metadata via tags. Metadata is automatically populated for both new and existing objects, enabling faster discovery, curation, and use for analytics and real-time inference. With this release, S3 Metadata is generally available in six AWS Regions.

AWS Adds Scope 3 and Scope 1 to Carbon Footprint Tool

🌍 The AWS Customer Carbon Footprint Tool now reports Scope 3 emissions alongside Scope 1 natural gas and refrigerant data, giving customers more complete visibility into cloud-related carbon impacts. Historical Scope 3 data is available back to January 2022 and can be accessed through the CCFT dashboard and AWS Billing and Cost Management data exports. These updates extend CCFT coverage to all three scopes defined by the Greenhouse Gas Protocol and help customers integrate carbon insights into operational workflows, sustainability planning, and reporting.

Amazon DocumentDB Adds Graviton4-based R8g Instances

🚀 Amazon DocumentDB (with MongoDB compatibility) now supports Graviton4-based R8g instances, delivering DDR5 memory and Nitro System improvements for memory‑intensive workloads. R8g is available for Amazon DocumentDB 5.0 on both Standard and IO‑Optimized cluster storage. Customers can modify existing clusters or create new ones via the AWS Management Console, CLI, or SDK; check documentation for regional availability and pricing.

Amazon MQ Launches in AWS Asia Pacific (New Zealand)

🚀 Amazon MQ is now available in the AWS Asia Pacific (New Zealand) Region (API name ap-southeast-6) with three Availability Zones. The managed message broker supports Apache ActiveMQ and RabbitMQ, reducing operational overhead by managing provisioning, setup, and maintenance. Because it uses industry-standard APIs and protocols, customers can migrate applications to AWS without rewriting code. With this launch, Amazon MQ is now offered in 38 AWS regions globally.

Amazon EC2 C7i-flex Instances Launch in Jakarta Region

🚀 Amazon Web Services has launched C7i-flex instances in the Asia Pacific (Jakarta) Region. The new instances deliver up to 19% better price-performance versus C6i and use custom 4th generation Intel Xeon Scalable (Sapphire Rapids) processors available only on AWS, while offering roughly 5% lower prices than standard C7i. C7i-flex covers common sizes from large to 16xlarge and is intended for compute-intensive workloads that don’t fully utilize all vCPUs; customers with continuous high CPU usage or needs for very large sizes (up to 192 vCPUs and 384 GiB) should consider full-size C7i instances.

AWS Nitro Enclaves Now Available in All Regions Worldwide

🔒 AWS has made Nitro Enclaves available in every AWS Region, expanding regional support to include new locations across Asia Pacific, Europe, the Middle East, and North America. Nitro Enclaves enables customers to create isolated compute environments inside EC2 instances to protect and process sensitive data and reduce attack surface. There is no additional charge beyond the EC2 and associated service usage.

Deploying AWS Secrets Manager Agent as an EKS Sidecar

🔒 This post demonstrates deploying the AWS Secrets Manager Agent as a sidecar container in Amazon EKS to provide a language-agnostic local HTTP interface (localhost:2773) for secrets retrieval. The agent pulls and caches secret values, reducing direct API calls to Secrets Manager and improving application availability. It enforces SSRF protection via a generated token at /var/run/awssmatoken and implements ML‑KEM post‑quantum key exchange by default. Authentication uses Amazon EKS Pod Identity and IAM permissions (secretsmanager:GetSecretValue and secretsmanager:DescribeSecret), and the post includes build, containerization, and deployment steps.

Google Migrates ISAs with AI and Automation at Scale

🔧 Google details how its custom Axion Arm CPUs and a mix of automation and AI enabled large-scale migration from x86 to multi-architecture production across services such as YouTube, Gmail, and BigQuery. The team analyzed 38,156 commits (about 700K changed lines) and reports migrating more than 30,000 applications to Arm while keeping both Arm and x86 in production. Existing automation like Rosie, sanitizers, fuzzers, and the CHAMP rollout framework handled much of the work, while an LLM-driven agent called CogniPort fixed build and test failures, showing a 30% success rate on a 245-commit benchmark. Google plans to default new apps to multiarch and continue refining AI tools to address the remaining long tail.

SmarterX Builds Custom LLMs with Google Cloud Tools

🔍 SmarterX uses Google Cloud to build custom LLMs that help retailers, manufacturers, and logistics companies manage regulatory compliance across product lifecycles. Using BigQuery, Cloud Storage, Gemini, and Vertex AI, the company ingests, normalizes, and indexes unstructured regulatory and product data, applies RAG and grounding, and trains customer-specific models. The integrated platform empowers subject matter experts to evaluate, correct, and deploy model updates without heavy engineering overhead.

Microsoft Security Store Unites Partners and Innovation

🔐 Microsoft Security Store, released to public preview on September 30, 2025, is a unified, AI-powered marketplace that lets organizations discover, buy, and deploy vetted security solutions and AI agents. Catalog items — organized by frameworks like NIST and by integration with products such as Microsoft Defender, Sentinel, Entra, and Purview — address threat protection, identity, compliance, and cloud security. Built on the Microsoft Marketplace, it provides unified billing, MACC eligibility, and guided automated provisioning to streamline deployments.

Dataplex Supports Column-Level Lineage for BigQuery

🔍 Dataplex Universal Catalog now captures column-level lineage for BigQuery, extending object-level tracing to granular column transformations at no extra cost. The update provides interactive visual lineage graphs so users can inspect upstream and downstream flows for individual columns, trace origins, and assess downstream impact of modifications. This granularity helps validate authoritative sources for AI/ML features, enforce column-level governance, and improve compliance. It also surfaces freshness and usage metadata to support context-aware agents.

Cloud Armor: Hierarchical Policies, Extended WAF and NTI

🛡️ Cloud Armor introduces hierarchical security policies and organization-scoped address groups to simplify centralized policy management across organization, folder, and project levels. The release also includes GA support for JA4 network fingerprinting and ASN/NTI controls for Media CDN, while an enhanced WAF request-body inspection (preview) expands inspection from 8 KB to 64 KB. These updates are designed to strengthen threat protection and reduce operational complexity for hybrid and multicloud deployments.