All news in category "Vendor and Hyperscaler Watch"

Top IAM Vendors for Zero Trust and Identity Security

🔑 Identity is becoming the new perimeter as organizations accelerate the move to Zero Trust, making robust Identity & Access Management essential for secure access and continuity. This roundup examines leading IAM vendors and highlights capabilities in IGA, PAM, IDaaS, CIEM and risk-based authentication. Profiles cover strengths, pricing and integration trade-offs for vendors including CyberArk, Okta, Microsoft Entra ID, SailPoint, Avatier and BeyondTrust to help CISOs match products to requirements.

Predictive Scaling Now Available in Six More AWS Regions

⚙️ AWS has expanded Predictive Scaling for EC2 Auto Scaling to six additional regions: Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), and Europe (Zurich). Predictive Scaling learns from historical patterns and launches instances ahead of anticipated demand to reduce over-provisioning, lower EC2 costs, and keep applications responsive. It complements real-time policies like Target Tracking and Simple Scaling and can be previewed using a "Forecast Only" mode. The feature is available via the console, AWS CLI, CloudFormation, and AWS SDKs.

Cloudflare Page Shield Thwarted npm Supply-Chain Attack

🛡️ In early September 2025 attackers published malicious releases to 18 widely used npm packages, enabling crypto‑stealing and token exfiltration. Cloudflare's Page Shield static analysis and ML pipeline — including an MPGCN on JavaScript ASTs — inspects 3.5 billion scripts per day and would have detected these compromised packages. Inference completes in under 0.3s and ensemble review reduces false positives, protecting customers from similar supply‑chain threats.

Amazon VPC Reachability and Network Analyzer Now in GovCloud

🛡️ Amazon has launched VPC Reachability Analyzer and VPC Network Access Analyzer in both AWS GovCloud (US‑West) and GovCloud (US‑East) Regions. These tools let administrators diagnose network reachability between source and destination resources across VPCs and accounts, for example identifying missing route table entries that block EC2-to-EC2 connectivity. Network Access Analyzer finds unintended access paths such as traffic that bypasses firewalls so teams can enforce security and compliance scopes. For pricing and operational details consult the VPC Network Analysis pricing information.

Amazon Aurora DSQL Adds Resource-Based Policies Support

🔒 Amazon Web Services has added resource-based policies to Aurora DSQL, letting administrators define which IAM principals can perform specific IAM actions on Aurora DSQL resources. Policies also support Block Public Access (BPA) controls to restrict access to public or VPC endpoints. The capability is available now in a set of regions and the documentation provides guidance to get started.

VPC Reachability & Network Access Analyzers Now in GovCloud

🔍 Amazon announced that VPC Reachability Analyzer and VPC Network Access Analyzer are now available in AWS GovCloud (US-West) and AWS GovCloud (US-East). Reachability Analyzer diagnoses network paths between source and destination resources in VPCs to identify misconfigurations such as missing route table entries across accounts. Network Access Analyzer finds unintended access paths by letting you define scopes to ensure traffic traverses required controls, for example verifying web app traffic goes through a firewall. See the product documentation and the Network Analysis section of the Amazon VPC pricing page for details.

How Five Agencies Built Impossible Ads with Gemini

🎨 Google showcased how five agencies used Gemini 2.5 Pro and complementary generative media models to produce ambitious ad campaigns that blend nostalgia, personalization, and scalable visual storytelling. Projects ranged from a retro AI radio for Slice to personalized "postcard" ads for Virgin Voyages, AI co-hosts and party themes for Smirnoff, crowdsourced mascots for Visit Orlando, and cinematic short film work with Moncler. Results highlighted rapid production, measurable engagement lifts, and cross-product workflows across Imagen, Veo, Lyria, and Vertex AI. The post invites brands to explore these tools for creative scale and efficiency.

Proteomics AI Agent: Guided Protocols and Error Detection

🔬 Researchers at the Max Planck Institute of Biochemistry and Google Cloud created a Proteomics Lab Agent using the Agent Development Kit and Gemini models to provide personalized, multimodal AI guidance for mass spectrometry experiments. The agent analyzes recorded steps to generate publication-ready protocols, detect procedural errors, and capture tacit expertise into a searchable knowledge base. Open-sourced on GitHub, it aims to reduce troubleshooting time and improve reproducibility across labs.

AWS outage: DynamoDB DNS failure caused disruption

⚠️ Amazon says a major DNS failure in DynamoDB's DNS management system triggered a widespread AWS outage focused on the us-east-1 (Northern Virginia) region. A race condition at 11:48 PM PDT caused the accidental deletion of all IP addresses for the regional DynamoDB public endpoint, producing immediate DNS resolution failures for customer and internal traffic. The fault cascaded across services, kept automated recovery from restoring consistency, and required manual operator intervention to recover. AWS has disabled the problematic DNS automation globally, added protective checks, improved throttling, built new test suites, and apologized for the impact.

AWS Transfer Family: Change IdP Type Without Downtime

🔁 AWS Transfer Family now lets administrators change a server's identity provider (IdP) type without service interruption. This update allows dynamic switching among service-managed, Active Directory, and custom IdP authentication for SFTP, FTPS, and FTP servers, enabling zero-downtime migrations and faster compliance adaptation. The capability is available in all AWS Regions where Transfer Family operates.

Cut IT Costs with Secure Self-Service Password Resets

🔐 Self-service password reset (SSPR) can significantly cut help desk costs and reduce downtime by letting users securely change forgotten or expired credentials without contacting support. Industry research cited in the article highlights that password-related calls are common and expensive — Gartner and Forrester figures are referenced and a Specops analysis reports average savings per user. The piece outlines security best practices including tiered risk controls, MFA, enrollment hygiene, and detection measures like rate limiting and location checks. It describes Specops uReset capabilities for Entra ID and Active Directory, automated enrollment, reporting, and a First Day Password add-on to reduce onboarding friction.

CloudWatch Adds EC2 Metrics for EBS IOPS and Throughput

🔔 Amazon introduced two new Amazon CloudWatch instance-level metrics — Instance EBS IOPS Exceeded Check and Instance EBS Throughput Exceeded Check — that flag when the driven IOPS or throughput exceeds the EBS-Optimized limits of an EC2 instance. Each metric returns 0 (not exceeded) or 1 (exceeded), enabling rapid identification of I/O bottlenecks and the creation of dashboards or alarms. These metrics are provided by default at a 1-minute frequency at no additional charge for Nitro-based EC2 instances with EBS attached and are accessible via the EC2 console, CLI, or CloudWatch API across Commercial, GovCloud (US), and China Regions.

Mozilla: New Firefox extensions must disclose data

🔒 Starting 3 November 2025, Mozilla will require new Firefox extension developers to declare data collection practices in manifest.json via a browser_specific_settings.gecko.data_collection_permissions key. Developers must adopt the framework across all extensions in the first half of 2026, and extensions that collect no personal data must state that explicitly. The declared practices will appear during installation, on the add-on listing, and in about:addons; submissions that omit the declaration will be blocked.

Passwordless Authentication: Clearing Common Myths

🔐 Passwordless authentication reduces reliance on passwords by using device-bound keys and local verification. The post explains that passwordless is inherently multi-factor: a device factor plus a local secret such as a PIN or biometric. Biometrics and PINs unlock a private key stored on the device and are not transmitted or centralized, reducing theft and replay risks. It also describes protections that make this approach highly phishing-resistant.

AWS Lambda ups asynchronous payload limit to 1 MB today

🚀 AWS has increased the maximum payload size for AWS Lambda asynchronous invocations from 256 KB to 1 MB. This change lets customers deliver richer, complex events—such as LLM prompts, telemetry batches, or detailed JSON outputs—without splitting, compressing, or externalizing data. The increase is generally available in all AWS Commercial and AWS GovCloud (US) Regions and can be used via the Lambda invoke API. Billing counts 1 request for the first 256 KB and an additional request per 64 KB chunk beyond that up to 1 MB.

SageMaker Studio Integrates with Athena Workgroups

📊 Data engineers and analysts can now connect Amazon SageMaker Unified Studio to existing Amazon Athena workgroups to run SQL queries using the workgroups' default settings and properties. This lets teams reuse access controls, cost limits, and query-tracking policies already defined in Athena, reducing setup time while maintaining governance. To enable it, choose 'Add compute' → 'Connect to existing compute resources' in Unified Studio; the connected Athena workgroup then appears in the query editor and is available in all regions where Unified Studio is supported.

CASB Buying Guide: Key Capabilities, Vendors, and Questions

🔒 A Cloud Access Security Broker (CASB) sits between enterprise endpoints and cloud services to deliver visibility, enforce access controls and detect threats. This guide summarizes core CASB functions — visibility, control, data protection and compliance — and contrasts deployment modes (API vs proxy). It profiles major vendors such as Netskope, Microsoft Defender for Cloud Apps, Palo Alto Networks and others, and presents 16 practical questions to assess internal readiness and evaluate providers against SSE/SASE roadmaps.

HP Pulls Update That Broke Entra ID Auth on AI PCs

⚠️ HP has pulled an over-the-air update to HP OneAgent for Windows 11 after a cleanup script removed Microsoft certificates required for some organizations to authenticate to Microsoft Entra ID. The silent update deployed on HP AI PCs ran package SP161710 and an install.cmd that deleted any certificate containing the substring "1E", producing false positives. Affected devices disconnected from Entra ID/Intune; HP says the update is no longer available and is assisting impacted customers.

Microsoft Unveils Mico: Copilot Avatar for Empathy

🤖 Microsoft today introduced Mico, a new avatar for its AI-powered Copilot designed to feel more personal, supportive, and empathetic. The optional visual presence listens, adapts its expressions and color to interactions, and will respectfully push back when presented with incorrect information. The Copilot Fall Release also adds features such as Copilot Groups for up to 32 collaborators, long-term memory, Deep Research Proactive Actions, and a Learn Live voice-enabled tutor. These updates begin rolling out in the United States with broader regional availability planned.

Amazon Connect Adds Preview Dialing to Outbound Campaigns

📞 Amazon Connect outbound campaigns introduces a preview dialing mode that gives agents customer context—name, balance, and prior interactions—before placing calls. Campaign managers can set review time limits, optionally remove contacts, and use new dashboards to monitor agent behavior, discard rates, and engagement trends. By reserving an agent prior to dialing, teams gain operational control and help support TCPA and OFCOM compliance.