All news in category "Vendor and Hyperscaler Watch"

Amazon EVS Adds HCX Migration Over Public Internet

🌐 Amazon EVS now supports VMware HCX migrations over the public internet using Elastic IP Addresses (EIPs) to provide stable endpoints and faster setup. This option supplements existing private connectivity methods such as AWS Direct Connect and VPN, enabling secure layer‑2 network stretch and workload migration when private links are unavailable. Public HCX connectivity is available in all AWS Regions where EVS is offered and can be a cost‑effective alternative for workloads that do not require private connection performance.

Where CISOs Should See Splunk Go Next: AI & Resilience

🔍 At .Conf in Boston, Splunk and parent company Cisco positioned machine data as central to next‑generation AI incident response, arguing telemetry represents roughly 55% of global data growth. They stressed tighter integration of security and observability, a federated data model with new support for Snowflake, and standards work such as OpenTelemetry and the Open Cybersecurity Framework (OCSF). Splunk also previewed enhanced security operations capabilities — a premier Enterprise Security bundle, Detection Studio, and agentic AI features — while acknowledging customer concerns about costs, legacy positioning, and support.

AWS Step Functions Adds IPv6 Dual-Stack Endpoint Support

🌐 AWS Step Functions now supports IPv6 via new dual-stack IPv4/IPv6 endpoints, enabling customers to send IPv6 traffic directly to the service. The enhancement preserves backwards compatibility with existing IPv4 endpoints and enables PrivateLink interface VPC endpoint connectivity so workloads can access Step Functions privately without traversing the public internet. IPv6 support is generally available in several US commercial and GovCloud regions.

Amazon SageMaker HyperPod Adds Managed Karpenter Autoscaling

🛠️ Amazon SageMaker HyperPod now supports managed node autoscaling using Karpenter, enabling automated cluster scaling for both inference and training workloads. This managed capability removes the operational burden of installing and maintaining autoscaling infrastructure while providing integrated resilience and fault tolerance. Customers gain just-in-time GPU provisioning, scale-to-zero during low demand, workload-aware instance selection, and cost reductions through intelligent consolidation.

CrowdStrike Advances Next-Gen Identity Security Innovations

🔐 CrowdStrike announced three enhancements to Falcon Next‑Gen Identity Security: FalconID, expanded privileged access controls, and identity‑driven case management. FalconID delivers FIDO2-based, phishing-resistant passwordless MFA via the Falcon for Mobile app, combining Bluetooth proximity checks with contextual telemetry to block credential phishing, MFA fatigue, and session hijacking. Privileged access updates add just-in-time workflows, Microsoft Teams request/revoke, Fusion SOAR automation, and hybrid coverage including local systems (early access). Identity-driven case management integrates identity detections into Falcon Next‑Gen SIEM and automates analyst response (generally available).

CrowdStrike Enhances GenAI Data Protection Across Platforms

🔒 CrowdStrike announces four new innovations in Falcon Data Protection to help organizations prevent GenAI-driven data leaks across endpoints, cloud, SaaS and AI tools. The updates include real-time GenAI protections that span browsers, local apps and shadow AI services, unified out-of-the-box detections, AI-powered classifications, and a consolidated Insider Risk dashboard. Beta and general availability windows span late 2025 through mid-2026, with cloud features prioritized earlier.

Blueprint for Building Safe and Secure AI Agents at Scale

🔒 Azure outlines a layered blueprint for building trustworthy, enterprise-grade AI agents. The post emphasizes identity, data protection, built-in controls, continuous evaluation, and monitoring to address risks like data leakage, prompt injection, and agent sprawl. Azure AI Foundry introduces Entra Agent ID, cross-prompt injection classifiers, risk and safety evaluations, and integrations with Microsoft Purview and Defender. Join Microsoft Secure on September 30 to learn about Foundry's newest capabilities.

AWS Network Firewall: SNI Session Holding for TLS Guide

🔒 AWS Network Firewall now offers SNI session holding to strengthen TLS inspection by validating the TLS SNI before initiating an outbound TCP connection. When enabled, the firewall holds TCP/TLS establishment until it receives the ClientHello SNI and evaluates it against Suricata-based TLS inspection rules, preventing any contact with disallowed endpoints. Administrators can enable this option in a TLS inspection configuration via the AWS Management Console, AWS CLI, or AWS SDK; it’s available in Regions including GovCloud and China and is billed as part of TLS advanced inspection.

RUM Diaries: Enabling Privacy-First Web Analytics by Default

🔍 Cloudflare is upgrading its real user monitoring (RUM) suite by enabling Web Analytics for free domains by default on October 15, 2025 (EU/UK traffic excluded by default). A lightweight JavaScript beacon will collect aggregated client-side metrics—Core Web Vitals, resource timings and client-observed TLS durations—and pre-process data at the edge to remove personal identifiers before aggregation. The company emphasizes a privacy-first approach with no cookies, no localStorage, and no fingerprinting, and plans to correlate client metrics with in-network and origin telemetry to provide actionable debugging insights while preserving user privacy.

How AWS Built a Flywheel to Improve Amazon RDS Security

🔒 As AWS implemented support for PL/Rust on Amazon RDS, engineers created a telemetry-driven 'flywheel' built around SELinux, monitoring, and incident response to safely enable compiled Rust functions. They developed mandatory access control policies, routed denials into telemetry with automated ticketing, and ran quarterly red/blue game days to refine playbooks and reduce noise. An October SELinux denial triggered an investigation that validated the controls and led to collaboration with Varonis Threat Labs.

AWS Lambda: Cross-Account Container Images in GovCloud

🚀 AWS Lambda now supports creating or updating functions using container images stored in an Amazon ECR repository in a different AWS account within GovCloud Regions. This removes the previous need to copy images into a local ECR repo and streamlines centralized image management and CI/CD workflows. Administrators must grant the Lambda resource and the Lambda service principal the necessary cross-account permissions.

Amazon Corretto 25 LTS Released with OpenJDK 25 Enhancements

🚀 Amazon Corretto 25 is now generally available as a Long Term Support release, providing a production-ready distribution of OpenJDK 25 for Linux, Windows, and macOS. The release promotes experimental JDK 24 features to production-ready status — notably Compact Object Headers and Generational Shenandoah GC — and introduces AOT caching, language refinements, expanded observability, Structured Concurrency, Vector API improvements, and reduced virtual-thread pinning. Amazon will support Corretto 25 through October 2032.

Amazon EC2 I8ge Storage-Optimized Instances in Frankfurt

🚀 Amazon EC2 I8ge storage-optimized instances are now available in AWS Europe (Frankfurt). Powered by AWS Graviton4 processors, I8ge delivers up to 60% better compute performance versus prior Graviton2-based storage-optimized instances and uses third-generation AWS Nitro SSDs for up to 55% better real-time storage performance per TB with substantially lower latency and variability. Instances scale to 48xlarge (including metal), provide up to 1,536 GiB RAM, 120 TB local NVMe, and up to 300 Gbps networking, making them well suited for relational and non-relational databases, streaming databases, search and data analytics.

Amazon Connect introduces agent hierarchy filters for search

🔍 Amazon Connect now offers agent hierarchy filters on the contact search page in the UI, enabling contact center leaders and teams to drill into specific sites, departments, or teams to locate interactions. This capability helps quality management, regulatory compliance, and workforce optimization teams efficiently find and review contacts for assessment and auditing. The feature is available in all regions where Amazon Connect is offered, simplifying targeted reviews and reducing time-to-insight for investigations and performance evaluations.

AWS Expands Second-Generation Outposts Racks Globally

🌍 AWS now ships second-generation Outposts racks to a broad list of countries, enabling customers to deploy AWS infrastructure and services directly in on‑premises data centers and colocation sites. These racks support the latest x86 Amazon EC2 families — C7i, M7i, and R7i — delivering up to 40% better performance versus prior racks, simplified network scaling, and a new class of accelerated networking instances for ultra-low latency and high throughput. They also help address local data residency and low-latency processing requirements while remaining connected to the nearest AWS Region for management.

MCP Toolbox Adds Firestore Tools for AI-Assisted Dev

🧰 MCP Toolbox now includes comprehensive Firestore tools that let AI assistants connect directly to Firestore from environments like Gemini CLI and other MCP-compatible interfaces. Built on the Model Context Protocol, these pre-built tools support document reads, collection queries, targeted updates, and security-rules validation to accelerate debugging, testing, and maintenance for NoSQL applications. Developers can perform complex queries and targeted updates in natural language, validate security rules before deployment, and reduce context switching between consoles and emulators. The release is accompanied by docs, quick start guides, a GitHub repo, and community channels to help teams adopt the features quickly.

GKE Network Interface: From kubenet to the AI backbone

📡 Over the past decade, Google Cloud evolved GKE pod networking from basic kubenet and route-based clusters to VPC-native alias IPs and the eBPF-powered Cilium Dataplane V2, improving performance, scalability, and observability. The platform now supports extreme-scale AI workloads with multi-NIC, terabit throughput, and persistent IPs for stateful functions. Looking forward, Google is exploring the Kubernetes Network Driver and the DRANET reference to expose node-level network resources via Dynamic Resource Allocation.

BigQuery scalability and reliability upgrades for Gen AI

🚀 Google Cloud announced BigQuery performance and usability enhancements to accelerate generative AI inference. Improvements include >100x throughput for first-party text generation and >30x for embeddings, plus support for Vertex AI Provisioned Throughput and dynamic token batching to pack many rows per request. New reliability features—partial-failure mode, adaptive traffic control, and robust retries—prevent individual row failures from failing whole queries and simplify large-scale LLM workflows.

AWS Expands ISO and CSA STAR Scope with Two Services

🔒 Amazon Web Services (AWS) announced that EY CertifyPoint completed an onboarding audit and reissued ISO and CSA STAR certificates on August 13, 2025, with no findings. The audit expanded the certified scope to include AWS Resource Explorer and AWS Security Incident Response alongside the other services covered under multiple ISO standards and CSA STAR CCM v4.0. Customers can retrieve certificates through AWS Artifact and view the full certified service list on the AWS ISO and CSA STAR Certified page.

CloudWatch Cross-Account Cross-Region Log Centralization

🔁 Amazon CloudWatch now supports cross-account, cross-region log centralization, allowing customers to copy log data from multiple AWS accounts and regions into a single destination account and integrate with AWS Organizations. Copied log events are enriched with new system fields (@aws.account and @aws.region) to preserve source context, and administrators can scope rules to the entire organization, selected OUs, or specific accounts. The feature supports selective log-group copying, automatic merging of same-named groups, optional backup-region copies, and includes one free centralized copy with additional copies billed at $0.05/GB.