All news with #cloud security tag

🔒 During economic downturns, organizations must preserve cybersecurity with constrained budgets by prioritizing risk-based controls, hardening existing systems, and blending open- and closed-source tools. The blog recommends defense-in-depth, isolating legacy hardware, disabling unnecessary features, and tuning EDR/AV, logging, and network filters to reduce exposure. It also advises retaining skilled incident response partners and investing selectively in early-to-mid career talent to maintain long-term resilience.

🚀 AWS Control Tower is now available in the AWS Asia Pacific (New Zealand) Region, bringing the service to 34 AWS Regions plus the AWS GovCloud (US) Regions. The service simplifies setup and governance of a secure, multi-account AWS environment, enabling a landing zone in 30 minutes or less and centralized visibility into compliance status. Existing customers can extend governance to the new region via the Control Tower settings by selecting regions and updating their landing zone; once applied, governed accounts, managed accounts, and registered organizational units (OUs) will be managed in the new region.

🔒 Check Point has made AI Cloud Protect powered by NVIDIA BlueField available for enterprise deployment, offering DPU-accelerated security for cloud AI workloads. The solution aims to inspect and protect GenAI traffic and prompts to reduce data exposure risks while integrating with existing cloud environments. It targets prompt manipulation and infrastructure attacks at scale and is positioned for organizations building AI factories.

🚀 Amazon EC2 R8i and R8i-flex instances are now available in Europe (London), powered by custom Intel Xeon 6 processors exclusive to AWS. AWS reports up to 15% better price-performance and 2.5x more memory bandwidth versus previous Intel-based generations, and up to 20% higher performance compared to R7i for many workloads. R8i-flex introduces memory-optimized Flex sizing (large through 16xlarge) for applications that do not fully utilize compute, while R8i offers 13 sizes including two bare-metal options and a new 96xlarge and is SAP-certified. Instances can be purchased via On-Demand, Savings Plans or Spot.

🔍 AWS has expanded Resource Explorer to support 47 additional resource types across services including Amazon Bedrock, AWS Shield, AWS Glue, VPC Lattice, WAFv2, SageMaker, and S3. With this update, customers can search for and discover these resources centrally, improving inventory accuracy and operational visibility. The change aims to streamline compliance, incident response, and cross-service troubleshooting by making more resource types queryable from a single interface.

🚀 Amazon DocumentDB (with MongoDB compatibility) introduces PlannerVersion 2.0 for DocumentDB 5.0, delivering advanced query optimization and up to 10x performance improvements for indexed find and update operations. The new planner improves cost estimation, selects more optimal index plans, and adds index-scan support for negation operators such as $neq and $nin, as well as nested $elementMatch. Enabling PlannerVersion 2.0 requires a simple parameter change in your cluster parameter group and does not require a restart or incur downtime; you can revert to the legacy planner if needed.

🔍 AzureHound is an open-source Go-based enumeration tool designed for cloud discovery and red-team assessments that threat actors also misuse to map Entra ID and Azure resources. Unit 42 outlines how adversaries leverage Microsoft Graph and Azure REST APIs to enumerate users, groups, roles, storage and services and to identify privilege escalation paths. The report highlights observable artifacts such as the user-agent azurehound/ and discusses detection opportunities in Microsoft Graph, Entra ID sign-in logs and Cortex XQL hunts. Practical mitigations include phishing-resistant MFA, Conditional Access Policies, token binding and broad endpoint and cloud visibility.

🔍 The Unit 42 2025 Incident Response analysis explains that attackers exploit complexity, visibility gaps and excessive trust to succeed against organizations of all sizes. The report notes almost a third of incidents were cloud-related, IAM failures appeared in 41% of cases and attackers often moved within an hour, causing outsized disruption and cost. The recommended response is to consolidate telemetry into an integrated platform like Cortex, extend protection into cloud with Cortex Cloud, secure browser activity with Prisma Browser, and engage Unit 42 for advisory and retainer services.

🌐 This blog presents a reference architecture for deploying Network Virtual Appliances (NVAs) in a regional hub-and-spoke design using VPC Network Peering. It explains how Google’s Cross-Cloud Network and software-defined global backbone support any-to-any connectivity while preserving regional affinity for latency and data residency. The post details traffic flows and key services such as Cloud Interconnect, HA VPN, Internal Passthrough Network Load Balancers, policy-based routes, and Private Service Connect to integrate managed services and workload VPCs.

🔒 AWS announced the launch of AWS Secret-West, its second Secret U.S. region for handling mission-critical workloads at the Secret classification. The region offers multiple Availability Zones, an ICD-accredited security architecture, and authorized services under ICD 503 and DoD SRG IL6. It provides lower latency for western U.S. operations, multi-region resiliency, and geographic separation to support government mission requirements.

⚡ Google Cloud announced the H4D VM family (Preview), powered by 5th Gen AMD EPYC processors (Turin), aimed at delivering extreme performance for financial services workloads. The H4D series targets latency-sensitive use cases such as high-frequency trading, Monte Carlo risk simulations, backtesting, and derivatives pricing by offering faster core-to-core communication, larger memory capacity, and improved network throughput. AMD benchmarking with the open-source KX Nano test reported an average ~34% out-of-the-box performance gain over prior C3D VMs, with per-core and multi-threaded uplifts around 1.33–1.36x. Google Cloud will demonstrate H4D and complementary HPC solutions at STAC Summit NYC on October 28th and will have experts available to discuss performance, security, and compliance.

🚀 Amazon EC2 High Memory U7i instances (u7i-6tb.112xlarge) are now available in the AWS US East (Ohio) Region. These 7th-generation instances deliver 6TB of DDR5 memory and 448 vCPUs powered by custom 4th-generation Intel Xeon Scalable processors (Sapphire Rapids). They support up to 100 Gbps for EBS throughput and networking, include ENA Express, and are designed for mission-critical in-memory databases such as SAP HANA, Oracle, and SQL Server.

🔹 Microsoft has been named a Leader in the 2025 Gartner Magic Quadrant for Distributed Hybrid Infrastructure, its third consecutive recognition. Azure’s adaptive approach—anchored by Azure Arc and Azure Local—delivers unified management, governance, and security across hybrid, edge, multicloud, and sovereign environments. These technologies enable services such as AKS, Microsoft Defender for Cloud, IoT operations and AI workloads, and Microsoft highlights customer outcomes and continued investment to broaden capabilities and compliance.

🌍 The AWS Customer Carbon Footprint Tool now reports Scope 3 emissions alongside Scope 1 natural gas and refrigerant data, giving customers more complete visibility into cloud-related carbon impacts. Historical Scope 3 data is available back to January 2022 and can be accessed through the CCFT dashboard and AWS Billing and Cost Management data exports. These updates extend CCFT coverage to all three scopes defined by the Greenhouse Gas Protocol and help customers integrate carbon insights into operational workflows, sustainability planning, and reporting.

🚀 Amazon MQ is now available in the AWS Asia Pacific (New Zealand) Region (API name ap-southeast-6) with three Availability Zones. The managed message broker supports Apache ActiveMQ and RabbitMQ, reducing operational overhead by managing provisioning, setup, and maintenance. Because it uses industry-standard APIs and protocols, customers can migrate applications to AWS without rewriting code. With this launch, Amazon MQ is now offered in 38 AWS regions globally.

🆕 Amazon has expanded S3 Metadata to three additional AWS Regions — Europe (Frankfurt), Europe (Ireland), and Asia Pacific (Tokyo). The service provides automated, near-real-time, queryable metadata for S3 objects, covering system-defined attributes (size, source, timestamps) and custom metadata via tags. Metadata is automatically populated for both new and existing objects, enabling faster discovery, curation, and use for analytics and real-time inference. With this release, S3 Metadata is generally available in six AWS Regions.

🚀 Amazon Web Services has launched C7i-flex instances in the Asia Pacific (Jakarta) Region. The new instances deliver up to 19% better price-performance versus C6i and use custom 4th generation Intel Xeon Scalable (Sapphire Rapids) processors available only on AWS, while offering roughly 5% lower prices than standard C7i. C7i-flex covers common sizes from large to 16xlarge and is intended for compute-intensive workloads that don’t fully utilize all vCPUs; customers with continuous high CPU usage or needs for very large sizes (up to 192 vCPUs and 384 GiB) should consider full-size C7i instances.

🚀 Amazon DocumentDB (with MongoDB compatibility) now supports Graviton4-based R8g instances, delivering DDR5 memory and Nitro System improvements for memory‑intensive workloads. R8g is available for Amazon DocumentDB 5.0 on both Standard and IO‑Optimized cluster storage. Customers can modify existing clusters or create new ones via the AWS Management Console, CLI, or SDK; check documentation for regional availability and pricing.

🔒 AWS has made Nitro Enclaves available in every AWS Region, expanding regional support to include new locations across Asia Pacific, Europe, the Middle East, and North America. Nitro Enclaves enables customers to create isolated compute environments inside EC2 instances to protect and process sensitive data and reduce attack surface. There is no additional charge beyond the EC2 and associated service usage.

📘 The AWS re:Invent 2025 attendee guide highlights the conference's digital sovereignty program, detailing sessions, workshops, and code talks focused on data residency, hybrid and edge deployments, and sovereign infrastructure. Key topics include the AWS European Sovereign Cloud, AWS Outposts, Local Zones, and security features such as the Nitro System. Practical workshops and chalk talks demonstrate RAG, agentic AI, and low-latency SLM deployments with operational controls and compliance patterns. Reserve seating via the attendee portal or access sessions with the free virtual pass.