Breach, Content

AWS Cloud Security: Web Application Firewall Statement

Amazon Web Services (AWS) will "proactively scan the public IP space" to help organizations identify misconfigured Web application firewalls (WAFs), AWS VP and CISO Stephen Schmidt last week wrote in a letter to U.S. Senator Ron Wyden.

Stephen Schmidt, CISO, AWS

The statement comes after Capital One Financial Corporation last month identified a cybersecurity breach that involved a misconfigured AWS WAF; the breach has affected 100 million individuals in the United States and approximately 6 million individuals in Canada.

AWS plans to notify organizations if it identifies WAFs that could be misconfigured, Schmidt noted. It also intends to help organizations set the "least permissive permissions possible" for its WAFs.

In addition, AWS will try to make its Macie and GuardDuty anomaly detection services more widely available than ever before, Schmidt indicated. This ensures organizations across the globe will be able to use Macie and GuardDuty to quickly identify WAF misconfigurations and other cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.