AWS Revamps Security Competency Program with New Specializations
AWS also expanded its Level 1 MSSP Competency Specializations with six new security services domains.
July 26, 2022
![AWS new software security competency partners AWS new software security competency partners](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6009f8727b258416/65241de29e569b6ed47661d1/AWS-new-software-security-competency-partners.jpg?width=700&auto=webp&quality=80&disable=upscale)
Managed container workload security event monitoring and response services include continuous container image vulnerability scanning for vulnerabilities in operating systems and from programming languages.
Solutions and services that can detect and mitigate threats and events effecting identity services running in AWS. This specialty addresses and detects anomalous access behavior, multifactor authentication (MFA), secrets management, adaptive authentication, single sign-on (SSO), AWS-supported identity provider, privilege access management (PAM), identity federation and identity governance and administration (IGA).
Partners with this specialty provide ongoing managed services for detecting and responding to security events in code pipelines and applications. It includes code reviews and application development, runtime application and self-protection (RASP), penetration testing, managed pipeline scanning service, dynamic code analysis and static code analysis.
These managed services monitor for security events such as those triggered by discovery of sensitive data in unintended locations of a customer’s AWS environment, encryption key and certificate management, malware-infected files and accidental transmission of sensitive data.
Partners that can provide rapid support to incident responders, utilizing telemetry and data collected by partners from their managed security services delivered to AWS customers.
Providers that manage an existing business continuity solution, including documented processes/workflows for AWS environments to recover from a ransomware attack or other business interruption.
Providers that manage an existing business continuity solution, including documented processes/workflows for AWS environments to recover from a ransomware attack or other business interruption.
AWS RE:INFORCE — Amazon has revamped its AWS Security Competency program with a new set of specializations. The cloud giant redesigned it so customers could more easily find partners with proper specialties based on their requirements.
AWS launched the new program on Tuesday at AWS re:Inforce, the company’s security conference in Boston. AWS chief information security officer (CISO) C.J. Moses announced the relaunch of the program during the opening keynote session.
“We want to assist customers in avoiding security jargon so they can pinpoint the third-party software needed to support them, all of course validated by AWS,” Moses said. “Because our AWS security competency partners are critical to extending the benefits of AWS, we took customer feedback to do a global design.”
AWS organized the program into eight categories that address 40 different customer security use cases, including software and professional service support, Moses noted. The eight categories include application security, data protection, identity and access management (IAM), compliance and privacy and infrastructure security. Threat detection and response (TDR), perimeter protection and core security are also on the list.
‘[The] software security competency partners successfully underwent a rigorous technical and operational validation process with AWS security experts,” Moses said.
For example, AWS created a zero-trust network use case in the infrastructure category.
AWS announced 42 launch partners. They include Accenture, Alert Logic, Aqua, Barracuda, Check Point, Deloitte, DXC Technology, Fortinet, IBM, Presidio and Sentinel One. Others are Sophos, Splunk, Tanium, Tenable, Trend Micro, Wipro, Wiz and ZScaler.
Alert Logic announced it met the AWS Security Competency for TDR for its managed detection and response (MDR) offering. Also, Alert Logic said it has achieved the new AWS Level 1 MSSP Software Competency.
Level 1 MSSP Software Competency
AWS also launched specialization categories for the AWS Level 1 MSSP Competency. The new categories consist of six specialized managed security services to AWS’s Level 1 MSSP Competency program launched last year.
Here’s our most recent list of important channel-program changes you should know. |
At the time, the program launched with competencies including infrastructure vulnerability, resource inventory visibility, security best practices monitoring, compliance monitoring, triaging of security events, 24×7 incident alerting, distributed denial-of-service mitigation, managed intrusion protection, MDR for AWS endpoints and managed web application firewall.
According to AWS, the solutions must provide 24×7 monitoring and response services and extend AWS’ Level 1 MSSP baseline. The six MSSP security service domains include: vulnerability management, network security, cloud security best practices and compliance, host and endpoint security, threat detection and response and application security.
AWS said Level 1 MSSP partners are certified to use native AWS security services including Amazon Guard Duty, the AWS Security Hub and ISV SaaS security tools. Level 1 MSSP partners provide 24×7 monitoring of “essential” AWS resources, while providing complete visibility of AWS resources that are added, moved or removed.
Level 1 MSSP Competency specialization partners supporting the new AWS categories include Accenture, Arctic Wolf, Capgemini, Deepwatch, Delotte, DXC, GDIT, Hitachi, Ibexlabs, IBM, Proficio, RedBearIT, StackArmor and Wipro.
We outline the six new Level 1 MSSP Competency Specialization categories, as described by AWS in the slideshow above.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Jeffrey Schwartz or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like