ZEST Security adds AWS Service Control Policies to AI cloud platform
According to research conducted by ZEST Security, over half of cloud security risks are not immediately remediable due to several barriers such as unavailable patches, the inability to make code changes, or limitations brought about by legacy systems. This often results in organisations accepting these risks, which can increase the potential for security incidents if appropriate mitigating controls are not in place.
Remediation challenges
ZEST Security's "2025 Cloud Risk Exposure Impact" report underscores the difficulties of traditional cloud risk management. The report found that 56% of risks cannot be remediated primarily because a patch may not be available, a code change cannot be made immediately, or legacy systems do not support upgrades. In these cases, the report notes that, "organizations often accept the risk, increasing the potential for security incidents when appropriate mitigating controls aren't applied."
Proactive SCT deployment
By integrating AWS Service Control Policies as a core element of its mitigation toolkit, ZEST Security is targeting the issue of non-remediable risks. SCPs offer security teams the ability to enforce restrictions and compliance across AWS accounts, reducing the need to wait for work from other internal teams or available patches and upgrades before acting on a vulnerability or exposure.
According to the company, "ZEST Security's mitigation pathways, now including AWS SCPs, offer a fast and reliable way to mitigate exposure, prevent exploitation and disrupt attacks at every stage, without waiting for patches, code changes or other teams to deliver full remediation."
Blocking attacker activity
By mobilising SCPs as a mitigation pathway, security teams can block both common and advanced attack techniques by controlling access to sensitive resources, encryption settings and public exposure, ZEST Security states. This reduces the risk of exploitation and helps prevent key attack stages such as reconnaissance, privilege escalation, and data encryption.
Technology and AI support
The ZEST Security platform leverages artificial intelligence agents to map vulnerabilities and misconfigurations identified by cloud security posture management and vulnerability management tools to corresponding mitigation pathways. The company's resolution engine assesses possible actions, including code or infrastructure-as-code fixes, patches, upgrades, cloud guardrails, and now SCPs, to identify the most effective means of reducing exposure at scale.
"The ZEST platform leverages AI Agents to map vulnerabilities and misconfigurations identified by CSPM and vulnerability management solutions to remediation and mitigation pathways. ZEST's resolution engine analyzes all available options, including code/IaC fixes, patches, upgrades, policies and cloud guardrails to identify the most direct and impactful path to reduce cloud exposure at scale, even in scenarios when remediation isn't immediately possible," ZEST Security stated.
Expanding mitigation options
While SCPs represent the latest addition to ZEST Security's suite of mitigation capabilities, the platform also enables mobilisation of other controls such as Web Application Firewalls, VPC, and GuardDuty. These options allow organisations to harden cloud configurations, enforce policy compliance, and establish custom protection rules, particularly when code changes or upgrades are impractical.
"While SCPs represent ZEST's latest mitigation pathway, ZEST provides a broader mitigation offering that mobilizes other controls and services such as Web Application Firewalls, VPC and GuardDuty to harden configurations, enforce stricter policies and create customized protection rules when code changes or upgrades aren't possible," the company stated.
The announcement highlights ZEST Security's strategy of operationalising standard cloud policies and AI-driven mapping to address risks that cannot be resolved through traditional remediation approaches, offering practical alternatives to address persistent vulnerabilities in cloud environments.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
ZEST Security adds AWS Service Control Policies to AI cloud platform
ZEST Security has announced the integration of AWS Service Control Policies (SCPs) into its Agentic AI-powered Cloud Risk Resolution platform to provide security teams with new, code-free mitigation methods for reducing cloud exposure. According to research conducted by ZEST Security, over half of cloud security risks are not immediately remediable due to several barriers such as unavailable patches, the inability to make code changes, or limitations brought about by legacy systems. This often results in organisations accepting these risks, which can increase the potential for security incidents if appropriate mitigating controls are not in place. Remediation challenges ZEST Security's "2025 Cloud Risk Exposure Impact" report underscores the difficulties of traditional cloud risk management. The report found that 56% of risks cannot be remediated primarily because a patch may not be available, a code change cannot be made immediately, or legacy systems do not support upgrades. In these cases, the report notes that, "organizations often accept the risk, increasing the potential for security incidents when appropriate mitigating controls aren't applied." Proactive SCT deployment By integrating AWS Service Control Policies as a core element of its mitigation toolkit, ZEST Security is targeting the issue of non-remediable risks. SCPs offer security teams the ability to enforce restrictions and compliance across AWS accounts, reducing the need to wait for work from other internal teams or available patches and upgrades before acting on a vulnerability or exposure. According to the company, "ZEST Security's mitigation pathways, now including AWS SCPs, offer a fast and reliable way to mitigate exposure, prevent exploitation and disrupt attacks at every stage, without waiting for patches, code changes or other teams to deliver full remediation." Blocking attacker activity By mobilising SCPs as a mitigation pathway, security teams can block both common and advanced attack techniques by controlling access to sensitive resources, encryption settings and public exposure, ZEST Security states. This reduces the risk of exploitation and helps prevent key attack stages such as reconnaissance, privilege escalation, and data encryption. Technology and AI support The ZEST Security platform leverages artificial intelligence agents to map vulnerabilities and misconfigurations identified by cloud security posture management and vulnerability management tools to corresponding mitigation pathways. The company's resolution engine assesses possible actions, including code or infrastructure-as-code fixes, patches, upgrades, cloud guardrails, and now SCPs, to identify the most effective means of reducing exposure at scale. "The ZEST platform leverages AI Agents to map vulnerabilities and misconfigurations identified by CSPM and vulnerability management solutions to remediation and mitigation pathways. ZEST's resolution engine analyzes all available options, including code/IaC fixes, patches, upgrades, policies and cloud guardrails to identify the most direct and impactful path to reduce cloud exposure at scale, even in scenarios when remediation isn't immediately possible," ZEST Security stated. Expanding mitigation options While SCPs represent the latest addition to ZEST Security's suite of mitigation capabilities, the platform also enables mobilisation of other controls such as Web Application Firewalls, VPC, and GuardDuty. These options allow organisations to harden cloud configurations, enforce policy compliance, and establish custom protection rules, particularly when code changes or upgrades are impractical. "While SCPs represent ZEST's latest mitigation pathway, ZEST provides a broader mitigation offering that mobilizes other controls and services such as Web Application Firewalls, VPC and GuardDuty to harden configurations, enforce stricter policies and create customized protection rules when code changes or upgrades aren't possible," the company stated. The announcement highlights ZEST Security's strategy of operationalising standard cloud policies and AI-driven mapping to address risks that cannot be resolved through traditional remediation approaches, offering practical alternatives to address persistent vulnerabilities in cloud environments.
RNZ News
6 days ago
- RNZ News
Amazon profits surge 35% as AI investments drive growth
By AFP Despite the stellar results, investors seemed worried about Amazon's big cash outlays to pursue its AI ambitions. Photo: 123RF Amazon has reported a 35 percent jump in quarterly profits as the e-commerce giant says major investments in artificial intelligence has been paying off. The Seattle-based company posted net profit of $18.2 billion (NZ$30.9 billion) for the second quarter that ended June 30, compared with $13.5 billion (NZ$22.9 billion) in the same period last year. Net sales climbed 13 percent to $167.7 billion (NZ$284.7 billion), beating analyst expectations and signalling that the global company was surviving the impacts of the high-tariff trade policy under US President Donald Trump. "Our conviction that AI will change every customer experience is starting to play out," chief executive Andy Jassy said, pointing to the company's expanded Alexa+ service and new AI shopping agents. Amazon Web Services (AWS), the company's world leading cloud computing division, led the charge with sales jumping 17.5 percent to $30.9 billion (NZ$52.45 billion). The unit's operating profit rose to $10.2 billion (NZ$17.3 billion) from $9.3 billion (NZ$15.8 billion) a year earlier. The strong AWS performance reflects surging demand for cloud infrastructure to power AI applications, a trend that has benefited major cloud providers as companies race to adopt generative AI technologies. Despite the stellar results, investors seemed worried about Amazon's big cash outlays to pursue its AI ambitions, sending its share price more than three percent lower in after-hours trading. The company's free cash flow declined sharply to $18.2 billion (NZ$30.9 billion) for the trailing 12 months, down from $53 billion (NZ$90 billion) in the same period last year, as Amazon ramped up capital spending on AI infrastructure and logistics. The company spent $32.2 billion (NZ$54.7 billion) on property and equipment in the quarter, nearly double the $17.6 billion (NZ$29.9 billion) spent a year earlier, reflecting massive investments in data centres and backroom capabilities. Amazon has pledged to spend up to $100 billion (NZ$169.8 billion) this year, largely on AI-related investments for AWS. For the current quarter, Amazon forecast net sales between $174.0 billion (NZ$295 billion) and $179.5 billion (NZ$304.8 billion), representing solid growth of 10-13 percent compared with the third quarter of 2024. Operating profit was expected to range from $15.5 billion (NZ$26.3 billion) to $20.5 billion (NZ$34.8 billion) in the current third quarter, which was lower than some had hoped for and likely also a factor in investor disappointment. - AFP
Techday NZ
7 days ago
- Techday NZ
Kiwibank, MATTR & Deloitte to use new AWS New Zealand region
Kiwibank, MATTR, and Deloitte have confirmed they will use the AWS Asia Pacific (New Zealand) Region upon its launch this year. The three companies join previously announced customers Vector, One NZ, and Datacom in their commitment to AWS's new local cloud region. AWS continues to support numerous customers and partners in New Zealand in their digital transformation efforts, including adoption of artificial intelligence technologies through its worldwide infrastructure. Customer perspectives Kiwibank, New Zealand's largest locally owned bank which serves over one million customers, expects to benefit from the local AWS region's impact on performance and security. "A local AWS region will be a game-changer, boosting performance, resilience, and security while keeping data closer to our customers. Kiwibank's partnership work with AWS on CloudUp for Her has already shown how cloud adoption drives both innovation and talent development. With this expansion, we will be able to scale faster, create more opportunities to upskill talent, and maintain the reliability and security our customers expect," said Ranjit Jayanandhan, General Manager, Experience Hub at Kiwibank. MATTR, a provider of infrastructure and digital trust services, also highlighted the significance of a local region for meeting data sovereignty needs and supporting the public and private sectors in delivering secure digital services. "MATTR is thrilled to be part of the launch of the AWS New Zealand Region. This milestone is significant, allowing us to deliver more options to New Zealand customers for their TrustTech solutions, helping to ensure that New Zealand's unique needs around data sovereignty can be met. Having a local AWS Region means we can better support public and private sector organisations in building secure, privacy-preserving digital experiences - all while keeping sensitive data onshore. This provides choice for New Zealand customers using Mattr's verifiable credential and digital identity solutions backed by world-class infrastructure from AWS available locally as the foundation for growth and scale," said Martin Eichenberg, Head of Site Reliability & Operations at MATTR. Deloitte New Zealand emphasised the role of a local AWS region in supporting cloud adoption and skills development across the technology sector. "We view the launch of the Auckland Region as an important step forward in New Zealand's technology sector that will enable our customers to generate even more business value from cloud solutions. As a leading AWS Partner, training and certification are key to the development of our people, and we see the Region as driving further education around cloud as the demand for AWS skills increases. This will ignite New Zealand's transition to a technology hub and continue to enhance our reputation for innovation," said Damian Harvey, Technology Partner at Deloitte. Investment and skills development AWS has announced its planned investment of NZD $7.5 billion in the Auckland region over 15 years. According to AWS, this investment is expected to contribute NZD $10.8 billion to New Zealand's GDP and enable organisations across a range of sectors and sizes to take advantage of secure infrastructure while meeting local data residency requirements. As part of its agreement with the New Zealand government, AWS has committed to providing cloud skills training for 100,000 people in New Zealand by 2027. The company reports that over 50,000 individuals have already received AWS cloud training. These training programmes aim to address skills shortages identified in a recent report by Access Partnership, which found that 63% of New Zealand employers consider hiring AI-skilled talent a priority, though nearly 70% report difficulties in finding qualified candidates. AWS offers several programmes to support this goal, including AWS Academy, AWS Skills Builder, AWS Educate, and AWS re/Start, to address digital skills demand across the nation. Infrastructure and resilience AWS states that its infrastructure is designed to provide high levels of security and availability. In New Zealand, a study by Frost and Sullivan found AWS offers 99.54% availability, which the company claims is higher than any other hyperscale cloud provider. AWS's regional design includes a minimum of three physically separate Availability Zones, providing independent power and connectivity, which enhances overall resilience and fault tolerance for local customers. This infrastructure is intended to protect applications against operational disruptions, including natural disasters and technical incidents, and to support even large-scale or critical workloads with high resilience. Energy and sustainability AWS is implementing several strategies to improve the energy efficiency of its data centres, such as optimising data centre designs, investing in dedicated chips, and developing new cooling systems. According to a report from Accenture, AWS infrastructure can be up to 4.1 times more efficient than traditional on-premises data centres, and using AWS's purpose-built silicon could reduce the associated carbon footprint by up to 99% for optimised workloads. The AWS Asia Pacific (New Zealand) Region will be powered entirely by renewable energy at launch, supported by a long-term power purchase agreement with Mercury NZ for the Turitea South wind farm. AWS's parent company, Amazon, has already achieved its global 100% renewable energy target and has been recognised as the largest corporate purchaser of renewable energy globally for five consecutive years. The AWS New Zealand Region is one of several significant investments by AWS to support ongoing digital transformation and economic growth across the country.
