2 days ago
ZEST Security adds AWS Service Control Policies to AI cloud platform
ZEST Security has announced the integration of AWS Service Control Policies (SCPs) into its Agentic AI-powered Cloud Risk Resolution platform to provide security teams with new, code-free mitigation methods for reducing cloud exposure.
According to research conducted by ZEST Security, over half of cloud security risks are not immediately remediable due to several barriers such as unavailable patches, the inability to make code changes, or limitations brought about by legacy systems. This often results in organisations accepting these risks, which can increase the potential for security incidents if appropriate mitigating controls are not in place.
Remediation challenges
ZEST Security's "2025 Cloud Risk Exposure Impact" report underscores the difficulties of traditional cloud risk management. The report found that 56% of risks cannot be remediated primarily because a patch may not be available, a code change cannot be made immediately, or legacy systems do not support upgrades. In these cases, the report notes that, "organizations often accept the risk, increasing the potential for security incidents when appropriate mitigating controls aren't applied."
Proactive SCT deployment
By integrating AWS Service Control Policies as a core element of its mitigation toolkit, ZEST Security is targeting the issue of non-remediable risks. SCPs offer security teams the ability to enforce restrictions and compliance across AWS accounts, reducing the need to wait for work from other internal teams or available patches and upgrades before acting on a vulnerability or exposure.
According to the company, "ZEST Security's mitigation pathways, now including AWS SCPs, offer a fast and reliable way to mitigate exposure, prevent exploitation and disrupt attacks at every stage, without waiting for patches, code changes or other teams to deliver full remediation."
Blocking attacker activity
By mobilising SCPs as a mitigation pathway, security teams can block both common and advanced attack techniques by controlling access to sensitive resources, encryption settings and public exposure, ZEST Security states. This reduces the risk of exploitation and helps prevent key attack stages such as reconnaissance, privilege escalation, and data encryption.
Technology and AI support
The ZEST Security platform leverages artificial intelligence agents to map vulnerabilities and misconfigurations identified by cloud security posture management and vulnerability management tools to corresponding mitigation pathways. The company's resolution engine assesses possible actions, including code or infrastructure-as-code fixes, patches, upgrades, cloud guardrails, and now SCPs, to identify the most effective means of reducing exposure at scale.
"The ZEST platform leverages AI Agents to map vulnerabilities and misconfigurations identified by CSPM and vulnerability management solutions to remediation and mitigation pathways. ZEST's resolution engine analyzes all available options, including code/IaC fixes, patches, upgrades, policies and cloud guardrails to identify the most direct and impactful path to reduce cloud exposure at scale, even in scenarios when remediation isn't immediately possible," ZEST Security stated.
Expanding mitigation options
While SCPs represent the latest addition to ZEST Security's suite of mitigation capabilities, the platform also enables mobilisation of other controls such as Web Application Firewalls, VPC, and GuardDuty. These options allow organisations to harden cloud configurations, enforce policy compliance, and establish custom protection rules, particularly when code changes or upgrades are impractical.
"While SCPs represent ZEST's latest mitigation pathway, ZEST provides a broader mitigation offering that mobilizes other controls and services such as Web Application Firewalls, VPC and GuardDuty to harden configurations, enforce stricter policies and create customized protection rules when code changes or upgrades aren't possible," the company stated.
The announcement highlights ZEST Security's strategy of operationalising standard cloud policies and AI-driven mapping to address risks that cannot be resolved through traditional remediation approaches, offering practical alternatives to address persistent vulnerabilities in cloud environments.
