AWS Transform now offers Terraform as an additional option to generate network infrastructure code automatically from VMware environments. The service converts your source network definitions into reusable Terraform modules, complementing current AWS CloudFormation and AWS Cloud Development Kit (CDK) support.
AWS Transform for VMware is an agentic AI service that automates the discovery, planning, and migration of VMware workloads, accelerating infrastructure modernization with increased speed and confidence. These migrations require recreating network configurations while maintaining operational consistency. The service now generates Terraform modules alongside CDK and AWS CloudFormation templates. This addition enables organizations to maintain existing deployment pipelines while using preferred tools for modular, customizable network configurations.
AWS Transform now offers Terraform as an additional option to generate network infrastructure code automatically from VMware environments. The service converts your source network definitions into reusable Terraform modules, complementing current AWS CloudFormation and AWS Cloud Development Kit (CDK) support. AWS Transform for VMware is an agentic AI service that automates the discovery, planning, and migration of VMware workloads, accelerating infrastructure modernization with increased speed and confidence. These migrations require recreating network configurations while maintaining operational consistency. The service now generates Terraform modules alongside CDK and AWS CloudFormation templates. This addition enables organizations to maintain existing deployment pipelines while using preferred tools for modular, customizable network configurations.
The Terraform module generation capability is available in all AWS Regions where the service is offered.
To learn more, visit the AWS Transform for VMware product page, read the user guide, or get started in the AWS Transform web experience.
AWS Storage Gateway now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach endpoint policies to VPC endpoints, allowing granular access control over Storage Gateway direct APIs for improved data protection and security posture.
AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud.
AWS Storage Gateway support for VPC endpoint policies is available in all AWS Regions where Storage Gateway is available. To learn more, visit our documentation.
AWS Storage Gateway now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach endpoint policies to VPC endpoints, allowing granular access control over Storage Gateway direct APIs for improved data protection and security posture. AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud. AWS Storage Gateway support for VPC endpoint policies is available in all AWS Regions where Storage Gateway is available. To learn more, visit our documentation.
Starting today, customers can use boot and data volumes backed by Dell PowerStore and HPE Alletra Storage MP B10000 storage arrays with Amazon Elastic Compute Cloud (Amazon EC2) instances on AWS Outposts, including authenticated and encrypted volumes. This enhancement extends our existing support for boot and data volumes to include Dell and HPE storage arrays, alongside our current support for NetApp® on-premises enterprise storage arrays and Pure Storage® FlashArray™. Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises or edge location for a truly consistent hybrid experience.
With Outposts, customers can maximize the value of their on-premises storage investments by leveraging their existing enterprise storage arrays for both boot and data volumes, complementing managed Amazon EBS and Local Instance Store options. This provides significant operational benefits, including streamlined operating system (OS) management via centralized boot volumes and advanced data management features through high-performance data volumes. By integrating their own storage, organizations can also satisfy data residency requirements and benefit from a consistent cloud operational model for their hybrid environments.
To simplify the process, AWS offers automation scripts through AWS Samples to help customers easily set up and use external block volumes with EC2 instances on Outposts. Customers can use the AWS Management Console or CLI to utilize third-party block volumes with EC2 instances on Outposts.
Third-party storage integration for Outposts with all compatible storage vendors is available on Outposts 2U servers and Outposts racks at no additional charge in all AWS Regions where Outposts is supported. See the FAQs for Outposts servers and Outposts racks for the latest list of supported Regions.
Starting today, customers can use boot and data volumes backed by Dell PowerStore and HPE Alletra Storage MP B10000 storage arrays with Amazon Elastic Compute Cloud (Amazon EC2) instances on AWS Outposts, including authenticated and encrypted volumes. This enhancement extends our existing support for boot and data volumes to include Dell and HPE storage arrays, alongside our current support for NetApp® on-premises enterprise storage arrays and Pure Storage® FlashArray™. Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises or edge location for a truly consistent hybrid experience. With Outposts, customers can maximize the value of their on-premises storage investments by leveraging their existing enterprise storage arrays for both boot and data volumes, complementing managed Amazon EBS and Local Instance Store options. This provides significant operational benefits, including streamlined operating system (OS) management via centralized boot volumes and advanced data management features through high-performance data volumes. By integrating their own storage, organizations can also satisfy data residency requirements and benefit from a consistent cloud operational model for their hybrid environments. To simplify the process, AWS offers automation scripts through AWS Samples to help customers easily set up and use external block volumes with EC2 instances on Outposts. Customers can use the AWS Management Console or CLI to utilize third-party block volumes with EC2 instances on Outposts. Third-party storage integration for Outposts with all compatible storage vendors is available on Outposts 2U servers and Outposts racks at no additional charge in all AWS Regions where Outposts is supported. See the FAQs for Outposts servers and Outposts racks for the latest list of supported Regions. To learn more about implementation details and best practices, check out this blog post or visit our technical documentation for Outposts servers, second-generation Outposts racks, and first-generation Outposts racks.
AWS Transfer Family now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach an endpoint policy to an interface VPC endpoint, allowing granular access control over Transfer Family APIs for improved data protection and security posture. Additionally, Transfer Family now supports Federal Information Processing Standards (FIPS) 140-3 enabled VPC endpoints.
Previously, customers had full access to Transfer Family APIs through an interface VPC endpoint, powered by AWS PrivateLink. With this launch, you can now manage which Transfer Family API actions (CreateServer, StartServer, DeleteServer, etc) can be performed, which principals can perform them, and which resources they can act upon. These policies work with existing IAM user and role policies and organizational service control policies.
AWS Transfer Family now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach an endpoint policy to an interface VPC endpoint, allowing granular access control over Transfer Family APIs for improved data protection and security posture. Additionally, Transfer Family now supports Federal Information Processing Standards (FIPS) 140-3 enabled VPC endpoints. Previously, customers had full access to Transfer Family APIs through an interface VPC endpoint, powered by AWS PrivateLink. With this launch, you can now manage which Transfer Family API actions (CreateServer, StartServer, DeleteServer, etc) can be performed, which principals can perform them, and which resources they can act upon. These policies work with existing IAM user and role policies and organizational service control policies. VPC endpoint policy support is available in all AWS Regions where the service is available. To learn more, visit the Transfer Family User Guide.
Empoderar a los defensores en la era de la IA agéntica con Microsoft Sentinel
Microsoft presenta una nueva ola de innovación en seguridad, en la que ofrece una plataforma agéntica para proteger a las organizaciones a escala
Por: Vasu Jakkal, vicepresidenta corporativa de seguridad de Microsoft.
Vivimos un punto de inflexión en la forma en que las organizaciones trabajan y se defienden. En todas las industrias, han comenzado a surgir «Empresas Frontera» (Frontier Firms); estos son negocios donde los humanos y los agentes de IA colaboran en tiempo real para resolver problemas, innovar y construir organizaciones resilientes.
Para los equipos de seguridad, este cambio trae nuevas oportunidades y desafíos. La complejidad y la velocidad de las ciberamenazas modernas exigen soluciones que vayan más allá de las herramientas tradicionales. Para abordar estas necesidades, Microsoft introduce nuevas capacidades de seguridad agéntica para capacitar a los defensores para innovar de manera audaz y segura en esta nueva era de IA.
Microsoft Sentinel: la plataforma de seguridad para la era agéntica
Los defensores necesitan proteger la IA de extremo a extremo y, para eso, necesitan una plataforma que reúna datos, contexto, automatización y agentes inteligentes, lo que les permite defenderse y adaptarse a la velocidad de la IA. Esa plataforma es Microsoft Sentinel.
Sentinel comenzó como una gestión de eventos e información de seguridad (SIEM, por sus siglas en inglés) nativa de la nube y se expandió para incluir también un lago de datos de seguridad unificado en julio. Hoy en día, se expande a una plataforma agencial con la disponibilidad general del lago de datos Sentinel y la vista previa pública del gráfico Sentinel y el servidor Sentinel Model Context Protocol (MCP). Con el contexto basado en gráficos, el acceso semántico y la orquestación agéntica, Sentinel ofrece a los defensores una única plataforma para ingerir señales, correlacionar entre dominios y potenciar los agentes de IA integrados en Security Copilot, VS Code mediante GitHub Copilot u otras plataformas de desarrolladores.
Sentinel ingiere señales, ya sean estructuradas o semiestructuradas, y crea una comprensión rica y contextual de su patrimonio digital a través de datos de seguridad vectorizados y relaciones basadas en gráficos. Al integrar esta información con Microsoft Defender y Microsoft Purview, Sentinel aporta contexto basado en gráficos a las herramientas que ya usan los equipos de seguridad, lo que ayuda a los defensores a rastrear rutas de acceso de ataque, comprender el impacto y priorizar la respuesta, todo dentro de flujos de trabajo familiares.
Con Microsoft Security y el lago de datos Sentinel, hemos unificado silos, escalado operaciones, procesos automatizados y ampliado la cobertura, para transformar la manera en que detectamos patrones y nos preparamos para el futuro con una postura de seguridad unificada y ágil.
—Bernard Knaapen, director de producto, monitoreo y respuesta a incidentes, ABN AMRO
Sentinel también organiza y enriquece sus datos de seguridad, preparándolos para que los agentes de IA detecten problemas más rápido, investiguen con más claridad y respondan en automático cuando sea necesario. Y el enfoque basado en gráficos de Sentinel permite a los agentes de Security Copilot razonar sobre su entorno con precisión y velocidad, gracias al servidor MCP incorporado, que utiliza estándares abiertos para facilitar el acceso y la acción de los agentes. Para equipos avanzados, el servidor Sentinel MCP permite la extensibilidad de agentes predefinidos y personalizados, lo que permite un razonamiento impulsado por IA sobre datos unificados. Esto cambia la seguridad de reactiva a predictiva, lo que ayuda a los equipos a anticipar amenazas y automatizar la respuesta a escala.
Este diagrama ilustra la arquitectura y la integración del ecosistema de seguridad de Microsoft en entornos multinube y multiplataforma.
Sentinel es un SIEM líder en la industria y la red troncal escalable que los defensores necesitan en la era de la IA. Juntos, Sentinel y Security Copilot brindan a los equipos de seguridad la visibilidad, la automatización y la escala que necesitan para adelantarse a las amenazas cibernéticas.
Security Copilot: Creen sus propios agentes, sin necesidad de código
Security Copilot se creó para ayudar a los equipos de seguridad a enfrentar los desafíos más difíciles: alertas interminables, herramientas aisladas y presión constante para hacer más con menos. Pero nadie entiende su entorno y sus necesidades únicas como ustedes. Ahora pueden crear sus propios agentes de Security Copilot. El portal de Security Copilot cuenta con un generador de agentes sin código que les permite describir lo que necesitan en lenguaje natural y crear, optimizar y publicar agentes adaptados a sus flujos de trabajo en minutos.
También pueden crear agentes en una plataforma de codificación habilitada para el servidor Sentinel MCP, como VS Code, mediante GitHub Copilot. Una vez creado, ustedes pueden refinar e implementar agentes en su espacio de trabajo de Security Copilot mientras mantienen el proceso dentro de la plataforma de desarrollo familiar.
Los agentes de Security Copilot están diseñados para integrarse en las herramientas y flujos de trabajo diarios, ya sea integrados en los productos de seguridad de Microsoft que ustedes ya usan, creados por socios o personalizados para su entorno. Desde el lanzamiento de los agentes de Security Copilot en marzo de 2025, hemos entregado más de una docena de agentes para escenarios como la clasificación de phishing y la optimización del acceso condicional. Seguimos con la adición de agentes incrustados como Access Review Agent en Microsoft Entra. Los agentes de Microsoft y Security Copilot creados por los socios están disponibles para detectar, comprar e implementar en Security Store hoy.
Basándose en el contexto basado en gráficos de Sentinel, los agentes de Security Copilot ahora pueden razonar de manera más efectiva en todo su entorno, al correlacionar alertas, enriquecer el contexto con las relaciones, priorizar por impacto y automatizar acciones comunes. Esto permite menos falsos positivos, una clasificación más rápida y un menor tiempo medio de resolución (MTTR, por sus siglas en inglés). El trabajo cambia de la clasificación manual a los flujos de trabajo dirigidos por agentes: los agentes orquestan y automatizan las tareas rutinarias, mientras que los analistas revisan y aprueban los resultados, para enfocar su tiempo en decisiones estratégicas y búsquedas proactivas de amenazas.
A medida que las organizaciones adoptan la IA, Microsoft continúa su inversión en herramientas que ayudan a los equipos de seguridad a proteger y controlar sus plataformas, aplicaciones y agentes de IA en toda la empresa.
En los últimos meses, hemos ampliado nuestras capacidades de seguridad para IA, incluido Entra Agent ID para ayudar a descubrir y administrar su patrimonio de agentes, controles para evitar el intercambio excesivo de datos en aplicaciones y agentes de IA personalizados, herramientas de descubrimiento de riesgos para proveedores de modelos de IA y servidores MCP, y detección avanzada para ataques de inyección rápida.
En Microsoft Build 2025, anunciamos nuevas mejoras en Azure AI Foundry que proporcionan más protección para los agentes de IA a lo largo de su ciclo de vida. Estos estarán disponibles pronto e incluyen:
Control de cumplimiento de tareas de los agentes para ayudar a mantener a los agentes alineados con las tareas en tiempo real
Barrera de protección de información de identificación personal (PII, por sus siglas en inglés)
Capacidad de iluminación en escudos rápidos para mejorar la protección contra ataques de inyección cruzada
Juntas, estas innovaciones les ayudan a proteger y controlar sus aplicaciones y agentes de IA en Microsoft 365 Copilot, Copilot Studio y Azure AI Foundry, lo que les ayuda a crear las herramientas de confianza que sus equipos ya usan y les ofrece más protecciones creadas de forma nativa para sus plataformas de IA de Microsoft.
Hemos entrado en una nueva era: la seguridad es adaptativa, inteligente y actúa a la velocidad del pensamiento. Los avances anunciados hoy son los componentes básicos de una nueva generación de defensa.
Creo con firmeza que la seguridad es un deporte de equipo. Ese equipo nos incluye a todos: innovar juntos, aprender juntos y defender juntos.
Juntos, no solo imaginamos el futuro. Lo aseguramos.
Para obtener más información sobre las soluciones de seguridad de Microsoft, visiten nuestro sitio web. Agreguen a Favoritos el blog de Seguridad para mantenerse al día con nuestra cobertura experta en asuntos de seguridad. Además, síganos en LinkedIn (Microsoft Security) y X (@MSFTSecurity) para conocer las últimas noticias y actualizaciones sobre ciberseguridad.
AWS Firewall Manager announces that it is now available in AWS Asia Pacific (Taipei) Region. AWS Firewall Manager helps cloud security administrators and site reliability engineers protect applications while reducing the operational overhead of manually configuring and managing rules.
Working with AWS Firewall Manager, customers can provide defense in depth policies to address the full range of AWS security services for customers hosting their applications and workloads in AWS Taipei. Customers wishing to establish secured assets using AWS WAF can create and maintain security policies with AWS Firewall Manager.
To learn more about how AWS Firewall Manager works, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.
AWS Firewall Manager announces that it is now available in AWS Asia Pacific (Taipei) Region. AWS Firewall Manager helps cloud security administrators and site reliability engineers protect applications while reducing the operational overhead of manually configuring and managing rules. Working with AWS Firewall Manager, customers can provide defense in depth policies to address the full range of AWS security services for customers hosting their applications and workloads in AWS Taipei. Customers wishing to establish secured assets using AWS WAF can create and maintain security policies with AWS Firewall Manager. To learn more about how AWS Firewall Manager works, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.
You can now deploy AWS IAM Identity Center in 36 AWS Regions, including Asia Pacific (Bangkok) and Mexico Central (Querétaro).
IAM Identity Center is the recommended service for managing workforce access to AWS applications. It enables you to connect your existing source of workforce identities to AWS once and offer your users single sign on experience across AWS. It powers the personalized experiences offered by AWS applications, such as Amazon Q, and the ability to define and audit user-aware access to data in AWS services, such as Amazon Redshift. It can also help you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost in these AWS Regions.
You can now deploy AWS IAM Identity Center in 36 AWS Regions, including Asia Pacific (Bangkok) and Mexico Central (Querétaro).
IAM Identity Center is the recommended service for managing workforce access to AWS applications. It enables you to connect your existing source of workforce identities to AWS once and offer your users single sign on experience across AWS. It powers the personalized experiences offered by AWS applications, such as Amazon Q, and the ability to define and audit user-aware access to data in AWS services, such as Amazon Redshift. It can also help you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost in these AWS Regions.
To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center User Guide.
Amazon Simple Notification Service (Amazon SNS) now allows customers to make API requests over Internet Protocol version 6 (IPv6) in the AWS GovCloud (US) Regions. The new endpoints have also been validated under the Federal Information Processing Standard (FIPS) 140-3 program.
Amazon SNS is a fully managed messaging service that enables publish/subscribe messaging between distributed systems, microservices, and event-driven serverless applications. With this update, customers have the option of using either IPv6 or IPv4 when sending requests over dual-stack public or VPC endpoints.
SNS now supports IPv6 in all Regions where the service is available, including AWS Commercial, AWS GovCloud (US), and China Regions. For more information on using IPv6 with Amazon SNS, please refer to our developer guide.
Amazon Simple Notification Service (Amazon SNS) now allows customers to make API requests over Internet Protocol version 6 (IPv6) in the AWS GovCloud (US) Regions. The new endpoints have also been validated under the Federal Information Processing Standard (FIPS) 140-3 program. Amazon SNS is a fully managed messaging service that enables publish/subscribe messaging between distributed systems, microservices, and event-driven serverless applications. With this update, customers have the option of using either IPv6 or IPv4 when sending requests over dual-stack public or VPC endpoints. SNS now supports IPv6 in all Regions where the service is available, including AWS Commercial, AWS GovCloud (US), and China Regions. For more information on using IPv6 with Amazon SNS, please refer to our developer guide.
Amazon RDS for PostgreSQL introduces Extended Support minor versions 12.22-rds.20250814 and 11.22-rds.20250814, which include important security updates and bug fixes for PostgreSQL databases.We recommend upgrading your RDS instances to these latest versions to maintain optimal security and performance of your PostgreSQL deployments.
Amazon RDS Extended Support provides you more time, up to three years, to upgrade to a new major version to help you meet your business requirements. During Extended Support, Amazon RDS will provide critical security and bug fixes for your RDS for PostgreSQL databases after the community ends support for a major version. You can run your PostgreSQL databases on Amazon RDS with Extended Support for up to three years beyond a major version’s end of standard support date.
You can use automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. You can also use Amazon RDS Blue/Green deployments for RDS for PostgreSQL using physical replication for your minor version upgrades. Learn more about upgrading your database instances, including automatic minor version upgrades and Blue/Green Deployments in the Amazon RDS User Guide.
Amazon RDS for PostgreSQL makes it simple to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.
Amazon RDS for PostgreSQL introduces Extended Support minor versions 12.22-rds.20250814 and 11.22-rds.20250814, which include important security updates and bug fixes for PostgreSQL databases.We recommend upgrading your RDS instances to these latest versions to maintain optimal security and performance of your PostgreSQL deployments. Amazon RDS Extended Support provides you more time, up to three years, to upgrade to a new major version to help you meet your business requirements. During Extended Support, Amazon RDS will provide critical security and bug fixes for your RDS for PostgreSQL databases after the community ends support for a major version. You can run your PostgreSQL databases on Amazon RDS with Extended Support for up to three years beyond a major version’s end of standard support date. You can use automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. You can also use Amazon RDS Blue/Green deployments for RDS for PostgreSQL using physical replication for your minor version upgrades. Learn more about upgrading your database instances, including automatic minor version upgrades and Blue/Green Deployments in the Amazon RDS User Guide. Amazon RDS for PostgreSQL makes it simple to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.
Beginning today, customers can use Amazon Bedrock in the Asia Pacific (Thailand), Asia Pacific (Malaysia), and Asia Pacific (Taipei) regions to easily build and scale generative AI applications using a variety of foundation models (FMs) as well as powerful tools to build generative AI applications.
Amazon Bedrock is a comprehensive and secure service for building generative AI applications and agents. Amazon Bedrock connects you to leading foundation models (FMs) and services to deploy and operate agents, enabling you to quickly move from experimentation to real-world deployment.
Beginning today, customers can use Amazon Bedrock in the Asia Pacific (Thailand), Asia Pacific (Malaysia), and Asia Pacific (Taipei) regions to easily build and scale generative AI applications using a variety of foundation models (FMs) as well as powerful tools to build generative AI applications. Amazon Bedrock is a comprehensive and secure service for building generative AI applications and agents. Amazon Bedrock connects you to leading foundation models (FMs) and services to deploy and operate agents, enabling you to quickly move from experimentation to real-world deployment. To get started, visit the Amazon Bedrock page and see the Amazon Bedrock documentation for more details.
