Amazon Connect provides two new evaluation question types to capture deeper insights on human and AI agent performance. Managers can now create questions that allow multiple answer selections, such as the products that the customer was interested in during a sales conversation. Additionally, managers can capture dates for customer and agent actions within evaluation forms. For example, you can record when a customer applied for a loan and when it was approved.

This feature is available in all regions where Amazon Connect is offered. To learn more, please visit our documentation and our webpage.

​Amazon Connect provides two new evaluation question types to capture deeper insights on human and AI agent performance. Managers can now create questions that allow multiple answer selections, such as the products that the customer was interested in during a sales conversation. Additionally, managers can capture dates for customer and agent actions within evaluation forms. For example, you can record when a customer applied for a loan and when it was approved. This feature is available in all regions where Amazon Connect is offered. To learn more, please visit our documentation and our webpage.  

AWS announces a new cost allocation feature that uses existing workforce user attributes like cost center, division, organization, and department to track and analyze AWS application usage and cost. This new capability enables customers to allocate per-user monthly subscription and on-demand fees of AWS applications, such as Amazon Q Business, Amazon Q Developer, and Amazon QuickSight, to respective internal business units.

Customers should import their workforce users’ attributes to IAM Identity Center, the recommended service for managing workforce access to AWS applications. After importing the attributes, customers can enable one or more of these attributes as cost allocation tags from the AWS Billing and Cost Management console. When users access AWS applications, their usage and cost are automatically recorded with selected attributes. Cloud Financial Operations (FinOps) professionals can view and analyze costs in AWS Cost Explorer and AWS CUR 2.0, gaining visibility into how different teams drive AWS usage and costs.

Support for cost allocation using user attributes is generally available in all AWS Regions, excluding GovCloud (US) Regions and China (Beijing) and China (Ningxia) Regions.

To learn more, see organizing and tracking cost using AWS cost allocation tags.

​AWS announces a new cost allocation feature that uses existing workforce user attributes like cost center, division, organization, and department to track and analyze AWS application usage and cost. This new capability enables customers to allocate per-user monthly subscription and on-demand fees of AWS applications, such as Amazon Q Business, Amazon Q Developer, and Amazon QuickSight, to respective internal business units. Customers should import their workforce users’ attributes to IAM Identity Center, the recommended service for managing workforce access to AWS applications. After importing the attributes, customers can enable one or more of these attributes as cost allocation tags from the AWS Billing and Cost Management console. When users access AWS applications, their usage and cost are automatically recorded with selected attributes. Cloud Financial Operations (FinOps) professionals can view and analyze costs in AWS Cost Explorer and AWS CUR 2.0, gaining visibility into how different teams drive AWS usage and costs. Support for cost allocation using user attributes is generally available in all AWS Regions, excluding GovCloud (US) Regions and China (Beijing) and China (Ningxia) Regions. To learn more, see organizing and tracking cost using AWS cost allocation tags.  

Today, AWS announces PDF export and CSV data download capabilities for AWS Billing and Cost Management Dashboards. These new features enable you to export your customized dashboards as PDF files for offline analysis and sharing, and download individual widget data in CSV format for detailed examination in spreadsheet applications. With these capabilities, you now have more ways to distribute AWS cost insights across your organization, in addition to sharing dashboards with can-view or can-edit access.

Billing and Cost Management Dashboards allows you to export entire dashboards or individual widgets as PDF files directly from the console, eliminating the need for screenshots or manual formatting. The PDF export feature provides formatted reports that maintain consistent appearance and preserve dashboard layouts, making them ideal for sharing with stakeholders during board meetings, reviews, or strategic planning sessions. For detailed data analysis needs, you can export individual widget data in CSV format, enabling analysts to perform granular examination of specific cost metrics in their preferred spreadsheet tools.

AWS Billing and Cost Management Dashboards PDF and CSV export features are available at no additional cost in all AWS commercial Regions, excluding AWS China Regions.

To get started, visit the AWS Billing and Cost Management console and select «Dashboards» from the left navigation menu. For more information, see the AWS Billing and Cost Management Dashboards export user guide.

​Today, AWS announces PDF export and CSV data download capabilities for AWS Billing and Cost Management Dashboards. These new features enable you to export your customized dashboards as PDF files for offline analysis and sharing, and download individual widget data in CSV format for detailed examination in spreadsheet applications. With these capabilities, you now have more ways to distribute AWS cost insights across your organization, in addition to sharing dashboards with can-view or can-edit access. Billing and Cost Management Dashboards allows you to export entire dashboards or individual widgets as PDF files directly from the console, eliminating the need for screenshots or manual formatting. The PDF export feature provides formatted reports that maintain consistent appearance and preserve dashboard layouts, making them ideal for sharing with stakeholders during board meetings, reviews, or strategic planning sessions. For detailed data analysis needs, you can export individual widget data in CSV format, enabling analysts to perform granular examination of specific cost metrics in their preferred spreadsheet tools. AWS Billing and Cost Management Dashboards PDF and CSV export features are available at no additional cost in all AWS commercial Regions, excluding AWS China Regions. To get started, visit the AWS Billing and Cost Management console and select «Dashboards» from the left navigation menu. For more information, see the AWS Billing and Cost Management Dashboards export user guide.  

Today, we’re announcing enhanced network policy capabilities in Amazon Elastic Kubernetes Service (EKS), allowing customers to improve the network security posture for their Kubernetes workloads and their integrations with cluster-external destinations. This enhancement builds on network segmentation features previously supported in EKS. Now you can centrally enforce network access filters across the entire cluster, as well as leverage Domain Name System (DNS) based policies to secure egress traffic from your cluster’s environment.

As customers continue to scale their application environments using EKS, network traffic isolation is increasingly fundamental for preventing unauthorized access to resources inside and outside the cluster. To address this, EKS introduced support for Kubernetes NetworkPolicies in the Amazon VPC Container Network Interface (VPC CNI) plugin, allowing you to segment pod-to-pod communication at a namespace level. Now you can further strengthen the defensive posture for your Kubernetes network environment by centrally managing network filters for the whole cluster. Also, cluster admins now have a more stable and predictable approach for preventing unauthorized access to cluster-external resources in the cloud or on-prem using egress rules that filter traffic to external endpoints based on their Fully Qualified Domain Name (FQDN).

These new network security features are available in all commercial AWS Regions for new EKS clusters running Kubernetes version 1.29 or later, with support for existing clusters to follow in the coming weeks. ClusterNetworkPolicy is available in all EKS cluster launch modes using VPC CNI v1.21.0 or later. DNS-based policies are only supported in EKS Auto Mode-launched EC2 instances. To learn more, visit the Amazon EKS documentation or read the launch blog post here.

​Today, we’re announcing enhanced network policy capabilities in Amazon Elastic Kubernetes Service (EKS), allowing customers to improve the network security posture for their Kubernetes workloads and their integrations with cluster-external destinations. This enhancement builds on network segmentation features previously supported in EKS. Now you can centrally enforce network access filters across the entire cluster, as well as leverage Domain Name System (DNS) based policies to secure egress traffic from your cluster’s environment. As customers continue to scale their application environments using EKS, network traffic isolation is increasingly fundamental for preventing unauthorized access to resources inside and outside the cluster. To address this, EKS introduced support for Kubernetes NetworkPolicies in the Amazon VPC Container Network Interface (VPC CNI) plugin, allowing you to segment pod-to-pod communication at a namespace level. Now you can further strengthen the defensive posture for your Kubernetes network environment by centrally managing network filters for the whole cluster. Also, cluster admins now have a more stable and predictable approach for preventing unauthorized access to cluster-external resources in the cloud or on-prem using egress rules that filter traffic to external endpoints based on their Fully Qualified Domain Name (FQDN). These new network security features are available in all commercial AWS Regions for new EKS clusters running Kubernetes version 1.29 or later, with support for existing clusters to follow in the coming weeks. ClusterNetworkPolicy is available in all EKS cluster launch modes using VPC CNI v1.21.0 or later. DNS-based policies are only supported in EKS Auto Mode-launched EC2 instances. To learn more, visit the Amazon EKS documentation or read the launch blog post here.  

You can now use Amazon MSK Replicator to replicate streaming data across Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters in ten additional AWS Regions: Middle East (Bahrain), Middle East (UAE), Asia Pacific (Jakarta), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Asia Pacific (Melbourne), Africa (Cape Town), Europe (Milan), Europe (Zurich) and Israel (Tel Aviv).

MSK Replicator is a feature of Amazon MSK that enables you to reliably replicate data across Amazon MSK clusters in different or the same AWS Region(s) in a few clicks. With MSK Replicator, you can easily build regionally resilient streaming applications for increased availability and business continuity. MSK Replicator provides automatic asynchronous replication across MSK clusters, eliminating the need to write custom code, manage infrastructure, or setup cross-region networking. MSK Replicator automatically scales the underlying resources so that you can replicate data on-demand without having to monitor or scale capacity. MSK Replicator also replicates the necessary Kafka metadata including topic configurations, Access Control Lists (ACLs), and consumer group offsets. If an unexpected event occurs in a region, you can failover to the other AWS Region and seamlessly resume processing.

You can get started with MSK Replicator from the Amazon MSK console or the Amazon CLI. With this launch, MSK Replicator is now available in thirty five AWS Regions. To learn more, visit the MSK Replicator documentation, product page, and pricing page.

​You can now use Amazon MSK Replicator to replicate streaming data across Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters in ten additional AWS Regions: Middle East (Bahrain), Middle East (UAE), Asia Pacific (Jakarta), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Asia Pacific (Melbourne), Africa (Cape Town), Europe (Milan), Europe (Zurich) and Israel (Tel Aviv). MSK Replicator is a feature of Amazon MSK that enables you to reliably replicate data across Amazon MSK clusters in different or the same AWS Region(s) in a few clicks. With MSK Replicator, you can easily build regionally resilient streaming applications for increased availability and business continuity. MSK Replicator provides automatic asynchronous replication across MSK clusters, eliminating the need to write custom code, manage infrastructure, or setup cross-region networking. MSK Replicator automatically scales the underlying resources so that you can replicate data on-demand without having to monitor or scale capacity. MSK Replicator also replicates the necessary Kafka metadata including topic configurations, Access Control Lists (ACLs), and consumer group offsets. If an unexpected event occurs in a region, you can failover to the other AWS Region and seamlessly resume processing. You can get started with MSK Replicator from the Amazon MSK console or the Amazon CLI. With this launch, MSK Replicator is now available in thirty five AWS Regions. To learn more, visit the MSK Replicator documentation, product page, and pricing page.  

• Categoría: Noticias de Microsoft

diciembre 15, 2025

Trazar el futuro del SOC: colaboración entre humanos e IA para una mejor seguridad

Por

• Federico Rodriguez

Por: Sylvie Liu

Coautores:

Sylvie Liu, directora de producto.

Rajiv Bharadwaja, gerente principal de Ingeniería de Software

Abhishek Kumar, director principal de grupo – Investigación y Operaciones de Seguridad

Los centros de operaciones de seguridad (SOC, por sus siglas en inglés) están bajo presión por una escala y complejidad sin precedentes. La velocidad, la precisión y la consistencia importan más que nunca, y la IA está en todas partes—pero el furor  por sí solo no resuelve el reto. Este blog comparte nuestro recorrido y conocimientos sobre la creación de agentes autónomos de IA para operaciones MDR y explora cómo el cambio a un SOC impulsado por GenAI redefine la colaboración entre humanos e IA.

Más allá de nuestros servicios gestionados, Microsoft Defender Experts se esfuerza por ser un socio de confianza en la evolución de los SOC, para ayudar a los clientes de todo el ecosistema de seguridad a anticipar cambios en los procesos, planificar la mejora de habilidades y adoptar flujos de trabajo agentivos con confianza.

De la visión a la realidad: construir el SOC del futuro

Los atacantes evolucionan a una velocidad sin precedentes, a través del uso de la IA para superar a la escala defensiva. Defender Experts es pionero en la transformación para construir el SOC del futuro al integrar capacidades avanzadas de IA en nuestros flujos de trabajo SOC, algo fundamental para el panorama actual de amenazas. Hemos visto cómo la IA ofrece resultados reales—en nuestro blog anterior, compartimos cómo Defender Experts aplica la IA para cortar el ruido sin comprometer la detección de amenazas reales, lo que permite que el 50% del ruido se triaje de manera automática con alta precisión.

Los agentes de IA autónomos son fundamentales para el SOC del futuro. Nuestra visión es un modelo predictivo y adaptativo donde la IA agente y la automatización eliminen el trabajo manual, aceleran la comprensión contextual y ejecutan tanto tareas individuales como flujos de trabajo complejos. Los analistas se elevan, para actuar como orquestadores de acciones gobernadas, lo que impulsa decisiones de alto impacto y ajusta de manera continua el sistema, para garantizar transparencia y confianza. Los agentes se encargan de tareas repetitivas y que consumen mucho tiempo, mientras que los humanos se mantienen como la autoridad final para los resultados estratégicos. En conjunto, esto crea un SOC que pasa de la gestión reactiva de alertas a una defensa proactiva y explicable. Siempre es auditable y está bajo gobierno humano.

Cómo Microsoft Defender Experts es pionero en este cambio

Defender Experts crea agentes de IA autónomos con conocimientos expertos, barreras definidas por expertos y validación con personas en el bucle para ofrecer resultados estructurados y fiables que aceleran las investigaciones sin comprometer la calidad. Estos agentes de IA están diseñados para impulsar la eficiencia y la coherencia en nuestras operaciones de MDR, ayudándonos a responder a las amenazas de manera más rápida y con confianza.

A medida que avanzamos en este modelo, no solo mejoramos la velocidad y la precisión, sino que redefinimos nuestras operaciones de seguridad. Eso implica replantear los roles de los analistas SOC, la composición de habilidades, el diseño de flujos de trabajo, el soporte de herramientas, la automatización asociada y los sistemas de evaluación y monitorización necesarios para mantener la confianza.

Abhishek Kumar, líder del equipo de operaciones de seguridad de Defender Experts, está implicado a profundidad en esta transformación mientras construimos el SOC impulsado por GenAI. Desde la perspectiva de Abhishek: «Esta es una era emocionante para cualquiera que se implique en investigación y operaciones de seguridad. Vemos un cambio monumental en el que los analistas de seguridad y cazadores de amenazas elevan el rol de tareas rutinarias a ofrecer información de alto valor. Los agentes de IA reducen con rapidez la fatiga de los analistas y liberan tiempo esencial, lo que permite a los expertos centrarse en el pensamiento crítico y el análisis contextual de los incidentes.»

Los agentes no son solo un salto de productividad, sino que permiten a analistas y cazadores investigar mejor amenazas emergentes y ocultas, desarrollar más hipótesis y conectar pistas para desentrañar campañas complejas. El tiempo que antes se dedicaba a trabajos repetitivos ahora se dedica a tareas avanzadas como el análisis de datos de postura, la exploración de gráficos de seguridad y el uso de inteligencia entre productos para descubrir amenazas novedosas e infraestructura de actores de amenazas.

Otra forma en que los agentes autónomos de IA ayudan es a través de la reducción de las cargas cognitivas sobre los humanos y permitir interacciones con los agentes para lograr resultados específicos. Por ejemplo, si hay cientos de intentos de inicio de sesión desde ubicaciones desconocidas, tal vez solo uno o dos merecen investigaciones más profundas, ya que tienen información adicional que el agente podría revelar de manera rápida. De manera similar, un árbol de procesos de punto final que podría requerir un esfuerzo considerable para que los humanos lo analice puede hacerse mucho más rápido con el agente para detectar anomalías sospechosas. Para maximizar el impacto, una habilidad importante que necesitan los analistas SOC es ser capaces de crear y afinar prompts para obtener los conocimientos adecuados con GenAI.

Dentro de la tecnología: Cómo damos vida a los agentes autónomos

Tras bambalinas, ofrecer soluciones basadas en GenAI fiables a gran escala requiere una ingeniería rigurosa y una colaboración continua con los equipos de operaciones de seguridad. Hemos construido agentes de IA sobre una base de barreras definidas por expertos, conjuntos de pruebas seleccionados y comprobaciones de tiempo de despliegue para garantizar la fiabilidad. Ingenieros, analistas de seguridad e investigadores colaboraron para perfeccionar los flujos de trabajo, mejorar la precisión y ampliar la cobertura a medida que los agentes se adaptan a amenazas reales. Cada flujo de trabajo comienza bajo supervisión humana, reforzado por ciclos de retroalimentación eficientes de ingeniería y análisis que aceleran el desarrollo al mantener al mismo tiempo los estándares de seguridad, privacidad y cumplimiento.

Esta transformación también exigió una integración profunda en los sistemas centrales de Defender Experts, desde la gestión de casos hasta los servicios de remediación, lo que requiere ingeniería desde cero para acomodar flujos de trabajo basados en GenAI de larga duración junto con procesos backend asíncronos. También es necesario un motor de orquestación que coordine automatizaciones multicapa, lo que permite que la lógica basada en reglas, las funciones impulsadas por GenAI y los modelos tradicionales de IA trabajen a la perfección, junto con los agentes autónomos de IA para maximizar la calidad, eficiencia y rentabilidad.

El impacto es evidente: los agentes de IA funcionan ahora con el 75% de los incidentes de phishing y malware que llegan a la cola de analistas de Defender Experts. Los agentes de IA llegan de forma autónoma a la determinación del veredicto, la justificación con resúmenes respaldados por datos, consultas del lado del cliente para verificación y pasos accionables de remediación. Con este enfoque combinado de agentes humanos e IA, resolvemos incidentes casi un 72% más rápido, lo que mantiene la calidad y la transparencia.

Para lograrlo, seguimos un proceso deliberado de desarrollo y lanzamiento. Comenzamos con una evaluación interna de casos históricos bajo estrictos controles de privacidad y cumplimiento, lo que establece puntos de referencia para la precisión, la recuperación y la calidad. A continuación, desplegamos a los agentes en «modo oscuro», donde los agentes investigan codo con codo con analistas humanos, lo que permite una monitorización cercana y mejoras iterativas. A partir de ahí, pasamos a un piloto con socios de diseño de clientes para validar métodos y recopilar retroalimentación, antes de expandirnos para una adopción más amplia —todo ello con respaldo humano para revisión y validación. Este enfoque disciplinado de desarrollo autónomo de agentes de IA garantiza que cada paso equilibre autonomía con supervisión, para dar a los clientes la confianza de que las capacidades avanzadas de IA se basan en resultados probados y están diseñadas para fortalecer la resiliencia a gran escala.

Preparándose para el futuro

Nuestra experiencia en el desarrollo agentes de IA autónomos y desplegándolos en operaciones reales de MDR ha reforzado nuestra visión para el SOC del futuro, un modelo colaborativo en el que los humanos permanecen al mando para enseñar y liderar, para trabajar junto a agentes de IA en lugar de ser reemplazados por ellos. Juntos, crean operaciones de seguridad más rápidas, inteligentes y resilientes.

A medida que los equipos SOC acogen el cambio hacia operaciones impulsadas por GenAI, estos conocimientos reflejan el camino que hemos recorrido y ofrecen orientación práctica para ayudar a navegar la transformación con confianza:

• Anticipar cambios en los procesos: Los equipos SOC no seguirán los mismos flujos de trabajo que antes. Prepárense para procesos en evolución y establece con confianza un ciclo de vida para la adopción de IA y agentes.
• Fomentar el cambio de mentalidad: Los analistas acostumbrados a enfoques tradicionales suelen encontrar difícil adoptar nuevos métodos (por ejemplo, ejecutar consultas Kusto frente a escribir prompts, realizar investigación completa de principio a fin frente a aprovechar la salida del agente). Planifiquen la gestión del cambio y proporcionen formación para facilitar esta transición.
• Evolución de las habilidades SOC: Los roles de los analistas cambian en un SOC impulsado por GenAI. Los analistas deben adquirir experiencia en ingeniería de prompts, para ir más allá de las investigaciones manuales de casos para centrarse en tareas avanzadas como el análisis de datos de postura y el aprovechamiento de la inteligencia entre productos para descubrir amenazas novedosas y mapear la infraestructura de los actores de amenazas. Estas habilidades en evolución posicionan a los analistas como tomadores de decisiones estratégicos, para fomentar la colaboración entre humanos e IA para maximizar la eficacia.
• Generar confianza y seguridad: A medida que las operaciones de seguridad adoptan agentes de IA, mantén un sólido ciclo de retroalimentación humano-IA. Las barreras de seguridad y la supervisión humana son esenciales para una automatización fiable.
• Planificar la IA y la automatización multicapa: La automatización todavía desempeña un papel fundamental en las operaciones de seguridad. Exploren cómo orquestar la automatización tradicional y la IA juntas para lograr eficiencia, rentabilidad y calidad constante.

A medida que evolucionamos hacia el SOC del futuro, aprendemos lo que se necesita para que la colaboración entre humanos e IA sea exitosa, y compartiremos esas ideas mientras reimaginamos juntos las operaciones de seguridad.

Etiquetas:

• IA
• Seguridad

The post Trazar el futuro del SOC: colaboración entre humanos e IA para una mejor seguridad appeared first on Source LATAM.

​The post Trazar el futuro del SOC: colaboración entre humanos e IA para una mejor seguridad appeared first on Source LATAM.  

AWS Certificate Manager (ACM) now automates certificate provisioning and distribution for Kubernetes workloads through AWS Controllers for Kubernetes (ACK). Previously, ACM automated certificate management for AWS-integrated services like Application Load Balancers and CloudFront. However, using ACM certificates with applications terminating TLS in Kubernetes required manual steps: exporting certificates and private keys via API, creating Kubernetes Secrets, and updating them at renewal. This integration extends ACM’s automation to any Kubernetes workload for both public and private certificates, enabling you to manage certificates using native Kubernetes APIs.

With ACK, you define certificates as Kubernetes resources, and the ACK controller automates the complete certificate lifecycle: requesting certificates from ACM, exporting them after validation, updating Kubernetes Secrets with the certificate and private key, and automatically updating those Secrets at renewal. This enables you to use ACM exportable public certificates (launched in June 2025) for internet-facing workloads or AWS Private CA private certificates for internal services in Amazon EKS or other Kubernetes environments. Use cases include terminating TLS in application pods (NGINX, custom applications), securing service mesh communication (Istio, Linkerd), and managing certificates for third-party ingress controllers (NGINX Ingress, Traefik). You can also distribute certificates to hybrid and edge Kubernetes environments.

This feature is available in all commercial, AWS GovCloud (US), and AWS China regions where ACM is available.
To learn more, visit the Git hub link or read our documentation and our pricing page. 

​AWS Certificate Manager (ACM) now automates certificate provisioning and distribution for Kubernetes workloads through AWS Controllers for Kubernetes (ACK). Previously, ACM automated certificate management for AWS-integrated services like Application Load Balancers and CloudFront. However, using ACM certificates with applications terminating TLS in Kubernetes required manual steps: exporting certificates and private keys via API, creating Kubernetes Secrets, and updating them at renewal. This integration extends ACM’s automation to any Kubernetes workload for both public and private certificates, enabling you to manage certificates using native Kubernetes APIs. With ACK, you define certificates as Kubernetes resources, and the ACK controller automates the complete certificate lifecycle: requesting certificates from ACM, exporting them after validation, updating Kubernetes Secrets with the certificate and private key, and automatically updating those Secrets at renewal. This enables you to use ACM exportable public certificates (launched in June 2025) for internet-facing workloads or AWS Private CA private certificates for internal services in Amazon EKS or other Kubernetes environments. Use cases include terminating TLS in application pods (NGINX, custom applications), securing service mesh communication (Istio, Linkerd), and managing certificates for third-party ingress controllers (NGINX Ingress, Traefik). You can also distribute certificates to hybrid and edge Kubernetes environments. This feature is available in all commercial, AWS GovCloud (US), and AWS China regions where ACM is available. To learn more, visit the Git hub link or read our documentation and our pricing page.   

Starting today, memory-optimized Amazon Compute Cloud (Amazon EC2) X2iedn instances are available in AWS Europe (Zurich) region. These instances, powered by 3rd generation Intel Xeon Scalable Processors and built with AWS Nitro System, are designed for memory-intensive workloads. They deliver improvements in performance, price performance, and cost per GiB of memory compared to previous generation X1e instances. These instances are SAP-certified for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, SAP BW/4HANA, and SAP NetWeaver workloads on any database.

To learn more, visit the EC2 X2i Instances Page, or connect with your AWS Support contacts.

​Starting today, memory-optimized Amazon Compute Cloud (Amazon EC2) X2iedn instances are available in AWS Europe (Zurich) region. These instances, powered by 3rd generation Intel Xeon Scalable Processors and built with AWS Nitro System, are designed for memory-intensive workloads. They deliver improvements in performance, price performance, and cost per GiB of memory compared to previous generation X1e instances. These instances are SAP-certified for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, SAP BW/4HANA, and SAP NetWeaver workloads on any database. To learn more, visit the EC2 X2i Instances Page, or connect with your AWS Support contacts.  

Today, AWS Shield announces multi-account network security management and automated network analysis for network security director, which is currently in preview. AWS Shield network security director provides visibility into the AWS resources in your AWS organization, identifies missing or misconfigured network security services, and recommends remediation steps.

With network security director, you can specify a delegated administrator account from which you can start continuous network analysis for multiple accounts or organizational units in your AWS Organization. You can then centrally view each account’s network topology, network security findings, and recommended remediations for missing or misconfigured network security services. You can also easily summarize and report on the network security misconfigurations identified by AWS Shield network security director from within Amazon Q Developer in the AWS Management Console and chat applications.

AWS Shield network security director is also now available in five additional AWS regions: Europe (Ireland), Europe (Frankfurt), Asia Pacific (Hong Kong), Asia Pacific (Singapore), and Australia (Sydney).

To learn more, visit the overview page.

​Today, AWS Shield announces multi-account network security management and automated network analysis for network security director, which is currently in preview. AWS Shield network security director provides visibility into the AWS resources in your AWS organization, identifies missing or misconfigured network security services, and recommends remediation steps. With network security director, you can specify a delegated administrator account from which you can start continuous network analysis for multiple accounts or organizational units in your AWS Organization. You can then centrally view each account’s network topology, network security findings, and recommended remediations for missing or misconfigured network security services. You can also easily summarize and report on the network security misconfigurations identified by AWS Shield network security director from within Amazon Q Developer in the AWS Management Console and chat applications. AWS Shield network security director is also now available in five additional AWS regions: Europe (Ireland), Europe (Frankfurt), Asia Pacific (Hong Kong), Asia Pacific (Singapore), and Australia (Sydney). To learn more, visit the overview page.  

We are excited to announce that Amazon EMR Managed Scaling is now available for EMR on EC2 customers in the Asia Pacific (Malaysia, New Zealand, Taipei, Thailand), Canada West (Calgary), Mexico (Central), and US Gameday Northeast (Illinois) AWS Regions. Amazon EMR Managed Scaling automatically resizes the EC2 instances in your EMR cluster for the best performance at the lowest possible cost.

With Amazon EMR Managed Scaling, you simply specify the minimum and maximum compute limits for your clusters, and Amazon EMR on EC2 automatically resizes your cluster for optimal performance and resource utilization. Amazon EMR Managed Scaling constantly monitors key workload-related metrics and uses an algorithm that optimizes the cluster size for the best resource utilization. Using this algorithm, Amazon EMR can scale the EC2 cluster up during peaks and scale it down during idle periods, reducing your costs and optimizing cluster capacity for the best performance. Amazon EMR Managed Scaling can also be used with Amazon EC2 Spot Instances, that lets you take advantage of unused EC2 capacity for a discount when compared to on-demand prices.

Amazon EMR Managed Scaling is now available in all AWS commercial regions.

Amazon EMR Managed Scaling is supported for Apache Spark, Apache Hive and YARN-based workloads on Amazon EMR on EC2 versions 6.14 and above. To learn more and to get started, visit the Amazon EMR Managed Scaling user guide.

​We are excited to announce that Amazon EMR Managed Scaling is now available for EMR on EC2 customers in the Asia Pacific (Malaysia, New Zealand, Taipei, Thailand), Canada West (Calgary), Mexico (Central), and US Gameday Northeast (Illinois) AWS Regions. Amazon EMR Managed Scaling automatically resizes the EC2 instances in your EMR cluster for the best performance at the lowest possible cost. With Amazon EMR Managed Scaling, you simply specify the minimum and maximum compute limits for your clusters, and Amazon EMR on EC2 automatically resizes your cluster for optimal performance and resource utilization. Amazon EMR Managed Scaling constantly monitors key workload-related metrics and uses an algorithm that optimizes the cluster size for the best resource utilization. Using this algorithm, Amazon EMR can scale the EC2 cluster up during peaks and scale it down during idle periods, reducing your costs and optimizing cluster capacity for the best performance. Amazon EMR Managed Scaling can also be used with Amazon EC2 Spot Instances, that lets you take advantage of unused EC2 capacity for a discount when compared to on-demand prices. Amazon EMR Managed Scaling is now available in all AWS commercial regions. Amazon EMR Managed Scaling is supported for Apache Spark, Apache Hive and YARN-based workloads on Amazon EMR on EC2 versions 6.14 and above. To learn more and to get started, visit the Amazon EMR Managed Scaling user guide.