What Cybersecurity Features Are Missing from AWS?

I really wish AWS would provide a built-in SIEM solution instead of having to piece together various services to create a makeshift one. It can be quite the hassle!

What specific services do you think they should add?

Cybersecurity is really broad, and it touches on both sides of the shared responsibility model. Could you clarify what aspects you're focusing on?

I've found that the Web Application Firewall (WAF) and AWS Config can be quite challenging to use, especially at scale. They often fall short in usability.

It's a bit worrying how easy it is to set up an account using a prepaid card from a VPN and a throwaway email—there’s definitely a gap in their security layers.

There's a big issue with context in their security tools. We need the ability to tag resources by importance or sensitivity to help prioritize security measures. Also, implementing exception handling for security settings would be super helpful: being able to declare certain open ports as essential for business would save so much hassle. And don’t get me started on needing better data sensitivity tracking!

They definitely need an endpoint security tool or a one-click 'secure by default' setup that covers a data perimeter, along with a dedicated SIEM.

Management at scale is a nightmare. Every AWS service has its own quirks, which makes it hard to deploy and manage everything efficiently. For instance, to enable Guard Duty across all regions, you have to set it up separately for each one and also for the management account. Why can’t they have a more unified approach like they do with CloudTrail?