AWS re:Inforce 2025 – Identity, Application Security, and More

AWS re:Inforce 2025 - Identity, Application Security, and More

Analysts: Krista Case, Mitch Ashley, Fernando Montenegro
Publication Date: June 23, 2025

What is Covered in this Article:

  • AWS re:Inforce 2025 key announcements, including new CISO Amy Herzog and enhanced identity security capabilities
  • Code security and perimeter protection improvements through Inspector’s repository scanning and simplified deployment tools
  • Threat detection advances with GuardDuty EKS support, Security Hub enhancements, and partner ecosystem evolution

The Event – Major Themes & Vendor Moves: AWS re: Inforce is the key AWS-led event focused on cybersecurity, compared to AWS re: Invent, which is broader (and includes security). The event focuses on practitioners (‘builders’ in AWS parlance) and executives while attracting partners and sponsors. The 2025 edition took place in Philadelphia.

This edition of re:Inforce had a mixture of novelty and continuity. One of the most visible changes has been the appointment of Amy Herzog as CISO for AWS, following her leadership as CISO for Amazon’s Ads & Devices and Specialized Business. In her keynote address, merely weeks into the new role, she emphasized how her previous experience with the specialized business units at Amazon will be additive to the foundational security capabilities that AWS has been building since the beginning.

This speaks to continuity. The company has built a foundation of security primitives in both hardware and software, and continues to enhance security capabilities.

AWS improved identity and access management with the general availability of IAM Access Analyzer’s internal access findings. This capability uses automated reasoning to analyze policies and identify which internal IAM roles and users can access specific resources. This provides a unified dashboard for both internal and external access. Additionally, AWS Certificate Manager now supports exportable public certificates, allowing them to be used in and outside of the AWS environment.

In a notable expansion of its capabilities, AWS announced that Amazon Inspector now scans code repositories in GitHub and GitLab. This “shift left” approach now includes three key scan types: Static Application Security Testing (SAST) for proprietary code vulnerabilities; Software Composition Analysis (SCA) for open-source dependencies; and Infrastructure as Code (IaC) scanning for templates. Findings are delivered into the developer’s workflow as comments on pull requests. Inspector also provides GenAI-assisted code fix recommendations to help developers resolve issues quickly.

Perimeter protection services also received updates. AWS Shield was expanded with previewing the new Network Security Director capability, which analyzes network topology and configurations and identifies configuration issues against recommended practices. Improvements in ease of use were announced for AWS WAF and Amazon CloudFront. Lastly, AWS Network Firewall was enhanced with active threat protection, leveraging AWS’s global threat intelligence.

Amazon GuardDuty Extended Threat Protection now includes advanced behavioral analytics and new coverage for Amazon EKS audit logs and runtime environments to improve threat detection capabilities. This allows GuardDuty to correlate security signals and aggregate them into critical findings. AWS also previewed an enhanced Security Hub, which unifies signals across AWS security services to help teams prioritize and respond to active risks more effectively.

Lastly, AWS announced enhancements to its MSSP (Managed Security Service Provider) specialization. This update makes it easier for customers to identify and engage with partners with AWS-validated capabilities in specific use cases.

AWS re:Inforce 2025 – Identity, Application Security, and More

Analyst Take – Identity Takes Center Stage: On the main stage, Herzog emphasized how fundamental identity and access management (IAM) is to cybersecurity. Futurum agrees that ensuring that only authorized users have the right access to systems, applications, and data is critical, given the onslaught of identity-based attacks. We note, however, that verifying the identity of a user (whether human or machine), what it is attempting to access, and why it is attempting to access that resource, is no easy feat, especially at speed and scale. This conversation grows especially interesting and pertinent as AI agents enter the equation.

Against this backdrop, verifying the ability of an account or a user to access specific, sensitive application, data, and infrastructure resources becomes critical. As relayed to Futurum in conversations while at re:Inforce, AWS has invested in a team of engineers and mathematicians to develop the engine behind its IAM Access Analyzer, which verifies access controls and ensures that permissions align with least-privilege principles. The result is precise and provable insights into access permissions, alongside the ability to continuously monitor for unintended access within the customer’s AWS environment, at scale. While positioned as a feature enhancement, the capability is in fact more strategic as it reflects AWS’s broader commitment to applying mathematical rigor for provable cloud and identity security.

Also, during her keynote, Herzog announced that AWS is the first cloud provider to mandate MFA for management and standalone accounts with root access. By enforcing MFA at the root level, AWS is addressing one of the most critical areas of risk—high-privilege access—without requiring customer action to enable it. This continues the trajectory from previous re:Inforce events, where AWS emphasized the shared responsibility model, (while AWS, as the hosting provider, is responsible for the security and resilience of the infrastructure itself, customers remain responsible for securing their identities and data). The evolution in this story is that AWS is increasingly embedding safeguards that reduce the margin for user error. By enforcing MFA at the root level, AWS addresses one of the most critical risk areas—high-privilege access—without requiring customer action to enable it. Where previously AWS emphasized empowering customers with tools and guidance, it now embeds proactive and automated protections.

Code Security Emerges as Key Area

While not a developer-focused conference, this year’s re:Inforce highlighted important aspects of secure software development, securing APIs, and deployed applications.

AWS CISO Amy Herzog demonstrated new capabilities in Amazon Inspector, performed static application security testing (SAST) on code residing in GitHub or GitLab, and identified vulnerabilities within that code. As noted above, Amazon Inspector can now also provide remediation recommendations that can be implemented during the code development process. Inspector also uses software composition analysis (SCA) to examine library components used in software builds. Inspector also analyzes infrastructure as code (IaC) templates for vulnerabilities and misconfigurations in Terraform, AWS CDK, and AWS CloudFormation.

Amazon’s announcements of these code security analysis capabilities aren’t novel to the industry. Several other vendors already offer these capabilities. What is unique here is AWS’s implementation of it natively within their product toolset. You can perform all these code analyses and vulnerability remediation options in one environment, including recommendations for fixing code. Amazon is not relying solely on others to create secure software, indicating that Amazon is increasingly emphasizing secure code creation on its own. Are other SAST and SCA products in danger of competing with Amazon? Not in the near term. Integrating with GitHub and GitLab means Amazon Q Developer and Amazon Inspector users can work more seamlessly across integrated workflows across products, rather than exit to other third-party security testing and remediation tools. Customers already using Checkmarx, Sonatype, Tenable, and other tools in this space will likely continue to use existing technology investments.

The newly announced Express.js @verifiedpermissions/authorization-clients-js open-source package for Cedar-based Amazon Verified Permissions addressed a pain point expressed by software developers. By decoupling API authorization logic from application code running within the Node.js web and application framework, developers can more easily and quickly maintain, modify, and update security permissions as needed for APIs. Releasing this authorization client open-source package is a demonstration by Amazon that it is still serious about maintaining and supporting Cedar, which they open-sourced in 2023. It also means fewer errors in security issues from error-prone authorization logic, which could occur within Express.js apps.

From a deployment perspective, AWS announced enhancements to its web application firewall, which has been redesigned to reduce the security configuration required to deploy applications. The update means there are fewer configuration steps, which are facilitated through curated security rules. This means applications get automatic layer 7 DDoS protection, along with machine learning modules that help establish baselines and detect traffic anomalies, which automatically apply rules in cases of suspicious requests. This streamlined deployment step represents progress from a shift-right perspective, reducing the workload, configuration, and opportunity for errors as web application firewalls must be configured to handle new and updated software deployments. Security professionals often say security is improved through small incremental steps. This web application firewall improvement represents a perfect example.

Perimeter Security Improvements

The improvements in the perimeter protection services are interesting as they address concerns that we at Futurum often see: the need for improved capabilities against threats and more streamlined, simpler operations.

The new active threat defense capabilities in AWS Network Firewall are a good example of how AWS is using its broader view into the global threat landscape, addressing both of these needs at once. The simplified enablement of this capability – just adding a new rule group to an existing firewall policy – should be well-received by customers. The same can be said about the new console experience for Amazon CloudFront, though we see it as focused on a slightly different set of users. Here, AWS looks to streamline new application deployments, removing what it famously calls “undifferentiated heavy lifting” of security, DNS, and content network configurations.

Lastly, the preview of AWS Shield network security director, which addresses network configuration issues, is an interesting new capability that will likely be useful to those looking to enhance the security of more complex deployments. As we observe more complex network topology choices for enterprise-scale deployments, it is not uncommon to see potential gaps in how teams communicate their needs and insights, which can lead to downstream security issues.

Threat Detection Improvements

More broadly, the announcement of new support for Amazon EKS clusters for Amazon GuardDuty and the enhancements to AWS Security Hub reflect the approach of deriving platform benefits for security.

Amazon GuardDuty has long been a key element for threat detection, and adding support for workloads running on Kubernetes clusters aligns with what was already done for other environments, such as Lambda, EC2, RDS, and others. The correlation of signals between audit logs and runtime behaviours will likely assist with threat detection.

The enhancements to AWS Security Hub run across more correlation, contextualization, and visualization capabilities. The service has been streamlined to support key areas such as Exposure, Threats, Vulnerabilities, Posture Management, and Sensitive Data. The new capabilities around Exposure allow for a more proactive approach to fixing possible security gaps. Attack path visualization can also help practitioners better understand the context for findings, which is vital to prioritizing responses.

Support for Security Partnerships

AWS continues to operate and support a thriving partner ecosystem in terms of technology vendors and those offering services. On that note, the ongoing support of Open Cybersecurity Schema Framework (OCSF) as a core schema for AWS security services is notable, as is the framework’s evolution for security partners, with enhancements to the MSSP Competency program.

What to Watch:

  • AWS’ evolving identity security positioning and capabilities span how it applies its strategy of implementing guardrails for customers to facilitating conditional, just-in-time access permissions for AI agents, how it manages key partnerships in areas such as identity governance, how it evolves its support of open standards, and how it applies its team of mathematicians and engineers for provable risk and threat assessments.
  • Amazon Q developer, Amazon Inspector, and other Amazon development tools will continue to make progress, increasing their capabilities as development and security testing technologies. While those improvements will continue, there isn’t an indication that Amazon is on a path to seriously leapfrog the major players in this space, such as GitHub, GitLab, Microsoft at this time.
  • Look for similar innovations, such as those introduced by Amazon WAF, that aid in deploying code into production, leveraging automation and AI to reduce errors and decrease deployment time.
  • AWS continues to evolve regarding how it works with its partner ecosystem, so it will be essential to watch how the company ties its efforts with third-party technology and services partners. This will be particularly relevant when customers need to coordinate security capabilities across multiple cloud environments from different providers.

You can read the summary of key announcements on AWS’ site.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other insights from Futurum:

Futurum Agentic AI Open Standards Report: 1H-2025

Trends at the RSAC Conference Point to the High-Stakes Nature of Cybersecurity – Report Summary

Futurum Cybersecurity Decision Maker Survey on Cyber Incidents

Author Information

Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Mitch Ashley is VP and Practice Lead for the CIO & Technology Buyers and Software Lifecycle Engineering practices at The Futurum Group. A multi-time CIO and CTO with 30+ years leading technical organizations, Mitch built and operated production systems spanning cybersecurity for the U.S. Department of Defense, PKI services for the broadband and 5G industries, SaaS platforms, large-scale telecom and banking systems, and a national broadband network. His work with AI began early, developing expert systems that diagnosed and repaired complex mainframe environments. That operator foundation grounds his analysis in operational consequence, covering the technology buyer's world of software engineering, cybersecurity, DevOps, cloud, and AI.

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Related Insights
Can Anthropic's GRAM 'Off Switch' Make Dual-Use AI Safer Without Killing Utility?
July 10, 2026

Can Anthropic’s GRAM ‘Off Switch’ Make Dual-Use AI Safer Without Killing Utility?

Anthropic and AE Studio introduced GRAM, enabling selective removal of sensitive AI capabilities without retraining, potentially addressing privacy and security concerns for organizations adopting generative AI....
Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?
July 10, 2026

Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?

Exprivia announced partnership with ABI's WeSec summit as Main Partner, aligning with surging demand for cybersecurity and AI solutions across Italian banking. The move positions the company to capitalize on...
Kore.ai and Atos Bet on Sovereign Agentic AI, Will UK Enterprises Demand Proof, Not Promises?
July 8, 2026

Kore.ai and Atos Bet on Sovereign Agentic AI, Will UK Enterprises Demand Proof, Not Promises?

Kore.ai and Atos announce a strategic partnership to deliver Sovereign AI solutions to UK organizations, addressing data residency and compliance requirements in the rapidly expanding $181B AI platforms market....
ServiceNow and Accenture Bet on Migration to Win Enterprise Risk
July 7, 2026

ServiceNow and Accenture Bet on Migration to Win Enterprise Risk

Fernando Montenegro, VP at The Futurum Group, examines the ServiceNow and Accenture cybersecurity offering, and why its AI-powered migration and the Armis acquisition point to a bid to become the...
Compliance as Code Is No Longer Optional: Why Manual Reviews Can’t Keep Up
July 4, 2026

Compliance as Code Is No Longer Optional: Why Manual Reviews Can’t Keep Up

Qodo's 'Compliance as Code' framework automates enterprise AI compliance through PR checks, solving the data privacy and security gaps that plague manual reviews at scale....
Brave's Browser Containers Raise the Bar for Privacy and Workflow Flexibility
July 3, 2026

Brave’s Browser Containers Raise the Bar for Privacy and Workflow Flexibility

As AI platform adoption accelerates to $181.3B projected market size, Brave's v1.92 release introduces native browser containers addressing data privacy concerns for 52.6% of enterprise decision makers managing multi-cloud AI...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.