Many organizations struggle daily with the question - "Where do we stand with our AWS security practices?" With the recent release of the Center for Internet Security's CIS AWS Foundations Benchmark, organizations now have an industry-accepted set of security configuration best practices. These benchmarks, in combination with 3rd party security solutions that support them, can form the foundation for security operations at organizations of all sizes through continuous monitoring and auditing.
2. Of the changes catalyzed by cloud,
security is still the most exciting.
3. Your Role in Securing AWS is Well-Defined
Customer Data
Applications Identity
Access
Mgmt
OS Network Firewall
Client-side
Encryption
Server-side
Encryption
Network Traffic
Protection
Compute Storage Networking
AWS Global Infrastructure
(Regions, AZs, Edge Locations)
AWS: Security of the Cloud
Customer: Security in the Cloud
4. Legacy Datacenters
• Big Perimeter
• End-to-End Ownership
• Build it all yourself
• Server-centric approach
• Self-managed Services
• Static Architecture
• De-centralized Administration
The security paradigm shifted
AWS
• Micro-Perimeters
• Own just enough
• Focus on your core value
• Service-Centric
• Platform Services
• Continuously Evolving
• Central Control Plane (API)
5. … but the security technology is dated
Customer Data
Applications Identity
Access
Mgmt
OS Network Firewall
Client-side
Encryption
Server-side
Encryption
Network Traffic
Protection
Network Appliances
Host-based Agents
IP-based scanners
Log Analytics
DLP & Encryption
Manual Audits
These technologies rarely embrace cloud values
6. Host Security isn’t enough
Why protect here…
When your critical
data is now here?
(and 50+ other svcs)
7. Virtual Appliances don’t scale
VIDS /
VIPS
Traffic flows fine at
“planned” capacity
But in Elastic Events…
Appliance capacity overwhelmed
8. And in general, too much information flows…
ElasticSearch
This is just a SUBSET of an average shop’s data flows
17. Security Automation Is Good For EVERYONE
DevOps builds Value
Security builds TRUST
Customers / Businesses need
TRUST and VALUE. Security
DevOps
18. SecOps in AWS
• Need to take a holistic approach
• Need to capture past, present, and predicted state
• Need query capability for Incident Response (IR)
• Need to tie into DevOps technologies to maximize reach
• Need to automate response to minimize response time
22. State
Capture states from:
- API ( the source of all truth)
- Audit Sources (AWS CloudTrail / AWS Config)
- Applications & Data
- Identities & Policies
- Telemetry (Amazon CloudWatch, Amazon CloudWatch
Logs + Amazon CloudWatch Events)
Step 2 – if you are keeping track
24. The Spanish Inquisition
Querying data answers questions
Did anyone launch an unapproved server last month?
Were any of our load balancers affected by weak DH keys?
Are we really doing what we SAY we are doing?
#3
25. The Action
Be an Action Hero
This is all useless unless you DO SOMETHING
Security
Event
Lambda
#4
26. Minecraft, the craft of mining
Mine the data for compliance,
predictive security models, and other
key learnings
27. Evident Security Platform (ESP)
• 100% AWS Native Application
• Agentless Deployment
• Continuous Security Scanning &
Alerting across all AWS services
• Integrates tightly with DevOps
tools to accelerate secure product
lifecycles
• Tracks history and state to
support Audit and Compliance
needs
28. Next Steps…
1. Talk with the Evident team at Booth #101 to dive deeper
and get FREE CIS Benchmark reviews
2. Add our blog to your reading list: https://blog.evident.io
3. Find your peers here and talk security! AWS events are
the best places to meet and learn.
4. Be sure you attend re:Invent 2016!