AWS’s re:Invent kicks off next week with a mix of keynotes, boot camps and technical sessions. As ever, there’s a huge catalog of sessions to chose from but you can’t attend them all! Here we pick out 6 security sessions that we think are essential viewing for everyone. They are relevant to those who cares about securing their workloads on the AWS Cloud (so everyone, then!). A lot of these are chalk talks as we find them more interactive and more valuable!
The anatomy of a ransomware event (SEC402)
There nothing like a war story or lived experience to sharpen the mind. Sadly, ransomware has been a common story over the last 12 months and it’s not going away anytime soon. The best way to avoid a ransomware event is preparation. No one wants to be stuck in a “we have to pay the ransom” situation. Plan the protection of your environments to prevent unintended access. Ensure that you have a recovery system and plan and that you test it both technically and from a procedural basis. There’s nothing like a game day to reflect and refine.
In this chalk talk, AWS will walk through the anatomy of a ransomware event that targets data residing in Amazon S3. It will cover detailed best practices for detection, response, recovery, and protection.
Expected learning: how you can reduce the risk of a ransomware attack and how you can recover from it should it happen
Automate security analysis and code reviews with machine learning (SEC314)
Preventative controls and detection are critical tools to any defender in cyber security. But, how can you reduce the risk in the first place? What if these potential risky assets (such as configuration or code) were never deployed into your AWS environment? In the security discipline, we call this “shift left”. What this means is embedding security controls, thinking and culture early into the development lifecycle. After all, if you can’t deploy a vulnerability, it can’t become a risk to your business.
In this session, learn how you can use machine learning to embed security during the development phase. See how you can build guardrails to flag configurations or code that deviate from accepted policies before they are deployed.
Expected learning: how to shift security left into your design and development process, reducing the security risk to your workloads
Securing serverless workloads on AWS (SEC311)
No server is easier to manage than no server
Werner Vogels, CTO amazon.com
Or, as we like to say, “No server is more secure than no server”.
The rightful rise of serverless has reduced the security burden on teams. It has taken away the effort of maintaining the server and its OS configuration (thanks AWS!). However, it brings new challenges. The traditional way of managing endpoints (or Endpoint Detect and Respond, EDR) are no longer possible. Modern compute required modern thinking!
In this, one of a number of serverless focussed security sessions, we will be taken through design patterns for building secure serverless applications on AWS. These patterns will cover secrets management, code vulnerability detection and ensuring dependencies are validated and approved. It will also dive into securing your APIs, a critical attack vector against also all modern applications.
Expected learning: how you can secure and protect your modern serverless applications
Implementing traffic inspection capabilities at scale on AWS (SEC317)
Understanding your network traffic and flows is another key pillar of good security operations. Both ingress and egress flows are important to monitor along with developing a baseline for normal and abnormal patterns. AWS offers a number of options around both routing and flow control as well as packet inspection.
In this session, you will discover network architectures for firewall options to protect inbound traffic to your internet-facing applications. In addition, it will cover the best practices for applying security controls to various traffic flows including internet egress and east-west traffic.
Expected learning: how you can gain control and visibility over your Cloud based networks
Re-imagine the security boundary with Zero Trust (SEC324)
Often discussed by application owners and security teams, seldom implemented! Make 2023 the year that you implement Zero Trust for your workloads. What is Zero Trust? It’s a network security model where services or endpoints inside or outside your organization boundary have to authenticate and prove who they are for all interactions. The point of Zero Trust is to avoid the “castle wall” approach to security where all your eggs are in the “really big wall” basket. Once inside the walls, it’s a free for all with freedom of movement. This is generally a bad place to be. Defense in depth has always been a key security principle and Zero Trust can be a big piece of that puzzle.
Drawing from common Zero Trust use cases and technologies, this session will provider patterns and approaches on how you can implement Zero Trust in your existing and future workloads.
Expected learning: how your applications can adopt a best practice layered security model
Building your forensics capabilities on AWS (SEC321)
The lucky last of our recommended security sessions covers one of the places that security teams fear to tread, forensics. As Taylor Swift said, “If you fail to plan, you plan to fail” (although she may well have not been the first person to say that!). No one wants an incident or a breach to occur to their organisation but if it does, how are you prepared for it? Forensics differs from containment in that its focus is identifying root cause with the aim to prevent it from happening again. What evidence do you need to gather and how are you going to do that? How will you secure it so it can’t be tampered with (important for any future legal case)? How do you make sure that the investigation itself isn’t a risk to your environments?
In this lab based session, you will learn some methods for implementing effective data acquisition and analysis during your investigations. You will learn how to identify the tools and capabilities you need to effectively analyze it, as well as how to protect the evidence. Finally, you will walk through how to improve your security based on the analysis of the evidence.
Expected learning: how you can be prepared should a breach happen to your workloads
Wrapping up
We will be on the ground at re:Invent. Keep an eye on LinkedIn and this blog site for our thoughts on new announcements and other security sessions that we find interesting! Feel free to get in contact with us for a debrief on all things re:Invent!