The debut running of the AWS security conference re:Inforce 2019 has wrapped up in Boston today. RedBear were on the ground to soak up the event. Here is our wrap-up from the 2 day event.
There were a number of reoccurring themes from the conference.
- Securing automation. Being able to adapt and respond is no longer the domain of a floor full of analysts. With more and more threats, automated detect and respond is critical for a successful Cloud deployment;
- Compliance was a big topic. Now in 2019, it’s about how you can use the AWS Cloud to enable and demonstrate your compliance to policy and regulation in real time. Lets not wait until the annual audit;
- Let’s stop thinking of security as a blocker. Rather, as an enabler. Moreover, we should be moving security into all stages of the build process, not leaving it to a final tick box exercise. As it turns out, the tools provided to us by the AWS Cloud now make that possible. For RedBear, it certainly validated the richness of the AWS Cloud. From a security perspective, you can benefit from capabilities that you could only dream off a few years ago;
- Finally, it was a conference for the builders. AWS certainly wanted to highlight that they have a rich ecosystem of security services. All builders can use these tools to operate securely because in 2019 security is everyone’s job.
There were three major announcements from the keynote on Tuesday.
AWS announced the general availability of Security Hub at re:Inforce 2019. It aggregates and prioritises security alerts and findings from multiple AWS services, such as GuardDuty and Inspector. However, it isn’t limited to AWS services. A number of third party solution providers have already integrated with it. it. Rapid7 and SumoLogic, two of our current security partners, are included in the initial integration. If your favourite integration isn’t there, you can create your own using the API. The goal of Security Hub is to simplify the security management of your AWS environment.
The Rapid7 integration is particularly interesting. It includes not only the ability to see findings from the Rapid7 Insight platform but also the capability to then enable an automation workflow in response (using the Rapid7 Connect product).
Around 12 months ago, AWS released a solution blueprint called Landing Zone. The idea behind it was to provide a common best practice pattern for AWS foundations. It provided a multi-account solution with baseline solutions for security and monitoring and used AWS Organizations to unify billing and access. It was a fantastic solution that helped to standardise the initial footprint for new AWS implementations. However, it was complex and was up to the customer or partner to implement, customise and support on-going.
As of today, Landing Zone has been upgraded! Control Tower is the name of the official service! This new solution now offers a fully supported service that enables best practice guard rails and blueprints for your AWS account foundations. Although we have a lot of experience with multi-account solutions, we are excited by the availability of a fully support offering.
VPC Traffic Mirroring
Gaining visibility at the network packet level has alway been difficult in the public Cloud. However, that has now changed! On Tuesday, AWS announced the ability to mirror traffic from a VPC. Yes, now, your can send raw network packets to the tool of your choice for deep level traffic inspection or for audit trail purposes. It’s like a virtual network tap. You can also filter the traffic that your capture based on a set of rules. There are already a number of providers who have integrated into this new feature with more to come!
It’s a feature that has long been requested. We are very happy to see it released at re:Inforce 2019. In fact, we can’t wait to have a play when we are back in Melbourne!
See you next year in Houston
Re:Inforce will be back again next year. Houston will be hosting the event in 2020. Of course, we plan to be back!
In the meantime, please get in touch to know more about RedBear’s experience at the event and to discuss your security requirements as you move to the AWS Cloud.