AWS re:Inforce 2022, Amazon’s largest AWS Security annual event, was held in Boston, Massachusetts on July 26th and July 27th. As they do every year, they gathered their best and brightest to bring to attendees security sessions, workshops, labs, CTF events, and a partner showcase. F3 Technology Partners was among those attendees and we would like to pass along a few key highlights from the event.
Amazon Chief Security Officer Stephen Schmidt, AWS Vice President and Chief Information Security Officer CJ Moses, Vice President of AWS Platform Kurt Kufeld, and MongoDB Chief Information Security Officer Lena Smart presented at this year’s keynote presentation.
Stephen stressed the importance of getting the basics down first before going into the edge use cases. He indicated AWS is using knowledge gained from one customer security incident to prevent security incidents with other customers. Stephen says you should “weave security into your development lifecycle, and your operations. This is the shift left approach, security must be built in with your DevOps and not tagged on after.
CJ Moses talked about five lessons learned from Log4j:
Kurt Kufeld talked about the post Quantum crypto world and Quantum-resistant cryptography. They’ve implemented a hybrid post-quantum key agreement exchange and made it available as open source. These algorithms are available for the following AWS services: KMS, Certificate Manager and AWS Secrets Manager with more to come.
Amazon Web Services has made changes to its AWS Security Competency program with eight new categories designed to allow customers to find a partner software offering and partner service to help with a particular security category.
The eight categories are Identity and Access Management, Threat Detection and Response, Infrastructure Protection, Data Protection, Compliance and Privacy, Application Security, Perimeter Protection, and Core Security.
Amazon GuardDuty is a threat detection service that monitors your AWS accounts and workloads for malicious activity and provides you detailed security findings. They have now announced adding Malware Protection to Amazon GuardDuty.
The product is completely agentless so has no performance impact to your EC2 instances and is container aware. The coverage today includes Amazon EC2 instances, Amazon ECS, Amazon EKS and self-managed containers on Amazon EC2. It only scans an instance once every 24 hours. The way it works is when it detects a finding it will take a snapshot of the EBS volume and ship it to the Amazon GuardDuty service account, the customers key will then be shared and used to decrypt the snapshot allowing a scan to be performed. After it’s complete the key and snapshot are removed.
Two main points of note:
Existing Amazon GuardDuty customers can enable Malware Protection today with a single click.
AWS launched Amazon Detective for Elastic Kubernetes Service (EKS) to help in security investigations. In order to secure your EKS workloads, the importance of monitoring container deployments and configurations in the form of audit logs is imperative.
After enabling the new feature, Amazon Detective will automatically start ingesting EKS audit logs to capture activity related to your EKS clusters.
Security Hub now automatically receives Amazon GuardDuty Malware Protection findings to make it easier to be alerted of issues. This allows a single pane of glass experience when looking to find any security threats you may be dealing with. This makes it easier to search filter and investigate any security issues you may have.
AWS re:Inforce 2022 was an amazing
conference with many great sessions
and security professionals working
together to share their knowledge. I
thought the sessions were very insightful and the hands on approach made it all worthwhile. There were so many sessions that it felt like two days was too short and I had to catch up with some sessions on demand after. I’m looking forward to returning in 2023 where hopefully it will be a bit longer.
F3 Technology Partners is a Solution Provider founded in 2007 in Hartford, Connecticut. F3 is a services led, cloud first organization that believes the journey to the cloud should be easier and more secure. We solve customer challenges through amazing business outcomes. F3 strives to remove barriers to innovation by leveraging cloud and automation. We have four main practices; Cloud, Modern Workspace, DevOps & Automation and Data Center.
F3 is an AWS Select Partner and has deep cloud security experience. Reach out today for more details.
Please subscribe to our BrightTALK channel today https://www.brighttalk.com/channel/19517/ to be aware of our latest webinar offerings including Cloud and Cloud Security.