“Security is job ZERO at @awscloud”, Adam Selipsky. he’s referring to the fact that it is required as a baseline before building or doing anything
he goes on to say that #security is critical to AWS’ success and customer success
#cloud #devops
he goes on to say that #security is critical to AWS’ success and customer success
#cloud #devops
no one is happy with the abbreviated format but I’m grateful that @awscloud cancelled the in-person event, just not worth it
let’s make the most of this virtual event
let’s make the most of this virtual event
…that’s an exciting comment from the CISO of one of the most advanced #security orgs on the planet. lot of possibilities!
#reinforce
#reinforce
Threat detection and incident response section opening quote, “Risk comes from not knowing what you’re doing”, Warren Buffet
@awscloud #reinforce
@awscloud #reinforce
“Risk is introduced from failing to define, learn, and iterate”, @StephenSchmidt
do you know what your normal good state is? can you react to anomalies quickly?
@awscloud #reinforce
do you know what your normal good state is? can you react to anomalies quickly?
@awscloud #reinforce
remote & #wfh have changed “normal” for organizations, #security needs to adjust (should’ve done that already!) in order to assess risk and properly monitor what’s going on
@awscloud #reinforce
@awscloud #reinforce
nice shout out from @StephenSchmidt to the #security community to make sure that we have a clear demarcation between work and home…need it to avoid burnout
@awscloud #reinforce
@awscloud #reinforce
. @verizon DBIR continues to deliver amazing #security data. this key point: phishing continues to be a massive problem
@awscloud #reinforce
@awscloud #reinforce
in a security conscious environment, texts like this 👆 should set off alarm bells
@awscloud #reinforce
@awscloud #reinforce
are you educating your teams? do you have guardrails in place to help avoid mistakes?
@awscloud #reinforce
@awscloud #reinforce
GuardDuty ingests partner threat feeds as well as @awscloud data in order to generate findings
more on those findings at docs.aws.amazon.com/guardduty/late…
#reinforce
more on those findings at docs.aws.amazon.com/guardduty/late…
#reinforce
“If you’re a ship at sea, you don’t want to be responsible for predicting the weather…you want professionals behind that analysis to help you out”, @StephenSchmidt
@awscloud #reinforce
@awscloud #reinforce
ignoring the buzzword-i-ness of machine learning, it actually helps
GuardDuty uses #ml 🧠 models to help filter out the noise to let humans analysis high quality data
these models improve with more data poured into them
@awscloud #reinforce
GuardDuty uses #ml 🧠 models to help filter out the noise to let humans analysis high quality data
these models improve with more data poured into them
@awscloud #reinforce
GuardDuty customers see a 4-6 week head start with anomalies compared to traditional security threat analysis
@awscloud #reinforce
@awscloud #reinforce
…which I mistyped as “@awscloud Security Hug” initially…that might not be too wrong. will have to dive into that play on words later on
@awscloud #reinforce
@awscloud #reinforce
. @awscloud Security Hub is an actual hub. almost everything sends data to it
turn it on with a single click in your AWS account
more at aws.amazon.com/security-hub/
@awscloud #reinforce
turn it on with a single click in your AWS account
more at aws.amazon.com/security-hub/
@awscloud #reinforce
on to the tips section now…
don’t try to compete in real-time with attackers. you’re not going to win. set things up ahead of time. lots of automation is the key to strong #security in the @awscloud
#reinforce
don’t try to compete in real-time with attackers. you’re not going to win. set things up ahead of time. lots of automation is the key to strong #security in the @awscloud
#reinforce
when conducting incident response, “Fix the underlying cause”, @StephenSchmidt
if you don’t, you’re just doing to have to respond again shortly after you stop the incident. avoid “security slippage"
@awscloud #reinforce
if you don’t, you’re just doing to have to respond again shortly after you stop the incident. avoid “security slippage"
@awscloud #reinforce
. @StephenSchmidt’s example around overly permissive permissions is a common issue
use tools like @awscloud IAM Access Analyzer to avoid this one
more at docs.aws.amazon.com/IAM/latest/Use…
@awscloud #reinforce
use tools like @awscloud IAM Access Analyzer to avoid this one
more at docs.aws.amazon.com/IAM/latest/Use…
@awscloud #reinforce
. @awscloud Security Hub insights are handy for root cause analysis as well. same for Amazon Detective
more on Insights: docs.aws.amazon.com/securityhub/la…
more on Detective: aws.amazon.com/detective/
#reinforce
more on Insights: docs.aws.amazon.com/securityhub/la…
more on Detective: aws.amazon.com/detective/
#reinforce
if you’re new to #ransomware, here’s a quick way to catch up
markn.ca/ransomware
@awscloud #reinforce
markn.ca/ransomware
@awscloud #reinforce
#ransomware in @awscloud usually equates to a loss of access to their accounts. resiliency and prevention is critical here
@awscloud #reinforce
@awscloud #reinforce
I ❤️@StephenSchmidt’s keynotes because he always adds these “do this now” steps that take you 5-10m and deliver rapid #security value TODAY
well done Stephen!
(as usual 😉)
@awscloud #reinforce
well done Stephen!
(as usual 😉)
@awscloud #reinforce
btw, a lot of what @StephenSchmidt is talking about around prevention and resiliency is covered in the relatively unknown @awscloud Well-Architected Framework, “Management and Governance Lens”
docs.aws.amazon.com/wellarchitecte…
yes, it sounds super boring but it’s chalk full of gold
docs.aws.amazon.com/wellarchitecte…
yes, it sounds super boring but it’s chalk full of gold
“Making backups is a good FIRST step. Having an automated testing process for restoration is key to making sure things work”, @StephenSchmidt
@awscloud #reinforce
@awscloud #reinforce
opening quote, “There is always a gap between intention and action”, Paulo Coelho
@awscloud #reinforce
@awscloud #reinforce
btw, every one of these 👆 issues is the SECURITY TEAM’s problem…not the users
we need to do a lot better at education and building systems with delightful #ux
@awscloud #reinforce
we need to do a lot better at education and building systems with delightful #ux
@awscloud #reinforce
…and if you’re doing things right, the security team includes the teams that are building all of your systems 😉
@awscloud #reinforce
@awscloud #reinforce
“Free is a solid price point”, @StephenSchmidt
referring to the fact that @awscloud IAM is $0.00
#reinforce
referring to the fact that @awscloud IAM is $0.00
#reinforce
if you want to setup @awscloud IAM “work hours”, you can read about the required policies at docs.aws.amazon.com/IAM/latest/Use…
#reinforce
#reinforce
side note: you should also be following @QuinnyPig’s tweet 💩⛈ too!
@awscloud #reinforce
@awscloud #reinforce
https://twitter.com/quinnypig/status/1430161435632439296
all of the “access analyzer” features are part of an @awscloud initiative called, “provable security"
learn more about this (trust me, it’s super interesting and cool. lots of math under the hood) at aws.amazon.com/security/prova…
#reinforce
learn more about this (trust me, it’s super interesting and cool. lots of math under the hood) at aws.amazon.com/security/prova…
#reinforce
“Review permissions regularly”, @StephenSchmidt
- your systems changes regularly
- your business changes regularly
- adapt
@awscloud #reinforce
- your systems changes regularly
- your business changes regularly
- adapt
@awscloud #reinforce
Use groups for IAM policies…pretty much always
details at docs.aws.amazon.com/IAM/latest/Use…
@awscloud #reinforce
details at docs.aws.amazon.com/IAM/latest/Use…
@awscloud #reinforce
“Keep humans away from data”, @StephenSchmidt << excellent advice…make sure you have good systems and automation in place
@awscloud #reinforce
@awscloud #reinforce
. @ajassy is the quote here, “We wanted well-documented, hardened APIs so that teams collaborated without having to talk to each other”
@awscloud #reinforce
@awscloud #reinforce
this ties back to the Shared Responsibility Model. almost all of this area of supply chain #security is in @awscloud’s area of the model
@awscloud #reinforce
@awscloud #reinforce
grrr….still dealing with weird geographic licensing though
that has nothing to do with security but is still frustrating to me as a 🤓
🇨🇦
@awscloud #reinforce
that has nothing to do with security but is still frustrating to me as a 🤓
🇨🇦
@awscloud #reinforce
it’s really nice that Brian is talking about the #security culture at @hbomax. that’s so often overlooked but it’s critical
he’s talking about how it’s necessary to deliver a “friction-free customer experience” internally and externally
❤️ it!
@awscloud #reinforce
he’s talking about how it’s necessary to deliver a “friction-free customer experience” internally and externally
❤️ it!
@awscloud #reinforce
paraphrased: “An event-driven architecture is helping up deliver #security"
<< #serverless?
@awscloud #reinforce
<< #serverless?
@awscloud #reinforce
shout out (-ish) for Cloud Custodian. more details on this amazing project at cloudcustodian.io
@awscloud #reinforce
@awscloud #reinforce
“If we’re not responding at the speed of a tweet, we’re not delivering for our customers”, Brian Lozada, CISO @hbomax
@awscloud #reinforce
@awscloud #reinforce
Brian and @hbomax has 100+ open roles right now. check them out at warnermediacareers.com/hbomaxjobs
@awscloud #reinforce
@awscloud #reinforce
sidebar: this was one of my favourite customer segments in an @awscloud keynote is a very long time. Brian is a great speaker and his message is exactly where #security needs to be going
well done!
@awscloud #reinforce
well done!
@awscloud #reinforce
regardless, it’s a good segue to @awscloud Nitro Enclaves
learn more at aws.amazon.com/ec2/nitro/nitr…
#reinforce
learn more at aws.amazon.com/ec2/nitro/nitr…
#reinforce
dive deeper into Nitro Enclaves with this talk from @colmmacc from re:Invent 2020
@awscloud #reinforce
@awscloud #reinforce
use the @awcloud Well-Architected Tool. it’s a free, versioned Q&A tool to help understand risk
@awscloud #reinforce
@awscloud #reinforce
…and of course we have to talk about “zero trust”
opening quote, “For there to be betrayal, there would have to have been trust first”, Suzanne Collins
@awscloud #reinforce
opening quote, “For there to be betrayal, there would have to have been trust first”, Suzanne Collins
@awscloud #reinforce
lots of existing @awscloud #security controls fall under the “zero trust” idea
there’s a TON of marketing 💩 in this area. stick to basic, modern principles and you’ll hit your goals
#reinforce
there’s a TON of marketing 💩 in this area. stick to basic, modern principles and you’ll hit your goals
#reinforce
remember that whole “cybersecurity vs. information security” rant I go on regularly?
👆 contracts is a good example. not a cybersecurity control but an #infosec one
@awscloud #reinforce
👆 contracts is a good example. not a cybersecurity control but an #infosec one
@awscloud #reinforce
“This seems really simple but so many people miss this step. Know what you are storing!”, @StephenSchmidt
@awscloud #reinforce
@awscloud #reinforce
…information management is critical to a strong security and data privacy practice…but it’s almost never in place
orgs usually default to a “inside & outside” level of granularity. we need better tooling around classification and management for data
@awscloud #reinforce
orgs usually default to a “inside & outside” level of granularity. we need better tooling around classification and management for data
@awscloud #reinforce
given the simplicity of encrypting things in the @awscloud, there’s no reason not to have this as the default for all of YOUR builds
@awscloud #reinforce
@awscloud #reinforce
. @StephenSchmidt shouts out the Wickr acquisition earlier this summer
more at wickr.com
@awscloud #reinforce
more at wickr.com
@awscloud #reinforce
I’m glad that @StephenSchmidt makes light of this topic’s “cool” factor. it’s critical but objectively boring
sad that @StephenSchmidt didn’t shout out my FAVOURITE @awscloud “service”; AWS Artifact
aws.amazon.com/artifact/
#reinforce
aws.amazon.com/artifact/
#reinforce
I laugh, chuckle, and giggle simply because AWS Artifact is essentially a single web page with a bunch of links to download compliance documents
you’ll use it once a year, maybe once a quarter but it lets you get those critical compliance documents
@awscloud #reinforce
you’ll use it once a year, maybe once a quarter but it lets you get those critical compliance documents
@awscloud #reinforce
I remember when this slide was much, much smaller. ❤️ to see the growth of the #security space
@awscloud #reinforce
@awscloud #reinforce
remember, if you want to work on your #security skills, the @awscloud Security certification is a great goal to aim for
aws.amazon.com/certification/…
#reinforce
aws.amazon.com/certification/…
#reinforce
. @StephenSchmidt teases more info on the concept of “security guardians” coming at re:Invent 2021
@awscloud #reinforce
@awscloud #reinforce
nice call out for the new-ish, “Cloud Audit Academy”
more at aws.amazon.com/compliance/aud…
@awscloud #reinforce
more at aws.amazon.com/compliance/aud…
@awscloud #reinforce
this is a great time to go back and read @QuinnyPig’s inevitably hilarious thread covering the keynote 👇
@awscloud #reinforce
@awscloud #reinforce
https://twitter.com/QuinnyPig/status/1430161435632439296
here’s the launch blog for AWS Backup Audit Manager: aws.amazon.com/blogs/aws/moni…
@awscloud #reinforce
@awscloud #reinforce
starting a new thread for the next @awscloud #reinforce session. check it out 👇
https://twitter.com/marknca/status/1430194969587945473
• • •
Missing some Tweet in this thread? You can try to
force a refresh
