AWS re:Invent 2022 is completed in Las Vegas. I did not attend in person, but I’ve watched some security sessions and announcements online and I want to share my notes with you. I hope you will enjoy it! Let's start! 🤔
1- Amazon Security Lake: As you know, security data analysis is challenging. Every day, lots of logs are generated from our application environments. Transparency is high, and this is fine, but we, as a customer, gets lots of work and analysis to do. Besides this, every log is a different format and there is heterogeneity in them. We can build custom solutions to query, but this is also a complex and not flexible solution. AWS starts with the "Imagine if there was a service that…" idea to fix all these problems. The answer is "Amazon Security Lake".
Amazon Security Lake is a service that gives you the ability to centralize your security data. The main features that I've noted:
- Provides collect, optimize, normalize, and analyze your log data,
- Works with AWS Organizations,
- Collect any region & any account with AWS services,
- Log data can be immediately queried with Amazon Athena,
- Retention and storage class settings,
- Share your log data with 3rd party analytic tools.
- Regulatory-compliant service.
2- Revitalize Your Security with the AWS Security Reference Architecture: This is a great presentation to understand the AWS Security services and SRA in general.
To use Security Reference Architecture, you need to define your security requirements first. You need to review and revise the architectural design that you've already implemented. You should learn cloud security concepts and use Infrastructure as Code wherever as possible. You must learn and understand new security concepts for your cloud environments. This process does not a one-time job, it should be reviewed and applied regularly. AWS SRA is a complex architecture if you're just learning or implementing security services, but with this session, you'll see every security service and their usage one by one in different use cases such as network security, infrastructure security, etc. I strongly recommend that watching this session if you're willing to build your own cloud security posture.
3- AWS Verified Access: In our daily workloads, we're connecting our corporate VPN and accessing our private applications in our cloud environments. What if we do not need VPN for accessing our applications? What if we can do this in an easier way? With AWS Verified Access, we can do this. This AWS service is created based on these questions: "We need simple connectivity." "We need better security." "We want to know who can access my application from what type of device and when this is happening."
AWS Verified access is built with zero trust principles and gives us better security posture. It also simplifies security operation, with just few clicks, you can set and use this service. It also logs every access request either allowed or denied. It is a requirement for troubleshooting, auditing, and compliance controls of an application.
To set up AWS Verified Access, you need to connect your trust providers (identity or device provider). After that, you need to associate your applications (CNAME and AWS ACM configurations). Lastly, you need to add access policies. AWS Verified Access policies have a new policy language that AWS Build called "Cedar". This is Cedar syntax:
If you want to use this service, AWS recommends adding your new applications to AWS Verified Access. For your existing applications, users can access the application by VPN and internet (with Verified Access), do not disable VPN directly.
4- Automate Data Discovery with Amazon Macie: AWS Macie is relaunched in 2020. It focuses on sensitive data at scale using machine learning. It is natively integrated with AWS S3, and it aims to evaluate your data security posture in your buckets.
With the "Automate Data Discovery" feature, we will be able to discover sensitive data continuously across all our AWS accounts and AWS S3 buckets by just enabling this feature. It uses intelligent sampling techniques.
With automated sensitive data discovery, you can prioritize your buckets, findings, and remediations. You can read more details here.
5- Protecting production with Amazon ECS security features:
This session is very useful to understand and implement Amazon ECS security considerations. Container technology usage and transition increase day by day. It’s important to know which parts we are responsible for in our container environments, and which implementations should we have done on the network, data, and infrastructure side. In the session, you’ll see different use cases and team groups from security perspective and possible solutions and responsibilities about them. This is an example of use cases:
6- Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities: Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities: I’ve mentioned about this new feature in my blog:
Security visibility and vulnerability management are important steps for your cloud environments. These two steps are not one-time jobs, these should be regular and real-time if it’s possible. AWS has lots of services and solutions for securing your cloud, gaining visibility for vulnerabilities, and remediating them as soon as possible. Every day, the AWS team finds and adds new solutions to these services. Today, we’re going to learn new features of Amazon Inspector. With this new feature that announced in re:Invent 2022, you can scan your AWS Lambda functions with Amazon Inspector.
I get all the screenshots from re:Invent 2022 videos. I'll mention other sessions or new announcements in my other blogs. You can access lots of security related sessions in this list.
Thanks for reading! Stay safe in the cloud! 🌤 ⛅️ 🌥
Top comments (0)