AWS re:Inforce 2024
Closing the Security Visibility Gap Tdr225 S

Title: AWS re:Inforce 2024 - Closing the security visibility gap (TDR225-S)

Insights:

  • The presentation focuses on addressing the security visibility gap by leveraging Amazon Security Lake, rather than discussing specific capabilities.
  • The main objective is to challenge current business practices and optimize vulnerability management and risk mitigation strategies.
  • The scenario presented involves a multinational retailer with complex security needs, highlighting the role of the CISO or security leader in managing these challenges.
  • Key challenges include the integration and optimization of various security tools and the need for a centralized approach to telemetry for both proactive and reactive measures.
  • The presentation emphasizes the importance of consolidating security data into a single, centralized location to improve risk assessment and decision-making.
  • Data quality and the integration of external contextual information are critical for effective risk management and prioritization.
  • The solution proposed involves using the OCSF common data framework within Amazon Security Lake to centralize and analyze security data, enhancing the ability to identify and address anomalies.
  • The approach aims to provide a unified view of security, improving data quality, and increasing confidence in recommended actions through enriched data and proactive changes.
  • The presentation underscores that the goal is not to replace existing tools like SIM or EDR but to optimize their use and ensure efficient data integration for better risk management.
  • Future directions include extending the value of the solution to audit and compliance risk managers, IT operations, and other departments beyond security.

Quotes:

  • "My presentation is not talking about capabilities. It's just really trying to paint the story or the situation that we have and a possible approach to be able to solve that."
  • "What we're challenging here today, within the next 15-20 minutes, is how are we doing that business? How are we centralizing the telemetry that we get for proactive and reactive measures?"
  • "We're suggesting the challenge is consolidating the output into one centralized location and making decisions and getting the teams that can make a difference."
  • "With more and more data modeling that we inject, more lessons learned that we learn from the business and other vector leaders, we're able to increase value in order to provide changes that they must make."
  • "With what we're positioning with Security Lake, it's not replacing a SIM. Okay, that's not what we're stating or positioning. We're not trying to replace an EDR solution, but what we are suggesting is there is always optimization."
  • "How are we best using those tools that we have in our inventory? Again, there's always a rush to implement a tool without really tying what are we trying to achieve and how much money are we spending based on that model?"
  • "The relationships been going on with AWS for the past year and a half. It is literally a journey that we're ongoing right now with those two key personas, with a CISO and security analyst."
  • "Kindrel also provides a threat insights advisory service as well, so we're happy to be able to sit down and have this conversation like I'm having with you today."
Choosing the Right Cloud Infrastructure for Digital Sovereignty Gbl221Cloud Compliance Journey Compliance and Audits Grc201