AWS re:Inforce 2024
Discover Emerging Threats in Cloud Security Nis201

Title: AWS re:Inforce 2024 - Discover emerging threats in cloud security (NIS201)

Insights:

  • Shared Responsibility Model: AWS is responsible for the security of the cloud infrastructure, while customers are responsible for securing their own configurations and operations within the cloud.
  • Sonaris Team: A network telemetry analyzer within AWS Security that identifies malicious network and service scanning aimed at AWS infrastructure and customers.
  • Perimeter Protection Team: Focuses on protecting web applications from cyber attacks using tools like AWS WAF, AWS Shield, AWS Firewall Manager, and AWS Network Firewall.
  • MadPot System: A global fleet of honeypots that emulates various services to attract and analyze threat actors, providing actionable threat intelligence to AWS.
  • Threat Intelligence Cycle: MadPot helps in identifying and disrupting botnets and C2 servers, providing critical threat data to enhance AWS's defensive measures.
  • Proactive Protection: AWS uses MadPot data to implement network mitigations and protect customers from emerging threats, often before they are publicly known.
  • A/B Testing with MadPot: AWS uses protected and unprotected fleets of honeypots to measure the effectiveness of their security measures, showing an 80% reduction in exploit attempts.
  • Machine Learning and AI: AWS employs AI to process vast amounts of data from MadPot, identifying novel threats and integrating findings into customer protections.
  • Customer Integration: Customers can leverage MadPot intelligence through AWS services like WAF and GuardDuty to enhance their own security postures.

Quotes:

  • "The shared responsibility model has two components. The first is the security of the cloud where AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud."
  • "Sonaris lives within AWS Security, but this is an exciting moment for me because this is the very first time I get to talk with you as customers about what happens within our organization."
  • "The threat research team's vision is to create a virtuous cycle that accelerates Amazon's defensive and proactive security measures, ultimately making AWS an unattractive target for cyber attacks."
  • "MadPot is a global fleet, global honeypot fleet, that receives TCP and UDB traffic on tens of thousands of IP addresses every day."
  • "Our goal is detection to protection in 24 hours."
  • "In the end, the outcome of this work led to a 96% reduction in VPN brute force attempts against AWS customers."
  • "We aim to rapidly and respond within like 24 hours, this idea of detection to protection in 24 hours."
  • "AWS has a goal to make the AWS cloud the most secure cloud computing environment."
  • "I challenge you to walk away and explore MadPot in these other services to dig deep into understanding your own unique security posture."
Developing an Autonomous Framework with Security Lake Torc Robotics Tdr301Diversity and Accessibility in the Age of Generative Ai Abw101