AWS re:Inforce 2024
How Aws Partners Use Observability to Strengthen Customer Security Cfs227

Title: AWS re:Inforce 2024 - How AWS Partners use observability to strengthen customer security (CFS227)

Insights:

  • Introduction to AWS Cloud Operations Competency: The session begins with an overview of AWS Cloud Operations Competency, which includes five solution areas: cloud governance, cloud financial management, monitoring observability, compliance and auditing, and operations management. These areas are foundational for robust cloud architecture and security.
  • Competency and Use Cases: AWS has developed approximately 40 use cases under each solution area, covering aspects like network management, AI ops, and data management. Partners are vetted and audited based on these use cases to ensure they meet customer needs.
  • Observability Services: AWS offers a range of observability services, including native options like CloudWatch and managed open-source offerings like AMP (managed Prometheus). These services help customers monitor and secure their environments effectively.
  • Data Collection and Analysis: Effective observability starts with data collection. It's crucial to collect high-fidelity data that answers specific security questions. Observability involves understanding normal behavior in the environment and identifying anomalies.
  • Modern Application Challenges: Modern applications often involve independently scaling components, making traditional monitoring methods less effective. Observability helps in understanding resource behavior and traffic patterns, which is essential for security.
  • Three Threat Cases: The session covers three real-world threat cases: data exfiltration using S3, serverless security with API Gateway and Lambda, and SaaS/PaaS security in Kubernetes environments. Each case demonstrates how observability tools can be used to detect and mitigate security threats.
  • Detection and Response: Implementing detections involves using tools like GuardDuty and partner solutions to identify malicious traffic. Consuming and visualizing data through tools like QuickSight makes it actionable. Automated responses can be set up to remediate issues without manual intervention.
  • Specific Use Cases:
    • Data Exfiltration: Monitoring S3 bucket activity using CloudWatch, CloudTrail, and Config to detect and respond to unauthorized data access.
    • Serverless Security: Using API Gateway, WAF, and Lambda to monitor and secure serverless applications. Tools like X-Ray and Inspector help in tracing and identifying anomalies.
    • SaaS/PaaS Security: Observability in Kubernetes environments using tools like OpenTelemetry and network firewalls to monitor and secure containerized applications.
  • Partner Solutions: AWS collaborates with partners like Datadog and service implementation partners to provide comprehensive observability solutions. These partners offer specialized capabilities and can assist in building and maintaining observability frameworks.
  • Training and Resources: AWS offers training courses, such as the CloudWatch training course, to help customers understand and utilize observability tools effectively.

Quotes:

  • "Competencies are a way for us as AWS to look at partner offerings that we can vet and audit based on customer use cases."
  • "We try to give you native options like CloudWatch that tie into things like Lambda, all of our native compute services. It's one-click integrations that make your life easy."
  • "Collection is step one, right? We can't analyze what we don't have. It's easy to drown at this step as well."
  • "When you get good at the security side of this, your entire business gets better. Your profitability gets better. You have better integrations."
  • "Your logs are kind of worthless if you don't know what you're looking for, right? We need to actually see like what is bad traffic."
  • "The beauty of this too is you can set this up when there's nothing in that bucket. And you can just continue to watch it scale and our tools will baseline them for you."
  • "If you put an open port on the Internet, you're going to get traffic to it. It may not be traffic you want, but that's ultimately why we need things like WAFs."
  • "Observability is the way you detect that, right? Why is it doing something different that it's never done before?"
  • "The most important part is you have to take everything from collection to action."
  • "We give you options that are natively integrated, but we also work with a ton of partners that also know our services well and specialize."
Harnessing Conversational Ai for Streamlined Security Operations Com222How Bbva Relies on Amazon Appstream to Avoid Data Exfiltration Dap303