AWS re:Inforce 2024
How Natwest Uses Aws Services to Manage Vulnerabilities at Scale Tdr201

Title: AWS re:Inforce 2024 - How NatWest uses AWS services to manage vulnerabilities at scale (TDR201)

Insights:

  • Introduction to Vulnerabilities in the Cloud: The session began with an introduction to vulnerabilities in the cloud, likening them to leaving a door open in a house. The focus was on three main types of vulnerabilities: misconfigurations, software vulnerabilities, and code vulnerabilities.
  • AWS Tools for Vulnerability Management: AWS Security Hub and Amazon Inspector were highlighted as the primary tools for monitoring and managing vulnerabilities. Security Hub offers continuous monitoring for configuration vulnerabilities and integrates findings from various AWS and third-party services. Amazon Inspector focuses on software and code vulnerabilities, providing hybrid scanning capabilities.
  • NatWest's Cloud Journey: Kenny Dunn from NatWest shared their journey of adopting AWS Security Hub and Amazon Inspector. NatWest transitioned from on-premise data centers to a hybrid model, facing challenges with existing security tools and the need for better visibility and automation.
  • Implementation and Benefits: NatWest implemented Security Hub and Inspector within 30 days, achieving immediate coverage and significant cost reductions. The tools provided democratized visibility, allowing account owners to address findings directly, leading to faster response times and reduced risk.
  • Noise Reduction and Automation: NatWest employed several strategies to manage the volume of findings, including enabling consolidated findings, suppressing irrelevant controls, and using automation rules to adjust severities and respond to critical issues.
  • Integration and Customization: NatWest enriched Security Hub findings with their own business context using AWS tools like Lambda and QuickSight, providing tailored visualizations and insights for different business units.
  • Ongoing Improvements: NatWest continues to develop corrective and preventative controls, shifting security left to enable developers to address issues earlier in the development process.

Quotes:

  • "The metaphor that we use is that it's as if you leave the door to your house open. Nothing bad has happened yet, but the second someone realizes that the door is open, something very bad can happen."
  • "Security Hub really has two main value propositions: continuous monitoring for configuration vulnerabilities and acting as a hub for findings from dozens of partner products."
  • "For us, it was easy to turn on both of these tools. The coverage was great right from the off and it gave us a fantastic view of the posture of our organization."
  • "We wanted to democratize that visibility, have those findings out with the people who can actually make a difference and get fixing."
  • "The support we got from Amazon was fantastic. AWS aren't a perfect organization but they're really willing to learn from their customers."
  • "We wanted to see a reduction in the cost and we also wanted to see that decentralization, make sure that people were paying for what they were using."
  • "The key point here is that not everybody in your application teams is going to understand security, and they won't understand the specific and unique security threats that face your organization."

These insights and quotes provide a comprehensive overview of how NatWest leverages AWS services to manage vulnerabilities at scale, highlighting the benefits, challenges, and strategies employed in their journey.

How H2oai Bridges Runtime Build Time Intelligence for Security Nis307 SHow Organizations Are Actually Applying Aws Security Best Practices Com224