AWS re:Invent 2022
3 Steps to Help Mitigate Cloud Risks with Crowdstrike and Aws Prt328

Title

AWS re:Invent 2022 - 3 steps to help mitigate cloud risks with CrowdStrike and AWS (PRT328)

Summary

  • Challenges in Cloud Security: Security teams face challenges in cloud environments, particularly with cloud-native applications that differ from traditional applications. Security cannot be an afterthought and must be integrated into the fast-paced development cycle.
  • Visibility and Continuous Protection: Organizations require visibility into their entire cloud infrastructure and continuous protection of their deployed infrastructure, ensuring it remains immutable and protected against threats.
  • Automation and Collaboration: Security teams need to automate remediation and collaborate with cloud and DevOps teams to filter out noisy detections and scale their security efforts.
  • Cloud-Native Applications: These applications are characterized by microservices, multiple development teams, and infrastructure as code, requiring a paradigm shift in security tooling.
  • Build, Release, and Run Phases: Security must be implemented at each phase of development, from pre-build (scanning code and dependencies) to post-build (auditing and promoting secure code bases) and runtime (monitoring and protecting running applications).
  • Best Practices and Frameworks: Security teams should establish best practices and frameworks for securing cloud-native applications, including understanding shared responsibility models and implementing preventive and detective controls.
  • CrowdStrike's Approach: CrowdStrike emphasizes shifting security left, analyzing container images, securing infrastructure, and providing runtime protection. They offer tools like Horizon (CSPM) and integrations with AWS services to enhance security measures.

Insights

  • Shift Left Security: Emphasizing the importance of integrating security early in the development process, CrowdStrike advocates for scanning code repositories and dependencies before deployment to identify and mitigate risks.
  • Infrastructure as Code (IaC): The use of IaC in cloud-native applications allows for better visibility and control over the security posture, as it is declarative and version-controlled.
  • Event-Based Security: Cloud-native applications often rely on event-based mechanisms, which necessitates security tools that can monitor and respond to events in real-time.
  • Collaboration Between Teams: The security of cloud-native applications requires close collaboration between security, cloud, and DevOps teams to ensure that security measures do not impede development speed.
  • Adversary-Focused Security: CrowdStrike's approach to security is adversary-focused, providing insights into the tools and techniques used by attackers, which helps in building effective defenses.
  • Automation and Integration: CrowdStrike leverages automation and integrates with AWS services like EventBridge, Security Hub, and Network Firewall to provide real-time threat detection and response, demonstrating the importance of leveraging cloud-native features for security.
  • Container Security: The distinction between daemon set and sidecar container sensors highlights the need for tailored security approaches depending on whether the environment is managed or unmanaged.
  • Threat Intelligence and Threat Hunting: CrowdStrike's integration with AWS Network Firewall for threat hunting using threat intelligence feeds illustrates the proactive approach to identifying and mitigating potential threats before they impact the environment.
3 Innovations That Redefine Data Protection for Amazon S3 Prt3153m Architecting for Innovation in Regulated Industries Cop315