AWS re:Invent 2022
Context Is Everything Cnapp Revolution to Secure Aws Deployments Prt254

Title

AWS re:Invent 2022 - Context is everything: CNAPP revolution to secure AWS deployments (PRT254)

Summary

  • The session focused on the importance of context in cloud security and how it can transform AWS security practices.
  • The speaker discussed the common challenges faced by organizations using the cloud: complexity of environments, risk assessment, and operationalizing security at scale.
  • Wiz, a cloud security company, was introduced, highlighting its rapid growth and adoption by Fortune 100 companies.
  • The speaker emphasized the limitations of traditional security tools and the need for a new approach that provides context and prioritization for security risks.
  • Wiz's solution is agentless, correlates signals on a graph database, and democratizes security by providing visibility and prioritization to engineering teams.
  • The speaker outlined Wiz's four-step process: agentless connector, deep cloud assessment, advanced analysis using a graph database, and integration with existing tools and processes.
  • John Wisensky, CISO for MGM Studios, joined for a fireside chat to discuss MGM's cloud journey, the impact of Wiz on their security operations, and the role of Wiz in MGM's acquisition by Amazon.
  • The session concluded with an open Q&A.

Insights

  • The complexity of cloud environments requires a security approach that can handle multiple architectures and services seamlessly.
  • Traditional security tools often work in silos, leading to fragmented and noisy security signals that lack context and prioritization.
  • Wiz's use of an agentless connector and a graph database like AWS Neptune allows for a comprehensive view of the cloud environment and the correlation of security signals to identify critical risks.
  • The democratization of security, where developers and engineering teams have visibility and responsibility for the security of their resources, is a key theme.
  • The integration of Wiz into MGM Studios' security operations provided significant benefits, particularly during the Log4j vulnerability crisis and the acquisition by Amazon.
  • The session highlighted the importance of having the right tools and empowering teams to manage security effectively, especially during times of increased complexity such as mergers and acquisitions.
Confidential Computing with Aws Compute Cmp302Core Elements of Digital Transformation Ret301