AWS re:Invent 2022
Security Incident Monitoring Mitigation Metrics Using Feature Flags Prt326

Title

AWS re:Invent 2022 - Security incident monitoring, mitigation & metrics using feature flags (PRT326)

Summary

  • Andrew Krug, a lead security evangelist at Datadog, and Alex Hardman from the Dev Relations team at LaunchDarkly presented a session on security incident monitoring, mitigation, and metrics using feature flags.
  • The session covered the identification of security incidents in the cloud, the evolution of incident detection methods, and the use of feature flags to mitigate threats.
  • Andrew discussed the importance of understanding and defending the increased attack surface due to complex cloud environments.
  • Credential compromise was highlighted as a common starting point for cloud control plane incidents, with attackers targeting privileges and customer data.
  • The session emphasized the need for continuous security and the ability of systems to reorganize around threats in real-time.
  • Alex introduced LaunchDarkly's feature flagging platform and its integration with Datadog's cloud security platform to protect their infrastructure.
  • The speakers demonstrated how feature flags can be used to change application behavior at runtime, enabling quick response to security incidents.
  • They showcased a sample application, Travel Dog, to illustrate potential security threats and how feature flags can be used to engage adversaries and disincentivize further attacks.
  • The session concluded with a discussion on metrics to measure engagement performance and response effectiveness in security incident handling.

Insights

  • Feature flags can be a powerful tool for security incident response, allowing for dynamic and granular control over application features without redeploying code.
  • Credential compromise remains a significant threat in cloud environments, with attackers often targeting privileged access and sensitive data.
  • Continuous security and the ability to adapt to threats in real-time are crucial for modern cloud-based applications.
  • Integrating security monitoring and incident response tools with feature flagging platforms can streamline the process of mitigating security incidents.
  • Engaging adversaries through feature flags, such as by providing fake data or slowing down system responses, can be an effective strategy to learn more about attackers and waste their resources.
  • Metrics such as incident volume by criticality and average time to detect/respond to incidents are important for evaluating the performance of security incident handling processes.
  • The use of feature flags for security purposes requires collaboration between security teams and software engineers, emphasizing the importance of a unified DevSecOps approach.
Security Alchemy How Aws Uses Math to Prove Security Sec310Self Service Analytics with Amazon Redshift Serverless Ant317