Fidelity Investments Building a Scalable Security Monitoring Tool Fsi202

Title

AWS re:Invent 2023 - Fidelity Investments: Building a scalable security monitoring tool (FSI202)

Summary

  • Fidelity Investments has been in the cloud for over five years, with 1,500+ AWS accounts and 8 million+ resources across various services.
  • The security monitoring tool discussed is not just for monitoring but also for detecting, responding, and preventing security issues.
  • The tool provides a single pane of glass for security needs, allowing real-time visibility and actions on resources.
  • Key AWS services used include IAM, EKS, CloudTrail, CloudWatch, SQS, S3, RDS, and KMS.
  • The tool uses a repository-based role management system called GRAP for centralized permission management.
  • AWS Organizations is used as the source of truth for account labeling to ensure correct handling of resources.
  • The tool uses RDS and SQL Alchemy for storing and querying data, allowing for saved views and severity levels for different environments.
  • Template scanning is used as a preventative measure to ensure compliance before deployment.
  • Reaction triggers and automation are used for real-time response to events in the cloud.
  • The tool is customizable, allowing Fidelity to handle any security scenario.
  • An example event demonstrates the tool's ability to detect and automatically remediate a public EC2 instance, including sending an educational email to the responsible engineer.
  • The tool has led to efficient remediation at scale, increased security awareness, and real-time developer education.

Insights

  • Fidelity Investments has achieved a high level of automation in cloud security, which is critical for managing a large number of resources and accounts.
  • The use of a single pane of glass approach simplifies security management and ensures that security personnel have a comprehensive view of the security posture across all cloud resources.
  • The emphasis on both preventative measures (template scanning) and reactive measures (reaction triggers and automation) indicates a mature approach to cloud security, where prevention and quick response are equally valued.
  • The tool's ability to customize and create plugins for specific security scenarios shows the importance of adaptability in security tools to meet unique organizational needs.
  • The educational component of the tool, which sends notifications directly to the engineers responsible for security events, demonstrates a proactive approach to security culture, aiming to reduce repeat incidents.
  • The global nature of Fidelity's security team, with a follow-the-sun model, ensures continuous monitoring and response, which is essential for maintaining security in a cloud environment that operates 24/7.