Title
AWS re:Invent 2023 - Northwestern Mutual shifts left & shields right to stay secure on AWS (SEC207)
Summary
- Northwestern Mutual (NM) partnered with Sysdig to enhance security on AWS.
- Dave Vandermas from NM leads a cybersecurity team focusing on secure application patterns and automated controls for container and cloud environments.
- Jason Clark from Sysdig has experience with large enterprises and the Sysdig CNAP platform.
- NM is a financial services company over 160 years old, headquartered in Milwaukee, Wisconsin.
- NM's cloud journey began in 2015, adopting Kubernetes in 2016, launching a multi-cloud strategy in 2018, consolidating to AWS in 2020, and migrating to EKS in 2021.
- NM's security transformation includes building a security culture, establishing rigorous security processes, and continuously evolving and improving with Sysdig's managed security policies.
- Sysdig's CNAP platform provides insights from the running environment, cross-domain correlation, and a cloud attack graph.
- NM addresses vulnerability risk in their pipeline deployment processes, reducing the introduction of vulnerabilities into production.
- NM uses Sysdig for runtime reporting on fixable CVEs and compliance issues, such as containers running as root.
- Sysdig assists NM with threat detection and response, providing real-time visibility and enabling NM's threat detection team to act on security events.
- NM plans to further integrate with Sysdig for automation, registry scanning, host reporting, and leveraging the in-use feature for vulnerabilities.
- Sysdig's approach to threat detection and response includes enriching findings, managing policies, and providing real-time insights.
- NM has seen measurable benefits from using Sysdig, including full confidence in protection from runtime threats, support for various languages and operating systems, and improved collaboration across security teams.
Insights
- NM's shift-left approach involves integrating security early in the development pipeline, while the shield-right approach focuses on protecting the runtime environment.
- The partnership with Sysdig has allowed NM to implement a comprehensive security strategy that spans from developer education to real-time threat detection.
- NM's cloud journey reflects a trend towards Kubernetes and containerization, highlighting the importance of a robust container security strategy.
- The use of Sysdig's CNAP platform suggests that organizations are looking for solutions that provide a unified view of security across multiple domains.
- NM's implementation of automated controls and security scanning in their CI/CD pipeline demonstrates a proactive approach to vulnerability management.
- The statistics shared by NM, such as the reduction of vulnerabilities and the percentage of containers not running as root, indicate the effectiveness of their security measures.
- NM's future plans to leverage Sysdig's in-use feature for vulnerabilities show a commitment to prioritizing and addressing the most critical security risks.
- The session underscores the importance of collaboration between security and development teams to achieve a secure cloud environment.