Northwestern Mutual Shifts Left Shields Right to Stay Secure on Aws Sec207

Title

AWS re:Invent 2023 - Northwestern Mutual shifts left & shields right to stay secure on AWS (SEC207)

Summary

  • Northwestern Mutual (NM) partnered with Sysdig to enhance security on AWS.
  • Dave Vandermas from NM leads a cybersecurity team focusing on secure application patterns and automated controls for container and cloud environments.
  • Jason Clark from Sysdig has experience with large enterprises and the Sysdig CNAP platform.
  • NM is a financial services company over 160 years old, headquartered in Milwaukee, Wisconsin.
  • NM's cloud journey began in 2015, adopting Kubernetes in 2016, launching a multi-cloud strategy in 2018, consolidating to AWS in 2020, and migrating to EKS in 2021.
  • NM's security transformation includes building a security culture, establishing rigorous security processes, and continuously evolving and improving with Sysdig's managed security policies.
  • Sysdig's CNAP platform provides insights from the running environment, cross-domain correlation, and a cloud attack graph.
  • NM addresses vulnerability risk in their pipeline deployment processes, reducing the introduction of vulnerabilities into production.
  • NM uses Sysdig for runtime reporting on fixable CVEs and compliance issues, such as containers running as root.
  • Sysdig assists NM with threat detection and response, providing real-time visibility and enabling NM's threat detection team to act on security events.
  • NM plans to further integrate with Sysdig for automation, registry scanning, host reporting, and leveraging the in-use feature for vulnerabilities.
  • Sysdig's approach to threat detection and response includes enriching findings, managing policies, and providing real-time insights.
  • NM has seen measurable benefits from using Sysdig, including full confidence in protection from runtime threats, support for various languages and operating systems, and improved collaboration across security teams.

Insights

  • NM's shift-left approach involves integrating security early in the development pipeline, while the shield-right approach focuses on protecting the runtime environment.
  • The partnership with Sysdig has allowed NM to implement a comprehensive security strategy that spans from developer education to real-time threat detection.
  • NM's cloud journey reflects a trend towards Kubernetes and containerization, highlighting the importance of a robust container security strategy.
  • The use of Sysdig's CNAP platform suggests that organizations are looking for solutions that provide a unified view of security across multiple domains.
  • NM's implementation of automated controls and security scanning in their CI/CD pipeline demonstrates a proactive approach to vulnerability management.
  • The statistics shared by NM, such as the reduction of vulnerabilities and the percentage of containers not running as root, indicate the effectiveness of their security measures.
  • NM's future plans to leverage Sysdig's in-use feature for vulnerabilities show a commitment to prioritizing and addressing the most critical security risks.
  • The session underscores the importance of collaboration between security and development teams to achieve a secure cloud environment.