AWS re:Inforce 2019 recap

Transcript

1. User Group Belgrade AWS re:Inforce Boston 2019 Goran Opacic -

   Announcements - Security HUB, VPC mirroring, … - Best talks & topics - Nitro, ABAC, Serverless, … User Group Belgrade

2. User Group Belgrade Boston

3. User Group Belgrade Twitter Premier League: Corey Quinn Jeremy Daly

   Teri Radichel Ben Kehoe Richard Boyd re:Inforce 2019 Boston ~10,000 people Next year: Houston Europe 2019: Global Security Roadshow Stockholm October 10 London October 15 Munich November 20

4. User Group Belgrade UK Ministry Of Justice Security Guidance •

   https://t.co/R9LdVjuRF2 • Amazon Guard Duty, Cloud Trail, Config, …

5. User Group Belgrade Security HUB • Continuous Compliance

6. User Group Belgrade Security HUB • Amazon GUARD DUTY –

   NETWORKING • Amazon INSPECTOR – SERVER /Ec2, OS, Network – install agent • Amazon MACIE – FILES - A machine learning-powered security service to discover, classify, and protect sensitive data • PARTNERS

7. User Group Belgrade Amazon Macie

8. User Group Belgrade Security HUB

9. User Group Belgrade Control Tower • Multi-account environment • Guardrails

   for governance • Best practice blueprints • Comprehensive insights • “Well-architected”

10. User Group Belgrade Control Tower

11. User Group Belgrade Control Tower • provide identity management using

    AWS SSO Directory • provide federated access using AWS Single Sign-On (AWS SSO) • create a central log archive using AWS CloudTrail and AWS Config • enable security audits across accounts using AWS SSO • implement network configurations using Amazon VPC • define workflows for provisioning accounts using AWS Service Catalog

12. User Group Belgrade Control Tower - FAQ • You can’t

    deploy AWS Control tower on account with an existing AWS Organizations master account • AWS Control Tower requires a standalone account that is not a member of AWS Organizations for setup. In the near future, you will be able to deploy Control Tower to an existing AWS Organizations account structure. • There is no API available for AWS Control Tower • There is no migration path from AWS Landing Zone to AWS Control Tower at the moment • Pricing – 0

13. User Group Belgrade Nitro Platform Mark Ryland Director Ofrfice of

    the CISO AWS https://www.youtube.com/watch?v=kN9XcFp5vUM

14. User Group Belgrade Nitro Platform

15. User Group Belgrade Nitro Platform

16. User Group Belgrade Nitro Platform • Encrypt everything & Encryption

    keys managed by Nitro • Networking, EBS File storage • Annapurna labs chip • No Human access • Remotely managed firmware • PCIe bus • HotPlug • vmware • New machines only • VPC Traffic Mirroring – Capture & Inspect Network Traffic

17. User Group Belgrade Workshops

18. User Group Belgrade Penetration testing Teri Radichel @TeriRadichel

19. User Group Belgrade Serverless Security Jeremy Daly @jeremydaly

20. User Group Belgrade Serverless Security

21. User Group Belgrade Attribute- Based Access Control (ABAC) Brigid Johnson

    @bjohnso5y

22. User Group Belgrade Wrap Up • https://aws.amazon.com/blogs/security/reinforce-2019-wrap-up- and-session-links/