Continuous CIS Benchmarking of AWS Infrastructure

Transcript

1. Continuous CIS Benchmarking of AWS Infrastructure John Martinez AWS Summit

   Santa Clara August 13, 2016

2. About John • Been doing DevOps and Cloud stuff for

   over 6 years • Helped architect and build Creative Cloud @ Adobe • Cut my teeth on “the cloud” at Netflix • Contributor to the CIS AWS Foundations Benchmark • I now spend half my day talking to people about security and half my day figuring out how to do latte art 2

3. § 750+ members worldwide § Security program support §MS-ISAC (SLTT

   support) §Security Controls and Automation §CIS Critical Security Controls § Start secure, stay secure Who is CIS? 3

4. What is a Benchmark? ▪ Security configuration guide ▪ Consensus-based

   development process ▪ Best Current Practice + Best Leading Practice ▪ 433K+ downloads last year 4

5. What is the AWS Foundations Benchmark? Base configuration framework for

   the foundational AWS services: § AWS Identity and Access Management (IAM) § AWS Config § AWS CloudTrail § Amazon CloudWatch § Amazon Simple Notification Service (SNS) § Amazon Simple Storage Service (S3) § Amazon VPC (Default) 5

6. Why Should I use the Benchmark? ▪ A clear target

   for your security program ▪ Measurable ▪ Fail fast 6

7. How can Evident.io Help me? ▪ Continuous configuration security monitoring

   ▪ Many benchmark tests built-in ▪ Customized checks for your AWS environment 7

8. Automation for Dev/Sec Ops ▪ Automated benchmark testing ▪ Automated

   remediation ▪ Open API for integration into your DevOps toolchain 8

9. What’s next? § Read the Foundations Benchmark § Set an

   internal goal to comply with the benchmark § Automate testing against benchmark § Use Evident.io for continuous testing 9

10. Thank you! Come talk to us at Booth #601 for

    a free security assessment