Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Next-Level Defense: What re: Invent 2024 Means ...

Sena Yakut
December 13, 2024
48

Next-Level Defense: What re: Invent 2024 Means for Your Security

Sena Yakut

December 13, 2024
Tweet

Transcript

  1. “Everything starts with security” • Culture of security importance in

    AWS • Security should be internal mindset • Ownership → required
  2. “Everything starts with security” • Threat modeling • Training •

    AWS Security Team teaches other teams to be security champ.
  3. New: Centrally Managing Root Access • Root account management is

    most critical thing in AWS environment. • Lots of AWS accounts • Enable MFA • Delete access key / secret key • Centrally manage the root access of all your AWS accounts within an organization • New term: Root sessions → AWS root sessions give temporary access to specific tasks that need root-level permissions. • Manage these tasks from one central account, so you don’t have to log in to each account separately https://senayakut.com/centralized-root-access-management-simplified-with-aws- organizations-5c8bdee20b1e
  4. New: Centrally Managing Root Access • You can see this

    new feature in the AWS IAM console.
  5. New: Centrally Managing Root Access What if we need root

    user credentials for specific actions?
  6. New: Centrally Managing Root Access What if we need root

    user credentials for specific actions?
  7. New: Declarative Policies for EC2 • Define and enforce configurations

    for all AWS accounts • Apply configuration at scale • Declare and enforce desired configuration for a given AWS service at scale across your organization → Declarative Policies
  8. New: Amazon GuardDuty Extended Threat Detection Integrates with existing GuardDuty

    workflows, including the AWS Security Hub, Amazon EventBridge, and third- party security event management systems.
  9. v New: AWS Security Incident Response Responding security incidents is

    hard work. • Communications • Alert prioritization • Tools / mechanisms
  10. v New: AWS Security Incident Response To solve all of

    these: Please see pricing page before use it ☺
  11. New: AWS Security Incident Response Proactive Security Response Amazon GuardDuty

    AWS Security Hub + Customer metadata + Service Intelligence = True Positive False Positive
  12. New: AWS Security Incident Response Streamlined and Coordinated Incident Response

    Customer Managed Self managed or AWS CIRT supported