Cloud security updates you need to know from re:Invent 2022

·

11 min read


After a two-year hiatus (virtual in 2020 and hybrid in 2021), AWS re:Invent was back in person this year in its full glory. Over 52,000 people attended — more than we saw at RSA (26,000) and Blackhat USA (21,000) combined this year.

re:Invent had over 2,000 sessions, with keynotes, leadership sessions, chalk talks, breakout sessions, workshops, and other activities to entertain and educate all those who attended (and we’ve already covered a few of them in our top takeaways from re:Invent 2022 blog). Most of the sessions are available to watch on YouTube, barring the chalk talks and workshops. So next year, if you’re trying to maximize your time, attend any chalk talks or workshops you are interested in, and then catch up on the other sessions online.

And in our opinion (which happens to also be shared by Corey Quinn), I’d recommend making the most of meeting people! This is the perfect time to connect and learn, as this is one conference that brings developers, security folks, leadership, entrepreneurs, and more all together around their shared interest in all things AWS.

re:Invent keynotes

Unlike other conferences, re:Invent doesn’t just have one or two keynotes. No, it has six. So if you’re the type of attendee who ducks out of keynotes to grab a coffee, you’ll be extremely caffeinated.

The event kicked off with the Monday night keynote from Senior Vice President, AWS Utility Computing, Peter DeSantis, where he spoke about how AWS refuses to compromise in the tug of war between low cost, high performance and security.

There was also a keynote from Vice President, Data and Machine Learning, AWS, Swami Sivasubramanian, who spoke about how AWS can help organizations transform their data into meaningful insights and actions for your business. If you are interested in the advances AWS is making in the space of data and machine learning you will definitely want to listen to this.

Vice President of AWS Worldwide Channels and Alliances, Ruba Borna gave a keynote sharing how AWS partners are uniquely positioned to accelerate their customer’s business transformations

However if you are interested in AWS security side of things, the two keynotes you would be most interested in were from CEO of AWS, Adam Selipsky and Amazon.com VP and CTO, Dr. Werner Vogels.

TL;DR. for the CEO keynote

Adam Selipsky’s keynote spoke a lot about sustainability , cloud as a pathway to cost savings , how data is now at the center of everything, and of course, security. Adam shared how AWS is committed to powering their operations by 100% renewable energy by 2025and that they are currently 85% there. They want to lead water efficiency amongst cloud providers and be water positive by 2030.

Adam acknowledged that we are in uncertain times, saying “if you are planning to tighten, the best cloud is the place to do it”, and giving the example of Airbnb, which was able to reduce cloud spending by $63.5 million in times of difficulty. Adam shared how cloud allows us to innovate faster with more efficiency and less spend, as you need to innovate even in uncertain times.

In his keynote, there was also a lot of conversation around data. Namely, there is a lot of data and it’s growing, so cloud security is becoming a lot about securing this growing data.

Adam described security as finding the right balance between control and access and shared that security has been AWS’s top priority since the beginning. He shared that security should give us the confidence to explore. In the keynote, he shared that AWS is recognised as a highly secure environment and a testament to that is the Options Clearing Corp (OCC) which serves as the central clearing warehouse for all listed equity options in the US. The OCC will be moving its core workload to the cloud and will be running on AWS. He called this a once-in-a-generation technology decision.

According to Adam, building securely is the path of least resistance , as he displayed the wide range of security focus services AWS has — all 20 of them to be precise.

Adam also gave a nod to the increasing popularity for containers, saying that you need the right tools to keep them secure. (Based on the look our editor is giving us, now’s probably a good time for me to mention Snyk Container).

TL;DR. for the CTO keynote

You can argue that Werner Vogel is like the Steve Jobs of AWS, his keynotes are often the favorite amongst those who attend. Inspired by the world of the Matrix franchise, Dr. Vogel spoke about the benefits of building asynchronous, loosely coupled systems and how event-driven architecture enables global scale.

He shared how the cloud is enabling customers to build more immersive experiences using 3D and how simulation allows customers to experiment and innovate in new ways. He spoke about Amazon EventBridge Pipes, AWS Application Composer,and Amazon Code Catalyst which have security implications. We will cover these below in the security updates.

Security updates from re:Invent 2022

This year at re:Invent, AWS made it clear how important security still is by making a ton of announcements around new security products, updates, and features. Buckle up, because here we go!

AWS security product releases (new security products from AWS)

  • AWS Security Lake was launched in preview– This may be one of the services people are most excited about. It is a managed security data lake that combines various security datasets (AWS or external) and then controls and transforms them.

Security Lake is making use of Open Cybersecurity Schema Framework (an open source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema) which supports AWS integrations with Security Hub, and collects directly from VPC logs, CloudTrail, Route53 logs.

  • AWS Verified Access in preview– This is a new secure connectivity service that allows you to enable local or remote secure access to applications without a VPN.

  • Amazon Verified Permissions in preview – This allows users to manage fine-grained permissions and authorization within custom applications. Fine-grained control is meant to combine the best of RBAC and ABAC (role-based vs attribute-based). Some people are saying that this could be an interesting alternative to OPA (Open Policy Agent)

AWS security products updates (new features to existing security products)

  • Amazon Inspector now scans AWS Lambda functions for vulnerabilities – Amazon Inspector is AWS’s automated vulnerability management service for applications and configs like EC2. It was previously used to analyze mixed workloads (including EC2 instances, container images, and Lambda functions) against common vulnerabilities, and needed to use AWS and third-party tools. Now you can do it all in AWS, this allows vulnerability scanning in near real time. Those in the security community are calling this a welcome change.

  • Amazon GuardDuty RDS Protection (in preview) with container runtime threat detection (coming soon) –Amazon GuardDuty is the threat detection service that scans your entire AWS environment. It monitors access activity to databases in your account, using machine learning to detect suspicious logins. It now allows threat detection for Amazon Aurora (built-in security, continuous backups, serverless compute) to find threats in data stored in Aurora. They have added a couple of additional findings types but only some versions of RDS Aurora are supported

With container run time threat detection, you can detect threats in your containers itself (with Amazon GuardDuty runtime threat detection). This is a lightweight, fully managed security agent that monitors on-host operating system-level behavior, such as file access, process execution, and network connections.

If you recall our AWS re:Inforce 2022 recap , AWS has been making several upgrades to GuardDuty this year, kicking off with Amazon GuardDuty EKS protection + Amazon GuardDuty Malware Protection for EBS volume + Integrations with Security Hub announced earlier at re:inforce.

AWS security features for existing products (security features for existing non-security products)

AWS non-security product releases with security impacts

  • AWS Application Composer (in preview) – Application Composer is a browser-based application to visually compose the task of building serverless applications a drag-and-drop experience from existing IaCs (SAM or CloudFormation files) or starting a new architecture. From within the browser, you can drag and drop the various components of your new application and link it all together. The output will be a deployment-ready infrastructure as code (IaC). It is intended to take the guesswork out of composing applications from serverless-ready AWS services and help users to generate deployment-ready configs and IaC for each service in their architecture.

There is limited information on integrations with popular source code management tools and Terraform, especially if a company already has Terraform templates to deploy applications.

  • Amazon CodeCatalyst (preview)Amazon CodeCatalyst is a unified software development service that providessoftware development teams with an integrated project experience that brings together the tools needed to plan, code, build, test, and deploy applications on AWS.

It offers integrations to existing Github repositories, Github Actions, Jira, and a lot more. It’s a possible attempt by AWS to be the central source of all things code instead of having custom tooling all through the CI/CD pipeline for an application. This has a free tier, but wouldn’t be a free service.

However, if you are already using existing services that work then this may not make sense but possibly for new projects. It has the potential to simplify everything that goes along with application development and deployments, from the code management to the actual pipelines and application deployments

Our favorite sessions from AWS re:Invent 2022

Now that you are all caught up on the security updates, we thought we will leave you with some of our favorite sessions so far, saying some because there were too many to name them all here and there are some we are still catching up on all the 2000 sessions. Soak it all in, there is lot to learn and share.

On top of those favorites, there are several “favourite talks” playlists from speakers that you can check out. And if you want even more, check out the Cloud Security Edition episode of the Cloud Security Podcast .

And dont miss out on the Cloud Security Villains that made their first appearance at re:Invent!

If you were at re:Invent this year, we hope you had fun. And if you weren’t, start streaming with the links above. There was just too much security goodness we don’t want you to miss out on!