AWS re:invent 2023 Updates for Security Professionals

All the Cloud Security updates from the ground of AWS re:invent 2023

Author

Shilpi Bhattacharjee
December 17, 2023

Thank You - This Newsletter is for You

Thank you for supporting the podcast and the newsletter, our team has been busy interviewing some incredible folks across the globe to bring some really exciting things on Cloud Security Podcast 😊.

Before we get into the newsletter for this week, I wanted to thank everyone who came to say hello to us to AWS re:invent 2023 and BlackHat Europe 2023. We love seeing everyone who listens to us, watches us and supports us in person and its truly humbling to meet so many of you across the globe!

As always, Ashish did his daily vlogs and you will see some familiar faces here (thank you to everyone to agrees to be in these, it makes for some beautiful moments for us to remember)

AWS re:invent Vlogs - Day 1 , Day 2 + Day 3

Whats ahead in this newsletter…

  • AWS re:Invent 2023 - Security Edition

    • Highlights and Key Takeaways

    • Security Service Updates

    • Future Trends and Predictions

  • Deep Dive into Cloud Threat Detection

    • Challenges and Strategies

    • Speed and Complexity of Cloud Attacks

    • Resource Recommendations

  • SaaS Security Analysis

    • Understanding SSPM

    • Addressing SaaS Security Challenges

    • The SaaS Attack Surface

AWS re:Invent 2023 Update (The Security Edition 🔐)

🎉 Highlights from AWS re:Invent 2023

  • Gen AI Dominates: The buzzword of the event was 'Generative AI'. AWS like many others we have seen in 2023 is definitely making moves integrating AI across their services.

  • NVIDIA Partnership: Exclusive tie-up with NVIDIA for enhanced hardware - this could be big win for companies eyeing powerful AI applications.

  • CodeWhisperer's Impact: New integrations to impact boosting productivity and reducing costs.

  • No New Security Products: As expected, no new security products were announced. Seems AWS is saving the big reveals for re:Inforce in June.

🛠️ Security Service Updates

Amazon Inspector

  • 🐳 Container image security integration with development tools like Jenkins.

  • 🕵️ Agentless vulnerability assessments for EC2 (still in preview).

  • 🚀 AWS Lambda code scanning with AI-powered remediation.

AWS Security Hub

  • 📊 Enhanced data visualization, filtering, and customization.

  • 📈 New metadata enrichment for aggregated findings.

  • 🔧 Central configuration capability across accounts and regions.

Amazon GuardDuty

  • 🔍 EC2 and ECS runtime monitoring (in preview).

  • 🛡️ Threat detection expansion for ECS, including AWS Fargate.

Amazon Detective

  • 🕵️ Supports investigations for Amazon GuardDuty ECS runtime monitoring.

  • 🔐 IAM investigations for compromise indicators.

  • 📚 Integration with Amazon Security Lake for log retrieval.

IAM Access Analyzer

  • 🚨 Simplified identification of unused access.

  • 📝 Custom policy checks with automated reasoning.

AWS Config

  • 🗣️ GenAI powered natural language query (in preview).

  • 🔄 Supports periodic recordings for change tracking.

  • AI Dominance: No surprises on this one but expect AI to be a major focus area in cloud security and cloud computing.

  • Identity Management and Zero Trust: Continued emphasis on IAM for securing cloud environments.

  • Data Security and Perimeter Discussions: Anticipate further advancements in data protection and access management.

And if you haven’t given our recap episode a listen where we break down each of these updates and what it means for cloud security practitioners and leaders. (Click on the image to head to the episode)

Click on the image to head to the episode

Cloud Security Podcast This Week: Detecting Threats in Cloud + SaaS Security

How is Threat Detection different in the world of Cloud? And what does SaaS security actually mean? To breakdown some of these notions we had Suresh Vasudevan,, CEO of Sysdig to talk about Threat Detection in Cloud, not only the popular services but also the uncommon, lesser known ones which may be opening us up to some risk!

Then to take us through the world of SaaS Security , we spoke to Max Feldman, Director of Security Engineering at AppOmni

🌩️ Threat Detection in the Cloud - Things to think about!

  1. Visibility is Key 🕵️‍♂️

    • Asset Awareness: Understanding all resources in your cloud environment.

    • Service Mapping: Knowing how services compose applications and impact events.

    • Identity Layer Visibility: Recognising who (or what) has access to resources.

  2. The Challenge of Uncommon Services 🧩

    • Masquerading Threats: Threats disguised as normal activities, making detection difficult.

    • Layered Nuances: Hidden risks beneath seemingly benign actions.

  3. Speed of Attacks: Cloud brings a New Pace

    • Rapid Reconnaissance: Automated scripts rapidly enumerating roles and permissions.

    • Time Crunch: On average, only 10 minutes from insertion to exploit!

  4. Data Source Dilemmas of the Cloud 📊

    • Vast and Varied Data: Navigating logs from multiple regions and platforms.

    • Correlation is Crucial: Connecting cloud and user activities with workload actions.

  5. SecOps Strategies for the Cloud 🛡️

    • Beyond Traditional Tactics: Adapting approaches for the cloud's unique challenges.

    • Connecting the Dots: Identifying attacks disguised as normal admin activities.

Some resources that Suresh shared which you may find interesting!

🚀 SaaS Applications Explained

  • Definition: SaaS (Software as a Service) differs from Infrastructure or Platform as a Service. Think Salesforce, Slack, ServiceNow, Workday, GitHub, GitLab - business processes and software running in the cloud.

  • Complexity: Some services like Microsoft blend SaaS with other elements (Azure, Azure AD), creating a blurry line.

🛡️ SSPM: A Critical Tool for SaaS Security

  • What is SSPM?: SaaS Security Posture Management, akin to CSPM but tailored for SaaS apps.

  • Why It's Tricky:

    • Visibility Issues: Different admins for each SaaS app, separate from the security team.

    • Expertise Gaps: Admins may lack security expertise; security teams may lack app-specific knowledge.

    • Complexity: Each service is a universe of its own, demanding specialized knowledge.

  • Lag in Breach Responses: Fewer breaches in SaaS historically, but catching up now.

🤔 When to Start Thinking About SSPM?

  • Maybe now: Security should be a priority from the start, if you have SaaS applications in your organisation (which you most likely do!), you should definitely be thinking about the security aspect of them!

  • Inventory and Visibility: Know where your sensitive data is and follow best practices from day one.

⚔️ The SaaS Attack Surface

  • Entry Points for Breaches: SaaS applications can be pivot points for attackers (e.g., IDP compromise, Slack for social engineering).

  • Complex Defenses Needed: Each application adds to the attack surface, demanding tailored security measures.

🤯 Is ChatGPT a SaaS Application?

  • Definitely a SaaS: If you're using it in the cloud and paying per usage, it's a SaaS application

  • Data Sensitivity: Be aware of sensitive corporate data being processed or stored.

🛠️ SSPM vs. CNAPP/CSPM

  • Distinct Needs: SSPM covers areas that CNAPP or CSPM might not, like direct connections to SaaS applications

  • Technology Companies: Use of cloud services doesn’t eliminate the need for SaaS-specific security measures.

Top Cloud Security News this week!!

We recognise that news should always be as unbiased as possible so we promise to keep this section of our newsletter free of sponsored content. If we do find a vendor news or report relevant to bring in front of your eyes, we will report it here but rest assured that the only reason its here cause we found it interesting and thought you might too 😊

  • Centralized Trust in a Decentralized World: Emphasizing the importance of centralized management of certificate authorities in multi-cloud and distributed environments.

  • Modernizing Security Frameworks: Discussing the shift towards zero-trust models and the role of private CAs in securing Kubernetes and IoT networks.

  • Enhancing Security Through Automation: Highlighting the need for automated renewal of short-lived certificates to bolster security and ensure continuous service availability.

  • Microsoft Purview & Azure Databricks Integration: Microsoft Purview now integrates with Azure Databricks and Unity Catalog, offering enhanced discovery and governance of Lakehouse data within Data Map.

  • Comprehensive Metadata Scanning: The new feature enables scanning of Azure Databricks' metadata in both public and private networks, including detailed insights into metastore, catalogs, schemas, and tables.

  • Advanced Data Classification and Scheduling: This integration supports automatic data classification with both system and custom rules, along with flexible scanning schedules (on-demand or recurring).

Incase this was forwarded to you? You can signup here for more Cloud Security

We are nearly at the end of 2023 and gearing up for a very exciting 2024, if there is a topic in Cloud Security you wanted to hear about and we are yet to cover it, let us know and we will make sure we have you covered in 2024!

Want to learn more about Cloud Security or know someone who wants to, we got you !

If you have been following our journey for a while, you would know that one of the big reasons we started Cloud Security Podcast was to make cloud security knowledge accessible for anyone wanting to learn it.

Have you joined our FREE Monthly Cloud Security Bootcamp yet

Are you liking this new format newsletter? What can we do better? What else would you like to see here?

Our newsletter is on a path of self improvement and reinvention, Ashish and I have challenged ourselves to bring you even more value as we continue to evolve this each week & we would love to hear from you 📢 as to how can we make this newsletter even more awesome for you (On that note! Thank you for subscribing💙)


Hope you are enjoying this new look Cloud Security Newsletter, theres plenty more to come.

Peace!

Was this forwarded to you? Sign up here

Want to sponsor the next newsletter edition! Lets make it happen

Have a topic or idea to share? Submit it here

Need Cloud Security or AI impact on Cloud Security Training or Consulting? Let’s Connect