AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS
- 3. About Me
• Lacework’s 1st Systems Engineer
• 15 years in SaaS, Public Cloud, DevOps, and Security
• Experience with SOC2, PCI-DSS, NIST 800-53, ISO27001
• AWS Certified Solutions Architect – Professional
- 4. The majority of compromises come down to one of these four methods:
1. Compromised credentials
2. Failure to patch known security flaws
3. Insider threats
4. Human error or negligence
Anatomy of a Compromise
- 5. How are credentials compromised?
Many of the recent
compromises start with GitHub
Specifically when developers move
code from local to remote repo’s
- 6. Anatomy of a Compromise
People have gotten better!
But mistakes still happen
Search
Credentials in GitHub are easy to find
- 7. Example Compromise
At a well-known company, let’s call them
Q’ber, a DevOps engineer accidentally
committed SSH keys into GitHub
And as you
well know:
- 8. Example Compromise
Q’ber’s security team had no idea the
breach had occurred, only until the hacker
contacted them with a ransom demand
With full access to Q’ber’s servers,
the hacker then accessed a database
and exfiltrated 50M customer data
records
- 10. Cost of Compromise
Q’ber is eventually sued by the US
Government for not implementing
requisite security controls for their
hosts in the cloud
$148,000,000Q’ber settles with the
government for $148M
How many zeroes is that??
- 11. Data Leaks
Publicly exposed S3 buckets
Hijacked Resources
Compromised AWS accounts
Hijacked Compute Resources
Crypto-mining attacks
Recent Security Incidents
- 12. Shared Responsibility Model
AWS Global
Infrastructure
Customer is expected to:
- Add protection layer
- Configure AWS security features
- Update OS and applications
Amazon Web Services
Responsible for security “of” the cloud
Customer
Responsible for security “in” the cloud
Application Operating System Configuration
AWS Foundation Services
Compute Storage Database Networking