reinforce.awsevents.com

現地時間 6/13 - 6/14 の２日間でセキュリティに特化したAWS主催の大規模イベントがアナハイムで開催されています。

今年で100周年を迎えたディズニーリゾートがあるアナハイムで、re:Inforce 2023が開催されています。現地に行ったらきっとディズニーに入りたくなることでしょう。

日本時間の6/14（水）AM1:00～ Keynote が始まりました。

リアタイでLivestreamを視聴したので、速報してみます。

いくつか re:Invent 2022 で発表されたAWSサービスがGAされたり、新しいAWSサービスの発表もありました。

メモを走り書きしています。

• Keynote：AWS CISO CJ Moses 
• Becky Weiss, Senior Principal Engineer, AWS
• Debbie Wheeler, SVP & Chief Information Security Officer, Delta Air Lines
• Closing：AWS CISO CJ Moses

Keynote：AWS CISO CJ Moses 

Let's secure the Future

Security is our top priority

We work with you

 

Cyber psychology

FBI

Profiling WHY, HOW, WHO→WHY, WHO, HOW

Good enough is never good enough for us or our customers

 

責任共有モデルの話

AWS：Responsible for SECURITY OF THE CLOUD

Customer：Responsible for SECURITY IN THE CLOUD

 

Before Nitro
Confidential computing

With Nitro

Nitro TPM

Isolated hardware

As a matter of design, NCC Group ...

Advanced security, built in

 

Firecracker

SECURITY

• Single VM per Firecracker process
• Memory-safe programming language
• Sandbox/jail the VMM for isolation
• Eliminate guest interactions with host kernel
• Reduced attack surface

How do we secure millions of lines of code?
DESIGN, DEVELOP, TEST, SHIPのサイクル

AppSec

140+Security standards and compliance certifications

 

AWS Digital Audit Symposeum

AWS におけるコンプライアンスとセキュリティの保証のスケーリング | AWS Executive Insights

 

300GB：VPC flow logs per second

350B：Requests on Amazon Managed Rules on AWS WAF

700K：DDoS attacks mitigated per year

The more telementry we have, the better we can reduce Mean Time to Defense

Ransomware

Data encryption and exproition

 

AWS Backup

AWS Backup Lock

 

The best patching is the kind you dont have to do.

Make the internet ...

1k Botnet C2 takesowns

230k+ DDoS

 

Becky Weiss, Senior Principal Engineer, AWS

Zero Trust

AWS Identity and Access Management
1 Billion API calls per second

 

AWS Verified Access

CEDAR

アクセス制御用のオープンソース言語 Cedar の紹介

 

★NEW★Amazon Verified Permissions（GA）

 

Zero Trust or Network Controls→Zero Trust and Network Controls

★New★Amazon EC2 Instance Connect Endpoint（GA）

Connect to EC2 securely via SSH/RDP through a private endpoint

 

Provides resource access control

Provides network access control
AWS Management Console Private Access

 

Amazon GuardDuty

Threat detection for Amazon Aurora

EKS Runtime threat detection

Threat detection coverage

SIEMENS

 

★New★Amazon Inspector Code Scans for Lambda

★New★Amazon Inspector SBOM Export

 

Debbie Wheeler, SVP & Chief Information Security Officer, Delta Air Lines

TOP TO BOTTOM SECURITY

SHIFTING SECURITY LEFT

AUTOMATION

DEVELOPING GOOD SECURITY

SAFETY FIRST, ALWAYS, 

Closing：AWS CISO CJ Moses

Amazon Security Lake

Automatically centralize your security data in a few steps

 

FINRA

 

★NEW★AWS Built-In Partner Solutions

Opotunity Security

 

Generative AIに対する５つのセキュリティリスク

 

Amazon Bedrock

Amazon CodeWhisperer

 

★NEW★Amazon CodeGuru Security→TEST+BUILD

 

★NEW★Findings Groups for Amazon Detective

 

Let's secure the future.