現地時間 6/13 - 6/14 の2日間でセキュリティに特化したAWS主催の大規模イベントがアナハイムで開催されています。
今年で100周年を迎えたディズニーリゾートがあるアナハイムで、re:Inforce 2023が開催されています。現地に行ったらきっとディズニーに入りたくなることでしょう。
日本時間の6/14(水)AM1:00~ Keynote が始まりました。
リアタイでLivestreamを視聴したので、速報してみます。
いくつか re:Invent 2022 で発表されたAWSサービスがGAされたり、新しいAWSサービスの発表もありました。
メモを走り書きしています。
- Keynote:AWS CISO CJ Moses
- Becky Weiss, Senior Principal Engineer, AWS
- Debbie Wheeler, SVP & Chief Information Security Officer, Delta Air Lines
- Closing:AWS CISO CJ Moses
Keynote:AWS CISO CJ Moses
Let's secure the Future
Security is our top priority
We work with you
Cyber psychology
FBI
Profiling WHY, HOW, WHO→WHY, WHO, HOW
Good enough is never good enough for us or our customers
責任共有モデルの話
AWS:Responsible for SECURITY OF THE CLOUD
Customer:Responsible for SECURITY IN THE CLOUD
Before Nitro
Confidential computing
With Nitro
Nitro TPM
Isolated hardware
As a matter of design, NCC Group ...
Advanced security, built in
Firecracker
SECURITY
- Single VM per Firecracker process
- Memory-safe programming language
- Sandbox/jail the VMM for isolation
- Eliminate guest interactions with host kernel
- Reduced attack surface
How do we secure millions of lines of code?
DESIGN, DEVELOP, TEST, SHIPのサイクル
AppSec
140+Security standards and compliance certifications
AWS Digital Audit Symposeum
AWS におけるコンプライアンスとセキュリティの保証のスケーリング | AWS Executive Insights
300GB:VPC flow logs per second
350B:Requests on Amazon Managed Rules on AWS WAF
700K:DDoS attacks mitigated per year
The more telementry we have, the better we can reduce Mean Time to Defense
Data encryption and exproition
AWS Backup
AWS Backup Lock
The best patching is the kind you dont have to do.
Make the internet ...
1k Botnet C2 takesowns
230k+ DDoS
Becky Weiss, Senior Principal Engineer, AWS
Zero Trust
AWS Identity and Access Management
1 Billion API calls per second
★NEW★Amazon Verified Permissions(GA)
Zero Trust or Network Controls→Zero Trust and Network Controls
★New★Amazon EC2 Instance Connect Endpoint(GA)
Connect to EC2 securely via SSH/RDP through a private endpoint
Provides resource access control
Provides network access control
AWS Management Console Private Access
Amazon GuardDuty
Threat detection for Amazon Aurora
EKS Runtime threat detection
Threat detection coverage
SIEMENS
★New★Amazon Inspector Code Scans for Lambda
★New★Amazon Inspector SBOM Export
Debbie Wheeler, SVP & Chief Information Security Officer, Delta Air Lines
TOP TO BOTTOM SECURITY
SHIFTING SECURITY LEFT
AUTOMATION
DEVELOPING GOOD SECURITY
SAFETY FIRST, ALWAYS,
Closing:AWS CISO CJ Moses
Amazon Security Lake
Automatically centralize your security data in a few steps
FINRA
★NEW★AWS Built-In Partner Solutions
Opotunity Security
Generative AIに対する5つのセキュリティリスク
Amazon Bedrock
Amazon CodeWhisperer
★NEW★Amazon CodeGuru Security→TEST+BUILD
★NEW★Findings Groups for Amazon Detective
Let's secure the future.