This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.
2. • Introduction
• Anatomy of a compromise
• What to Secure
• How Lacework can help
• Product Demo
• Trial
Agenda
3. About Me
• Lacework’s 1st Systems Engineer
• 15 years in SaaS, Public Cloud, DevOps, and Security
• Experience with SOC2, PCI-DSS, NIST 800-53, ISO27001
• AWS Certified Solutions Architect – Professional
4. The majority of compromises come down to one of these four methods:
1. Compromised credentials
2. Failure to patch known security flaws
3. Insider threats
4. Human error or negligence
Anatomy of a Compromise
5. How are credentials compromised?
Many of the recent
compromises start with GitHub
Specifically when developers move
code from local to remote repo’s
6. Anatomy of a Compromise
People have gotten better!
But mistakes still happen
Search
Credentials in GitHub are easy to find
7. Example Compromise
At a well-known company, let’s call them
Q’ber, a DevOps engineer accidentally
committed SSH keys into GitHub
And as you
well know:
8. Example Compromise
Q’ber’s security team had no idea the
breach had occurred, only until the hacker
contacted them with a ransom demand
With full access to Q’ber’s servers,
the hacker then accessed a database
and exfiltrated 50M customer data
records
9. Example Compromise
Q’ber then paid the hackers
$100K to delete the data and
cover up the incident
But the incident still became
public
10. Cost of Compromise
Q’ber is eventually sued by the US
Government for not implementing
requisite security controls for their
hosts in the cloud
$148,000,000Q’ber settles with the
government for $148M
How many zeroes is that??
12. Shared Responsibility Model
AWS Global
Infrastructure
Customer is expected to:
- Add protection layer
- Configure AWS security features
- Update OS and applications
Amazon Web Services
Responsible for security “of” the cloud
Customer
Responsible for security “in” the cloud
Application Operating System Configuration
AWS Foundation Services
Compute Storage Database Networking