{SecDev,Rugged,Cloud} where Security & Ops meet
Matt Erasmus is a security engineer who works a lot with AWS. At our recent Cloud Pathway 2 event, he gave guests a practical walk through what he does and the tools he uses to secure AWS.
You can find Matt's original event slides at the end of this post.
$ whoami
Matt had the modern look of a security engineer and his background is:
- Blue teamer (party of one)
- Done the attack stuff
- Worked for one of the “big Four”
- Head of Security for $company
- Likes long walks on the beach
Protecting your AWS accounts
This is the root of all AWS security - start with your accounts. It's still quite startling how many AWS accounts don't even do the basics of security: the stuff that the AWS console actually prompts you to do when you first set up an account.
Matt continuously referred to what we'd recognise as a disconnect between security and other roles, and maybe account security is a great example. Do AWS administrators think:
- I'll secure that later, it's not as important as getting the service up?
- I'm not an expert in security / that's someone else's job?
Segregating your accounts is not just for large organisations. If you run everything in one AWS account and that account is compromised then the blast area of that compromise is complete and total: your business could go under, like Codespaces.
Matt highlighted that there are great tools shipped inside of AWS: you no longer need to buy expensive third-party products. This is what AWS refer to when they say they are "democratising" access to IT features and functions.
Examples are:
- Use Amazon Config to set, track and remediate configurations
- Use Amazon Security Hub to track the big security picture
- Monitor all the things with Amazon Cloudwatch and Amazon Cloudtrail (but watch your costs!)
Amazon Inspector is another awesome service but it's not available in the UK (eu-west-2) region yet.
Security Tools
Matt didn't just explain the tools in his presentation, he also demoed some of them. The list is here but there's more in his slides - can you spot the odd one out?
More advanced security tools
Matt does more than "just" securing AWS and he also gave the audience an insight into more security tools to help a business stay alive:
- TheHive + Cortex
- Google Rapid Response
- MISP
- Fleet + Launcher
His last shout out was to Stu Hirst's collection of useful cloud security stuff on github:
There's a lot more in his slides - go read!