Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
© 2019,Liberty Mutual Insurance Company
Presenting Radar: Validation and
remediation of AWS cloud resources
Jason Mahosky
...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
How we use AWS
▪ 14 regions
▪ 157 accounts
▪ 187 ...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
How many of you have
unencrypted S3 buckets
in yo...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who has instances that have been running since 20...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Anyone have access keys
in use older than 90
days?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Do you know the risk profile of your entire AWS f...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Does the security team need to be the department ...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security documented everything.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
“Dance like no one is
watching. Encrypt like
ever...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
One of the greatest concerns security
teams have ...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Automating policy enables teams to scale.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
We are enforcing
security policy—as code.
Prevent...
© 2019,Liberty Mutual Insurance Company
s3-encrypted:
action: enableEncryption
remediate-report: true
trigger-events:
- na...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Radar
▪ Rules engine
▪ Declarative
▪ Event-driven...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Radar architecture
Account
Region Y
Cloud
Account...
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Policy coverage
?
© 2019,Liberty Mutual Insurance Company
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Radar forecast
▪ Rules
▪ Operational excellence
▪...
Thank you!
© 2019,Liberty Mutual Insurance Company
Nächste SlideShare
Wird geladen in …5
×

Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 - AWS re:Inforce 2019

442 Aufrufe

Veröffentlicht am

Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.

  • Als Erste(r) kommentieren

Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 - AWS re:Inforce 2019

  1. 1. © 2019,Liberty Mutual Insurance Company Presenting Radar: Validation and remediation of AWS cloud resources Jason Mahosky Technologist Secure DevOps Platforms Liberty Mutual Insurance Twitter: @jmahosky G R C 3 4 3 Jai Schniepp Director of Product Secure DevOps Platforms Liberty Mutual Insurance Twitter: @jebbstudio
  2. 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How we use AWS ▪ 14 regions ▪ 157 accounts ▪ 187 VPCs ▪ 6,795 Amazon EC2 instances ▪ 2,139 Amazon RDS instances
  3. 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How many of you have unencrypted S3 buckets in your environment?
  4. 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Who has instances that have been running since 2015?
  5. 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Anyone have access keys in use older than 90 days?
  6. 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Do you know the risk profile of your entire AWS footprint?
  7. 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Does the security team need to be the department of no?
  8. 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security documented everything.
  9. 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “Dance like no one is watching. Encrypt like everyone is.” – Werner Vogels
  10. 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. One of the greatest concerns security teams have in moving to developer- managed infrastructure is the possibility of well-intentioned developers implementing misconfigurations that could expose systems or data to enhanced risk.
  11. 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating policy enables teams to scale.
  12. 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. We are enforcing security policy—as code. Prevent Detect Correct Remediate Enforce Visualize
  13. 13. © 2019,Liberty Mutual Insurance Company s3-encrypted: action: enableEncryption remediate-report: true trigger-events: - name: 'CreateBucket' - name: 'DeleteBucketEncryption' Policy as code
  14. 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar ▪ Rules engine ▪ Declarative ▪ Event-driven ▪ Active reporting
  15. 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar architecture Account Region Y Cloud Account Region X Region X Region Y Region Y Region Y
  16. 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Policy coverage ?
  17. 17. © 2019,Liberty Mutual Insurance Company
  18. 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar forecast ▪ Rules ▪ Operational excellence ▪ Alternatives
  19. 19. Thank you! © 2019,Liberty Mutual Insurance Company

×