AWS re:Invent 2019 security guide: sessions, workshops, and chalk talks

With re:Invent 2019 just weeks away, the excitement is building and we’re looking forward to seeing you all soon! If you’re attending re:Invent with the goal of improving your organization’s cloud security operations, here are some highlights from the re:Invent 2019 session catalog. Reserved seating is now open, so get your seats in advance for your favorite sessions.

Getting started

These sessions cover the basics, including conceptual overviews and demos for AWS Security services, AWS Identity, and more.

• The fundamentals of AWS cloud security (SEC205-R)

  By the end of this session led by Becky Weiss, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. It covers the basics of network security, the process of reading and writing access management policies, and data encryption.

• Threat management in the cloud: Amazon GuardDuty and AWS Security Hub (SEC206-R)

  Amazon GuardDuty and AWS Security Hub in tandem provide continuous visibility, compliance, and detection of threats for AWS accounts and workloads.

• Getting started with AWS Identity (SEC209-R)

  The number, range, and breadth of AWS services are large, but the set of techniques that you, as a builder in the cloud, will use to secure them is not. Your cloud journey starts with this breakout session, in which we get you up to speed quickly on the practical fundamentals to do identity and authorization right in AWS.

Inspiration

• Leadership session: AWS Security (SEC201-L)

  Stephen Schmidt, Chief Information Security Officer for AWS, addresses the current state of security in the cloud, with a focus on feature updates, the AWS internal “secret sauce,” and what’s to come in terms of security, identity, and compliance tooling.

• Provable access control: Know who can access your AWS resources (SEC343-R)

  In this session, we discuss the evolution of automated reasoning technology at AWS and how it works in the services in which it is embedded, including Amazon Simple Storage Service (Amazon S3), AWS Config, and Amazon Macie.

• Amazon’s approach to failing successfully (DOP208-R)

  In this session, we cover Amazon’s favorite techniques for defining and reviewing metrics — watching the systems before they fail — as well as how to do an effective postmortem that drives both learning and meaningful improvement.

• Speculation & leakage: Timing side channels & multi-tenant computing (SEC355)

  In January 2018, the world learned about Spectre and Meltdown, a new class of issues that affects virtually all modern CPUs via nearly imperceptible changes to their micro-architectural states and can result in full access to physical RAM or leaking of state between threads, processes, or guests. In this session, Eric Brandwine examines one of these side-channel attacks in detail and explore the implications for multi-tenant computing. He discusses AWS design decisions and what AWS does to protect your instances, containers, and function invocations.

• Security benefits of the Nitro architecture (SEC408-R)

  Hear Mark Ryland speak about how the Nitro computers carefully control the workload computer access, providing a layer of protection. Learn about the security properties of this powerful architecture, which significantly increases cloud reliability and performance.

Threat detection and response

• Continuous security monitoring and threat detection with AWS (SEC321-R)

  In this session, we talk about a number of AWS services involved in threat detection and remediation and we walk through some real-world threat scenarios. You get answers to your questions about threat detection on AWS and learn about the threat-detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options.

• Threat detection with Amazon GuardDuty (SEC353-R)

  Amazon GuardDuty is a threat detection system that is purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real time and at scale. You don’t have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. In this session, we introduce you to GuardDuty, walk you through the detection of an event, and discuss the various ways you can react and remediate.

• Mitigate risks using cloud-native security (SEC216-R)

  Whether you are migrating existing workloads or creating something new on AWS, it can be tempting to bring your current security solutions with you. In this hands-on builders session, we help you identify which cloud-native solutions can mitigate your existing risks while providing scalability, reliability, and cost optimization at a low operational burden. During this session, learn how to use cloud-native controls such as those found in AWS CloudTrail, Amazon Virtual Private Cloud (Amazon VPC) security groups, and Amazon GuardDuty to secure your cloud architecture.

• Monitoring anomalous application behavior (NFX205)

  In this talk, Travis McPeak of Netflix and Will Bengtson introduce a system built strictly with off-the-shelf AWS components that tracks AWS CloudTrail activity across multi-account environments and sends alerts when applications perform anomalous actions.

Workshop

• Automating threat detection and response in AWS (SEC301-R)

  This workshop provides the opportunity for you to get familiar with AWS security services and learn how to use them to identify and remediate threats in your environment. Learn how to use Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub to investigate threats during and after an attack, set up a notification and response pipeline, and add additional protections to improve your environment’s security posture.

Advanced topics in threat detection and response

• Actionable threat hunting in AWS (SEC339)

  Learn how WarnerMedia leveraged Amazon GuardDuty, AWS CloudTrail, and its own serverless inventory tool (Antiope) to root out cloud vulnerabilities, insecure behavior, and potential account compromise activities across a large number of accounts.

• How to prepare for & respond to security incidents in your AWS environment (SEC356)

  In this session, Paul Hawkins and Nathan Case walk through what you need to do to be prepared to respond to security incidents in your AWS environments.

• DIY guide to runbooks, incident reports, and incident response (SEC318-R)

  In this session, we explore the cost of incidents and consider creative ways to look at future threats.

• A defense-in-depth approach to building web applications (SEC407-R)

  In this session, learn about common security issues, including those described in the Open Web Application Security Project (OWASP) Top 10. Also learn how to build a layered defense using multi-layered perimeter security and development best practices.

Identity

• Failing successfully: The AWS approach to resilient design (ARC303-R)

  AWS global infrastructure provides the tools customers need to design resilient and reliable services. In this session, we explore how to get the most out of these tools.

• Access control confidence: Grant the right access to the right things (SEC316-R)

  Hear Brigid Johnson explain that, as your organization builds on AWS, granting developers and applications the right access to the right resources at the right time for the right actions is critical to security.

Advanced topics in AWS Identity

• Access management in 4D (SEC405-R)

  Listen to Quint Van Deman demonstrate patterns that allow you to implement advanced access-management workflows such as two-person rule, just-in-time privilege elevation, real-time adaptive permissions, and more using advanced combinations of AWS Identity services.

Data protection

• Using AWS KMS for data protection, access control, and audit (SEC340-R)

  This session focuses on how customers are using AWS Key Management Service (AWS KMS) to raise the bar for security and compliance with their workloads.

Compliance

• Use AWS Security Hub to act on your compliance and security posture (SEC342)

  Join us for this chalk talk where we discuss how to continuously assess and act on your AWS security and compliance issues using AWS Security Hub.

Workshop

• Compliance automation: Set it up fast, then code it your way (SEC304-R)

  In this workshop, learn how to detect common resource misconfigurations using AWS Security Hub.

Best practices

• AWS Well-Architected: Best practices for securing workloads (SEC202-R1)

  Security best practices help you secure your workloads in the cloud to meet organizational, legal, and compliance requirements. In this chalk talk, Ben Potter will guide you through core security best practices aligned with the AWS Well-Architected Framework.

• Architecting security & governance across your landing zone (SEC325-R)

  In this session, Sam Elmalak discusses updates to multi-account strategy best practices for establishing your landing zone.

• Best practices for your full-stack security practice (GPSTEC307)

  At AWS, security is our top priority. In this chalk talk, discover proven techniques and key learnings to elevate your ability to identify, protect against, detect, respond to, and recover from security events. We’ll leverage industry frameworks, reference architectures, the latest AWS services and features.

• Artificial Intelligence & Machine Learning (AIM337-R)

  Join us for this chalk talk as we dive into the many features of Amazon SageMaker that enable customers to build highly secure data science environments and support stringent security requirements.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.