Top Security Talks from AWS re:Invent 2022

AWS re:Invent is the largest conference of the year for Amazon Web Services (AWS) with hundreds of talks. We picked our favorite cloud security talks that are available online.

2 minutes read

AWS re:Invent took place last week in Las Vegas with around 50,000 attendees and 2,750 sessions. AWS has already uploaded over 700 videos of the more popular sessions, which is over 3 weeks of content if watched continuously! Here are some of our favorites: 

Reimagining multi-account deployments for security and speed (NFX305)—Joseph Kjar, Patrick Sanders, and Prateek Sharma discuss Netflix’s unique multi-account approach where they have one large monolithic account that contains all compute resources, but is only compute.  They then use individual application accounts for other resources and for the IAM roles of those applications that are in turn passed to the EC2s in that monolithic account! The EC2s run the applications, but use IAM roles from other accounts. All the EC2s run proxies to intercept the requests to the instance metadata service in order to provide the IAM role credentials from the application accounts.

Accelerate insights using AWS SDK instrumentation (NFX302)—Nick Siow, Scott Pack, and Prateek Sharma discuss a novel technique used by Netflix to record the AWS API calls made by applications. There are various limitations to using CloudTrail logs, Access Advisor, client-side monitoring, and network proxying to get full visibility into the AWS API calls made. In this talk, they explain how they use existing, but poorly documented, SDK functionality they discovered when looking at AWS X-Ray in order to see all the calls and the parameters used.  

Zero-privilege operations: Running services without access to data (SEC327)Colm MacCárthaigh, a VP and Distinguished Engineer at AWS, discusses the mechanisms AWS uses to ensure customer data cannot be accessed by AWS employees. These same concepts can be used by others in their own architectures. 

When security, safety, and urgency all matter: Handling Log4Shell (BOA204)Abby Fuller, a senior principal security engineer at AWS, discusses the response to the Log4Shell vulnerability. She explains how AWS uses Ghostbusters, a cross-team group focused on security, to handle escalations and assess the impact of issues. She goes on to describe the different conference calls used for operational and security events and the role of security operations (SecOps) in responding to potential security issues. Finally, she discusses the response to the Log4shell vulnerability and the challenges that AWS faced in addressing it. 

Context is everything: CNAPP revolution to secure AWS deployments (PRT254)—I'm biased in liking this talk, but in it, Yinon Costica, co-founder and VP Product at Wiz, and guest speaker John Visneski, CISO at MGM Studios, give a great explanation on what Wiz does and the value it provides to customers.

AWS re:Invent 2022 was a content packed conference that I was lucky to attend. It was great to connect with friends across the industry and meet new ones. Things have roared back to life with this massive conference. AWS continues to unleash new and exciting features and some of my favorite content is about how customers are using these in unique and interesting ways.

Secure everything you build and run in the cloud

Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, and Kubernetes so they can build faster and more securely.

Continue reading

Uncover what is really deployed in your environment with the enhanced Wiz inventory

Wiz adds full detection of cloud services for deeper visibility and control over shadow IT.

Navigating the road ahead for CISOs following the Uber verdict

Hear from industry experts to understand the challenges ahead and best practices CISOs can follow to avoid issues in the future.

Wiz introduces agentless solution for detecting host and application misconfigurations

Wiz extends its risk assessment to support host and application level misconfigurations, enabling customers to ensure security and compliance posture for applications.