Session preview

In this session, learn where technology meets governance with an emphasis on building. With the privacy regulation landscape continuously changing, organizations need innovative technical solutions to help solve privacy compliance challenges. This session covers three unique customer use cases and explores privacy management, technology maturity, and how AWS services can address specific concerns. The studies presented help identify where you are in the privacy journey, provide actions you can take, and illustrate ways you can work towards privacy compliance optimization on AWS.

Meta manages a globally distributed data center infrastructure with a growing number of AWS Cloud applications. With all applications, Meta starts by understanding data security and privacy requirements alongside application use cases. This session covers the secure-by-design approach for AWS applications that helps Meta put automated safeguards before deploying applications. Learn how Meta handles account lifecycle management through provisioning, maintaining, and closing accounts. The session also details Meta’s global monitoring and alerting systems that use AWS technologies such as Amazon GuardDuty, AWS Config, and Amazon Macie to provide monitoring, access-anomaly detection, and vulnerable-configuration detection.

AWS is constantly raising the bar to ensure customers use the most modern Transport Layer Security (TLS) encryption protocols, which meet regulatory and security standards. In this session, learn how AWS can help you easily identify if you have any applications using older TLS versions. Hear tips and best practices for using AWS CloudTrail Lake to detect the use of outdated TLS protocols, and learn how to update your applications to use only modern versions. Get guidance, including a demo, on building metrics and alarms to help monitor TLS use.

At AWS, confidential computing is defined as the use of specialized hardware and associated firmware to protect in-use customer code and data from unauthorized access. In this session, dive into the hardware- and software-based solutions AWS delivers to provide a secure environment for customer organizations. With confidential compute capabilities such as the AWS Nitro System, AWS Nitro Enclaves, and NitroTPM, AWS offers protection for customer code and sensitive data such as personally identifiable information, intellectual property, and financial and healthcare data. Securing data allows for use cases such as multi-party computation, blockchain, machine learning, cryptocurrency, secure wallet applications, and banking transactions.

As organizations transform their businesses, their reliance on data to run their business and the need to protect that data becomes increasingly important. With ransomware attacks becoming more sophisticated and government regulations around cybersecurity and data management continuing to evolve, protecting application data from disaster and ransomware has become a key consideration for companies. Join this session to learn about the latest data trends and how you can use fully managed services from AWS to protect and recover your application data.

The Freedom Shield Foundation (FSF) is a US nonprofit organization countering human trafficking and religious minority persecution. FSF uses Wickr to secure their operatives’ communications as they coordinate rescue missions and provide trauma care to survivors. In this session, learn about the ongoing impact of Wickr’s end-to-end encryption and administrative controls on the security and privacy of FSF team members, their partners, and the victims they serve.

Whether you are running hybrid workloads because your migration is in flight or some applications must run on premises, you can still use AWS Secrets Manager to manage and deliver your secrets. In this session, learn how to create, rotate, replicate, and audit your secrets in Secrets Manager, regardless of where you consume those secrets or where the corresponding resources live. Additionally, explore patterns to synchronize externally managed secrets into Secrets Manager to achieve better performance and higher reliability.

This session helps you build a navigation map to find your way through AWS documents and resources for data protection and privacy. Learn about AWS service terms, SLAs, compliance reports, and service documentation, as well as how they all interact. These documents are applicable to all customers and accompany them throughout the complete AWS usage lifecycle. In this session, learn how these documents explain the relationship between AWS and our customers for data protection and privacy.

You migrated nearly everything to the cloud, but you are now faced with a new challenge: what’s your strategy for securing your data? In this session, learn some of the challenges that are often overlooked when managing encryption at scale and how to think about key management as you scale your use of AWS. Consider how you can reframe the discussion with your auditors to approach key management using native keys from AWS Key Management Service (AWS KMS) to provide strong security assurance and achieve greater audit control.

Companies innovating on AWS are expanding to geographies with new data transfer and privacy challenges. In this session, explore how to navigate compliance with EU data transfer requirements. Learn about the GDPR certification initiative, a mechanism to measure and attest your data protection controls using a recognized standard, and how this can simplify GDPR compliance with a concrete example. This session provides you with tools and knowledge to navigate data protection topics as you grow globally, design workloads that support compliance programs, and earn and retain your customers’ trust with responsible personal data processing.

AWS works with organizations and regulators to host some of the most sensitive workloads in industry and government. In this session, learn how AWS secures data, even from trusted AWS operators and services. Explore the AWS Nitro System and how it provides confidential computing and a trusted run environment, and dive deep into the cryptographic chains of custody that are built into AWS Identity and Access Management (IAM). Finally, hear how encryption is used to provide defense in depth and why we focus on verified isolation and customer transparency at AWS.

Join this session to learn about AWS libcrypto (AWS-LC) and why AWS is invested in improving open-source cryptography. Explore some of the challenges AWS faced migrating critical workloads to AWS-LC and how we’re helping our customers improve the performance and security of their applications.

In this breakout session, learn about the investments AWS is making in provable security tools and services and how these tools can help with your security, governance, and compliance. Security controls and features, such as Amazon S3 Block Public Access, AWS IAM Access Analyzer, Amazon VPC Network Access Analyzer, and Amazon CodeGuru, use automated reasoning techniques based on mathematical logic. Learn how these services layer on top of each other to provide higher assurance around security, governance, and compliance. Finally, hear from an AWS customer about how they are achieving high assurance in their security using these provable security tools.

Mitigating unknown risks means planning for any situation. To help achieve this, you must architect for resiliency. Disaster recovery (DR) is an important part of your resiliency strategy and concerns how your workload responds when a disaster strikes. To this end, many organizations are adopting architectures that function across multiple AWS Regions as a DR strategy. In this builders' session, learn how to implement resiliency with AWS data protection services. Attend this session to gain hands-on experience with the implementation of multi-Region architectures for critical AWS security services.

Join this builders’ session to learn how to implement access control mechanisms in AWS Key Management Service (AWS KMS) and enforce fine-grained permissions on sensitive data and resources at scale. Define AWS KMS key policies, use attribute-based access control (ABAC), and discover advanced techniques such as grants and encryption context to solve challenges in real-world use cases. This builders’ session is aimed at security engineers, security architects, and anyone responsible for implementing security controls such as segregating duties between encryption key owners, users, and AWS services or delegating access to different principals using different policies.

With AWS CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. This builders’ session covers two common scenarios for CloudHSM: TLS offload using NGINX and OpenSSL Dynamic agent and a containerized application that uses PKCS#11 to perform crypto operations. Learn about scaling containerized applications, discover how metrics and logging can help you improve the observability of your CloudHSM-based applications, and review audit records that you can use to assess compliance requirements.

As organizations migrate workloads to AWS, they may be running a combination of on-premises and cloud infrastructure. When certificates are issued to this infrastructure, having a common root of trust to the certificate hierarchy allows for consistency and interoperability of the public key infrastructure (PKI) solution. In this builders’ session, learn how to deploy a PKI that allows such capabilities in a hybrid environment. This solution uses Windows Certificate Authority (CA) and ACM Private CA to distribute and manage x.509 certificates for Active Directory users, domain controllers, network components, mobile, and AWS services, including Amazon API Gateway, Amazon CloudFront, and Elastic Load Balancing.

Learn how to use AWS services to implement a defense-in-depth strategy to protect your data and recover from ransomware attacks. In this builders’ session, design a backup strategy, set up immutable backup vaults (with WORM configuration, encryption, and granular IAM access policies), and configure cross-Region backups for maintaining a logically air-gapped copy of your data to meet your disaster recovery needs. Walk through how to set up data immutability to mitigate data exfiltration and protect against accidental or malicious deletion and ransomware risks. Then, automate, audit, and report on the compliance of your data protection policies to maintain and demonstrate compliance to help meet business needs.

In this builders’ session, explore how Amazon Macie can help you achieve your PCI, HIPAA, and GDPR compliance and data protection requirements. Walk through how to build automation to automatically find and identify sensitive data (e.g., PII and PHI) and orchestrate actions of what should happen next. Using Amazon EventBridge and AWS Step Functions, automatically apply tags to buckets and objects that contain sensitive data and enforce attribute-based access control IAM decisions based on those tags. Using these building blocks, you can automate the protection of your customers’ data at scale.

Achieving strong privacy protection through technology is key to protecting patient information. Privacy protection is fundamental for healthcare compliance and is an ongoing process that demands legal, regulatory, and professional standards are continually met. In this chalk talk, learn about data protection, privacy, and how AWS maintains a standards-based risk management program so that the HIPAA-eligible services can specifically support HIPAA administrative, technical, and physical safeguards. Also consider how organizations can use these services to protect healthcare data on AWS in accordance with the shared responsibility model.

Business-critical applications that were once considered too sensitive to move off premises are now moving to the cloud with an extension of the security perimeter. Join this chalk talk to learn about securely shifting these mature applications to cloud services with the AWS Transfer Family and helping to secure data in Amazon Elastic File System (Amazon EFS), Amazon FSx, and Amazon Elastic Block Storage (Amazon EBS). Also learn about tools for ongoing protection as part of the shared responsibility model.

In this chalk talk, learn how to use native AWS features to build more secure ML workflows. Explore basic security measures that are applicable to one or more ML workflow stages and designed to defend each stage of your ML workflow, from data source to prediction API. This chalk talk is tailored to data scientists looking to learn basic ways to improve the security of their machine learning (ML) workflows and security engineers who want to address threats specific to an ML deployment.

Organizations use cloud services to build their business-critical applications and store application data. Backup and recovery are fundamental to a data protection strategy that aims to minimize the impact that might be sustained due to inadvertent actions, natural disasters, or security incidents such as encryption key takeovers and ransomware. Join this chalk talk to hear about design strategies and best practices to protect your data using AWS services such as AWS Key Management Service (AWS KMS), AWS Identity and Access Management (IAM), AWS Elastic Disaster Recovery, and AWS Backup. Learn how to protect your data using AWS security controls to address resiliency objectives.

Learn how AWS customers are using Amazon S3 bucket keys to cut their AWS Key Management Service (AWS KMS) request costs by up to 99 percent. In this chalk talk, hear about the best practices for exploring your AWS KMS costs, identifying suitable buckets to enable bucket keys, and providing mechanisms to apply bucket key benefits to existing objects.

In this chalk talk, learn about ways you can securely enable third-party access to your AWS account. Learn why you should consider using services such as Amazon GuardDuty, AWS Security Hub, AWS Config, and others to improve auditing, alerting, and access control mechanisms. Hardening an account before permitting external access can help reduce security risk and improve the governance of your resources.

Data governance and data protection teams have a growing need to routinely inventory and control the data that they are storing in Amazon S3. These teams also need to accomplish their analysis across large datasets and be able to respond quickly to discovery results. In this chalk talk, learn how you can use Amazon Macie and other AWS services to efficiently design and operate a sensitive data discovery solution that is optimized for cost, investigate sensitive data discovery results, and take automated response actions when sensitive data is identified.

Healthcare institutions operating across global markets are subject to multiple healthcare and regional privacy regulations. In this chalk talk, learn how to navigate these complexities across globally dispersed workloads. Explore security mechanisms to develop a model of least-privilege access, mask and anonymize PHI, delete data to comply with consumer requests, and ensure auditability using services such as AWS Lake Formation, Amazon Comprehend, AWS Glue DataBrew, and AWS Audit Manager.

Join this chalk talk to learn how developers can use machine learning to embed security during the development phase and build guardrails to automatically flag common issues that deviate from best practices. This session is tailored to developers and security professionals who are involved in improving the security of applications during the development lifecycle. Learn tips, best practices, and tools for getting started.

AWS Key Management Service (AWS KMS) lets you create and manage cryptographic keys for protecting your data within AWS. In this chalk talk, learn how AWS KMS uses a combination of AWS Identity and Access Management (IAM) identity policies, key policies, and grants to implement access control. Walk through how to resolve a set of access-denied scenarios to reinforce the learnings from this session.

Enterprise customers continue to migrate their SAP workloads to AWS, and for many this is a key opportunity to strengthen the security posture of their mission-critical business processes and customer data. In this chalk talk, walk through how to configure a secure foundation for running SAP on AWS. Then, learn how to implement proven security practices hardened over thousands of customer engagements through the SAP Lens for the AWS Well-Architected Framework.

Cloud computing systems offer many advantages in the form of cost, scale, and agility but often assume that the data could be processed while decrypted. However, some companies need data to be processed while it’s still encrypted and without intermediate decryption. In this chalk talk, review cryptographic computing—techniques for computing on encrypted data. Learn about techniques such as homomorphic encryption and server-aided multi-party computation; explore how they can be used to perform common workflows on encrypted data; and learn tips for helping your customers recognize when cryptographic computing can solve their problems.

Join this hands-on workshop to learn how to isolate highly sensitive data from your own users, applications, and third-party libraries on your Amazon EC2 instances using AWS Nitro Enclaves. Explore Nitro Enclaves, discuss common use cases, and build and run an enclave. This workshop covers enclave isolation, cryptographic attestation, enclave image files, building a local vsock communication channel, debugging common scenarios, and the enclave lifecycle.

This workshop familiarizes you with Amazon Macie and how to scan and classify data in your Amazon S3 buckets. Work with Macie (data classification) and AWS Security Hub (centralized security view) to view and understand how data in your environment is stored and to understand any changes in Amazon S3 bucket policies that may negatively affect your security posture. Learn how to create a custom data identifier, plus how to create and scope data discovery and classification jobs in Macie.

In this workshop, follow a regulatory-agnostic approach to build and configure privacy-preserving architectural patterns on AWS including user consent management, data minimization, and cross-border data flows. Explore various services and tools for preserving privacy and protecting data.

AWS makes it easy to protect your data with encryption. This hands-on workshop provides an opportunity to dive deep into encryption at rest options with AWS. Learn AWS server-side encryption with AWS Key Management Service (AWS KMS) for services such as Amazon Simple Storage Service (Amazon S3), Amazon Elastic Block Store (Amazon EBS), and Amazon Relational Database Service (Amazon RDS). Also, learn best practices for using AWS KMS across multiple accounts and Regions and how to scale while optimizing for performance. To participate, all you need is your laptop. AWS provides an AWS account.

Do you want client-side encryption for your software but don’t know exactly where to start? In this hands-on workshop, learn the basics of client-side encryption, practice performing encrypt and decrypt operations using AWS Key Management Service (AWS KMS) and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your software.

In this workshop, learn how to securely set up a complete CA hierarchy using AWS Certificate Manager Private Certificate Authority and create certificates for various use cases. These use cases include internal applications that terminate TLS, code signing, document signing, IoT device authentication, and email authenticity verification. The workshop covers job functions such as CA administrators, application developers, and security administrators and shows you how these personas can follow the principal of least privilege to perform various functions associated with certificate management. Also learn how to monitor your public key infrastructure using AWS Security Hub.

Do you want to maintain programmatic access and secret retrieval with your applications without hardcoding them in your application code? In this workshop, learn how to verify that secret rotation has no adverse effects on application availability and build incident response mechanisms to detect malicious actions on secrets. Deploy a serverless application and test programmatic retrieval of database credentials from AWS Secrets Manager with access control in place. Learn how to monitor the compliance status of secrets using AWS Config and AWS Security Hub.

Learn how to comprehensively secure your most sensitive data in Amazon S3. This workshop covers integration with AWS Identity & Access Management (IAM) policies, AWS Key Management Service (AWS KMS) key policies, Amazon S3 bucket policies, and Amazon VPC endpoints. Walk through how to build out an Amazon S3 environment implementing a range of common security requirements: segregation of duties, network-based security controls, and service-level security controls utilizing both role-based and attribute-based access patterns with Amazon S3 object tags. Understand the power of using different types of access controls to effectively apply them to your own data security use cases.

Do you want to know how to audit in the cloud? Today, control framework language is catered toward on-premises environments, and security IT auditing techniques have not been reshaped for the cloud. The AWS Cloud–specific Cloud Audit Academy provides auditors with the education and tools to audit for security on AWS using a risk-based approach. In this session, experience a condensed sample domain from a four-day Cloud Audit Academy workshop.

As organizations move more workloads to the cloud, security considerations are no longer limited to the perimeter. Data security of the enterprise has emerged as a key architectural requirement. In this session, Bristol Myers Squibb (BMS), a leading global life sciences company, dives deep into how they have implemented security and data residency controls across their cloud environment to improve their security and compliance posture. From their use case, learn how to use the data residency guardrails in AWS Control Tower to enable controls in your cloud environment.

In this session, an AWS leader speaks with senior executives from enterprise customer and AWS Partner organizations as they share their paths to success with compliance and auditing on AWS. Join this session to hear how they have used AWS Cloud Operations to make compliance and auditing easier and more efficient and improve business outcomes. Also hear how AWS Partners are supporting customer organizations as they automate compliance and move to the cloud.

USAA proudly serves millions of military members and their families through the delivery of insurance, banking, and investment services. Being a financial organization, USAA must comply with various regulatory and security frameworks. Because USAA adopts AWS services at scale, enabling compliance within the cloud workloads is a key business priority. In this session, walk through the journey of how USAA and AWS security assurance services are building a unified security assurance program for the AWS Cloud and addressing multiple regulatory and security frameworks, while fulfilling customer responsibilities as defined within the shared responsibility model.

How far along are you on your security journey? What is your desired end state? How will you get there? This session walks you through a high-level, step-by-step roadmap of the AWS security journey to help you figure out where you are, where you are going, and what your next step should be. Explore AWS Config, AWS Security Hub, and Amazon QuickSight through a demonstration of how knowing your current state of security can drive more effective and efficient storytelling of your posture. Also, discover how you can generate consistent, useful reports with Amazon QuickSight.

Analyzing and improving cybersecurity is no longer a human-scale problem, so artificial intelligence (AI)–based tools have emerged to support security teams and reduce risks efficiently and effectively. However, while building these AI-based tools, human assumptions about security risks and a lack of understanding of demographics and cultural groups not represented in the build process have the potential to shape and build unconscious bias into AI logic for security applications like DDoS detection, intrusion prevention, user authentication, and spam filtering. In this session, consider how critical it is to use AI responsibly for reducing cybersecurity risks comprehensively at scale while keeping the AI logic equitable and unbiased.

Operating securely in the cloud depends on a variety of teams that must learn to work together. These teams include audit, compliance, engineering, and cloud enablement—teams that may not be aligned or may have competing priorities. In this session, learn common wants for these teams, ways to encourage cross-team collaboration, and, ultimately, how to move toward the same goal of operating securely.

Organizations new to the cloud need to quickly understand what foundational security capabilities should be considered as a baseline. In this session, learn how AWS security services can help you improve your cloud security posture. Learn how to incorporate security into your AWS architecture based on the AWS Cloud Operations model, which will help you implement governance, manage risk, and achieve compliance while proactively discovering opportunities for improvement.

Maintaining and reporting compliance can be a complex, labor-intensive endeavor even in the simplest of environments. Add resources on premises and across other environments and that complexity is multiplied. In this session, learn how AWS Cloud Operations can help you simplify compliance across your IT landscape through automation of compliance rules, ITSM operations processes, data collection, and reporting.

Do you want to increase the speed and scale of your audits? As companies expand to new industries and markets, so too does the scale of regulatory compliance. AWS undergoes over 500 audits in a year. In this session, hear from AWS experts as they digitize and automate the regulator/auditor experience. Walk through pre-audit educational training, self-service of control evidence and walkthrough information, live chatting with an audit control owner, and virtual data center tours. This session discusses how innovation and digitization allows companies to build trust with regulators and auditors while reducing the level of effort for internal audit teams and compliance executives.

Is it time for your IT solution to expand or go global? There might be some compliance implications, such as new regulations, restrictions, or country requirements, that you need to consider before you make the move. In this session, learn how to consider migrations, configure migrations safely with AWS Control Tower, and understand best practices of experts in newly emerging markets. Also, review the implications of GDPR that you should consider, in addition to its applicability based on country.

ML environments and the data to train and test them require controls for confidentiality, integrity, and availability like traditional workloads, but the threat landscape for ML often requires additional techniques. In this session, explore threats including poisoning, evasion/spoofing, and fuzzing/GAN attacks and then consider means of mitigating them. Additionally, learn about protecting working models against mutability/substitution and reducing the risk of reverse-engineering intellectual property. Examine data science environment security and incident response for ML environments. Finally, consider scope constraint of ML models in ensembles and the use of error propagation and analysis to make them more robust.

This session dives deep with examples of how to deploy and manage largescale compliance for some of the most common regulatory frameworks. Learn how to design automated controls and implement automation to simplify a compliance overview. Dive deep with examples of how to automate evidence collection for audits.

To manage compliance at the speed and scale the cloud requires, organizations need to implement automation and have an effective mechanism to manage it. In this builders’ session, learn how to implement compliance as code (CaC). CaC shares many of the same benefits as infrastructure as code: speed, automation, peer review, and audibility. Learn about defining controls with AWS Config rules, customizing those controls, using remediation actions, packaging and deploying with AWS Config conformance packs, and validating using a CI/CD pipeline.

In this builders’ session, learn how to deploy, manage, and scale containerized applications that run Kubernetes on AWS with AWS Service Catalog. Walk through how to deploy the Kubernetes control plane into a virtual private cloud (VPC), connect worker nodes to the cluster, and configure a bastion host for cluster administrative operations. Using AWS CloudFormation registry resource types, learn how to declare Kubernetes manifests or Helm charts to deploy and manage your Kubernetes applications. With AWS Service Catalog, you can empower your teams to deploy securely configured Amazon EKS clusters in multiple accounts and Regions.

Automation and simplification are key to managing compliance at scale. Remediation is one of the key elements of simplifying and managing risk. In this builders’ session, walk through how to build a remediation workflow using AWS Config and AWS Systems Manager Automation. Then, explore how the workflow can be deployed at scale and monitored with AWS Security Hub to oversee your entire organization.

Not sure how to get started with your governance, risk, and compliance (GRC) journey on AWS? Join this highly interactive chalk talk and bring your questions so we can discuss how you can build a strategy that supports your GRC stakeholders while still giving you the agility that the cloud can provide. In this chalk talk, learn what AWS services and prescriptive guidance are available to help you along your GRC journey as you go from okay to awesome.

Healthcare organizations need to meet healthcare regulatory requirements quickly, especially after experiencing the impacts of COVID-19. Many have achieved HIPAA compliance requirements during the COVID-19 pandemic with the help of AWS Config, AWS Audit Manager, and AWS Partner solutions. Many AWS services and solutions from AWS Consulting Partners provide a seamless way to audit, detect, and remediate workloads on AWS to help meet HIPAA requirements. In this chalk talk, learn how AWS Config provides building blocks for AWS Consulting Partners to build a compliance-as-code solution.

In this chalk talk, learn how you can benefit from cloud-based solutions that build in security from the beginning. Review technical details around cybersecurity best practices for OT systems in adherence with government partnership with public and private industries. Dive deep into use cases and best practices for using AWS security services to improve cybersecurity specifically for water utilities. Hear about opportunities to receive AWS cybersecurity training designed to teach you the skills necessary to support cloud adoption.

Many AWS customers struggle with choosing between mitigating cyber risks and implementing technical controls. However, it is possible to do both. In this chalk talk, join AWS security experts to discuss the most topical security standards (including ISO 27001, NIST CSF, and CSA CSM), regulatory requirements, and compliance obligations (including incident response and regulatory examinations). See how you can measure the impact of failing technical controls on your risk landscape, and understand how to bridge the gap between your organization and the first line of defense with AWS services.

Documentation exports can be very time consuming. In this chalk talk, learn how the National Institute of Science and Technology is developing the Open Security Controls Assessment Language (OSCAL) to provide common translation between XML, JSON, and YAML formats. OSCAL also provides a common means to identify and version shared resources, and standardize the expression of assessment artifacts. Learn how AWS is working to implement OSCAL for our security documentation exports so that you can save time when creating and maintaining ATO packages.

AWS accounts provide security, access, and billing boundaries for your AWS resources and help you achieve resource independence and isolation. One of the key ways to implement governance on AWS is to have a multi-account strategy. In this chalk talk, get multi-account strategy guidance for establishing your environment and building organizational unit structures. Learn about security patterns, such as account governance, identity federation, cross-account roles, and consolidated logging.

This workshop features an executive security simulation, designed to take senior security management and IT/business executive teams through an experiential exercise that illuminates key decision points for a successful and secure cloud journey. During this team-based, game-like simulation, use an industry case study to make strategic security, risk, and compliance decisions and investments. Experience the impact of these investments and decisions on the critical aspects of your secure cloud adoption. Learn about the major success factors that impact security, risk, and compliance in the cloud and applicable decision and investment approaches to specific secure cloud adoption journeys.

Many AWS customers use ITSM solutions such as ServiceNow to implement governance and compliance and manage security incidents. In this workshop, learn how to use AWS services such as AWS Service Catalog, AWS Config, AWS Systems Manager, and AWS Security Hub on the ServiceNow platform. Learn how AWS services align to service management standards by integrating AWS capabilities through ITSM process integration with ServiceNow. Design and implement a curated provisioning strategy along with incident management and resource transparency/compliance using the AWS Service Management Connector for ServiceNow.

AWS IAM is an essential service that helps you securely control access to your AWS resources. In this session, learn about IAM best practices like working with temporary credentials, applying least-privilege permissions, moving away from users, analyzing access to your resources, validating policies, and more. Leave this session with ideas for how to secure your AWS resources in line with AWS best practices.

In this session, learn how to use service control policies (SCPs) to allow your builders to innovate on AWS while staying within your organization’s security guidelines. By using SCPs effectively, you can help establish guardrails for your teams so that they can focus on innovating for your business. Learn about the basics of SCPs, situations where you can use them, how to test and roll them out across your AWS Organizations environment efficiently, and the top SCPs recommended for virtually everyone.

Bringing Active Directory-dependent workloads to the cloud is no longer optional; it’s a necessity for modernization. In this session, learn how to deploy AWS Managed Microsoft AD, extend it across multiple Regions, and implement security configurations to meet your security and compliance requirements. Dive deep into popular implementations of Active Directory on AWS and how to leverage users from your existing Active Directory.

Building secure applications and workloads on AWS means knowing your way around AWS Identity and Access Management (AWS IAM). This session is geared toward the curious builder who wants to learn practical IAM skills for defending workloads and data, with a technical, first-principles approach. Gain knowledge about what IAM is and a deeper understanding of how it works and why.

Enterprise organizations often come to AWS with existing identity foundations. Whether new to AWS or maturing, organizations want to better understand how to centrally manage access across AWS accounts. In this session, learn the patterns many customers use to succeed in deploying and operating AWS Single Sign-On at scale. Get an overview of different deployment strategies, features to integrate with identity providers, application system tags, how permissions are deployed within AWS SSO, and how to scale these functionalities using features like attribute-based access control.

Implementing the principle of least privilege is often considered a journey, and a confident journey should have a map. This session proposes such a map by considering relevant design principles and mental models that can accelerate your journey to least privilege. The session also reviews successful patterns that organizations use, including policy generators, policy reviewers, access reviewers, and policy reducers, that support the journey.

Organizations are storing an unprecedented and increasing amount of data on AWS for a range of use cases including data lakes, analytics, machine learning, and enterprise applications. They want to make sure that sensitive non-public data is only accessible to authorized users from known locations. In this session, dive deep into the controls that you can use to create a data perimeter that allows access to your data only from expected networks and by trusted identities. Hear from Vanguard about how they use data perimeter controls in their AWS environment to meet their security control objectives.

Attend this session to learn how Guardian Life shifts IAM security controls left to empower builders to experiment and innovate quickly, while minimizing the security risk exposed by granting over-permissive permissions. Explore how Guardian validates IAM policies in Terraform templates against AWS best practices and Guardian’s security policies using AWS IAM Access Analyzer and custom policy checks. Discover how Guardian integrates this control into CI/CD pipelines and codifies their exception approval process.

Managing identity for B2B multi-tenant solutions requires tenant context to be clearly defined and propagated with each identity. It also requires proper onboarding and automation mechanisms to do this at scale. Join this session to learn about different approaches to managing identities for B2B solutions with Amazon Cognito and learn how Trend Micro is doing this effectively and at scale.

As a financial services company, Discover Financial Services considers security paramount. In this session, learn how Discover uses AWS Identity and Access Management (IAM) to help achieve their security and regulatory obligations. Learn how Discover manages their identities and credentials within a multi-account environment and how Discover fully automates key rotation with zero human interaction using a solution built on AWS with IAM, AWS Lambda, Amazon DynamoDB, and Amazon S3.

Learn how AWS can help you design a well-architected identity solution ranging from user access to managing temporary credentials on AWS and for on-premises applications. In this session, learn about delegation models, automatic account bootstrapping, and using ABAC. Learn through scenarios featuring AWS SSO, AWS IAM, permissions boundaries, how to find resources, and putting automation at the center of it all.

Organizations often manage human access using IAM users or through federation with external identity providers. In this builders’ session, explore how AWS SSO centralizes identity federation across multiple AWS accounts, replaces IAM users and cross-account roles to improve identity security, and helps administrators more effectively scope least privilege. Additionally, learn how to use AWS SSO to activate time-based access and attribute-based access control.

This builders’ session demonstrates how to integrate AWS Managed Microsoft AD with native AWS services like Amazon CloudWatch Logs and Amazon CloudWatch metrics and alarms, combined with anomaly detection, to identify potential security issues and provide actionable insights for operational security teams.

In this builders’ session, learn how you can obtain short-lived AWS credentials for different tasks. Using short-lived credentials helps customers reduce risk from credential compromise. Learn through hands-on activity using AWS SSO, AWS STS, and Amazon Cognito, and experiment with short-lived credentials so you can use them on your AWS environments. You must bring your laptop to participate.

This builders’ session offers hands-on learning around the pros and cons of several methods of machine-to-machine authentication. Examine how to implement and use Amazon Cognito, AWS Identity and Access Management (IAM), and Amazon API Gateway to authenticate services to each other with various types of keys and certificates. Join this session to gain a solid understanding of the recommended practices and available options when performing machine-to-machine authentication on AWS.

In this chalk talk, walk through ways to use AWS IAM Access Analyzer policy validation to review IAM policies that do not follow AWS best practices. Learn about the Access Analyzer APIs that help validate IAM policies and how to use these APIs to prevent IAM policies from reaching your AWS environment through mechanisms like AWS CloudFormation hooks and CI/CD pipeline controls.

Amazon Cognito allows you to configure sign-in and sign-up experiences for consumers while extending user management capabilities to your customer-facing application. Join this chalk talk to learn about the first steps for integrating your application and getting started with Amazon Cognito. Learn best practices to manage users and how to configure a customized branding UI experience, while creating a fully managed OpenID Connect provider with Amazon Cognito.

This chalk talk demonstrates how to use built-in capabilities of AWS Identity and Access Management (IAM) to safely allow developers to grant entitlements to their AWS workloads (PassRole/AssumeRole). Additionally, learn how developers can be granted the ability to take self-service IAM actions (CRUD IAM roles and policies) with permissions boundaries.

Learn about how you can develop and apply preventive controls at scale across your organization using service control policies (SCPs). This chalk talk is an extension of the preventive controls within the AWS identity services guide, and it covers how you can meet the security guidelines of your organization by applying and developing SCPs. In addition, it presents strategies for how to effectively apply these controls in your organization, from day-to-day operations to incident response.

In this chalk talk, learn how policy evaluation works in detail and walk through some advanced IAM policy evaluation scenarios. Learn how a request context is evaluated, the pros and cons of different strategies for cross-account access, how to use condition keys for actions that touch multiple resources, when to use principal and aws:PrincipalArn, when it does and doesn’t make sense to use a wildcard principal, and more.

If you build customer-facing applications like web, mobile, or IoT applications on AWS, they will likely need to access AWS resources from the client side to perform their jobs. In this chalk talk, explore different ways to get temporary credentials in customer-facing applications, when these methods should be used, and options for fine-grained access control.

Organizations from all industries have been adopting AWS SSO to improve their security posture and improve productivity by providing a central place for managing access across accounts on AWS, both in the console and the AWS CLI. In this chalk talk, learn about the latest enterprise-grade feature updates for AWS SSO. Discover the ease of integration with a third-party identity provider, with no user interruption, and learn about patterns and tools for migration.

In this chalk talk, learn about the recommended way to access AWS, from AWS experts. AWS SSO allows you to centrally manage access across your AWS accounts, as well as AWS applications and third-party SAML-integrated applications. Learn how AWS SSO makes access easy with the latest AWS SSO features and how to automate role assignment with on-premises Microsoft Active Directory users and groups.

Companies are looking to get value out of their data, but in many cases, business data is trapped in siloed data stores. Data mesh is a new architecture that helps companies share data from these siloed stores across their business units under a unified security and governance model. In this chalk talk, learn how to build a secure data mesh architecture with AWS Lake Formation and AWS RAM providing centralized governance and granular access control.

In this workshop, learn how to create a data perimeter by building controls that allow access to data only from expected network locations and by trusted identities. The workshop consists of five modules, each designed to illustrate a different AWS Identity and Access Management (IAM) and network control. Learn where and how to implement the appropriate controls based on different risk scenarios. Discover how to implement these controls as service control policies, identity- and resource-based policies, and virtual private cloud endpoint policies.

In this workshop, learn how to identify when to use various policy types for your applications. Work through hands-on labs that take you through a typical customer journey to configure permissions for a sample application. Configure policies for your identities, resources, and CI/CD pipelines using permission delegation to balance security and agility. Also learn how to configure enterprise guardrails using service control policies.

In this workshop, dive deep into the logic of AWS IAM policy evaluation and the use of AWS RAM. Gain experience with hands-on labs that walk through common IAM use cases and learn how different policies interact with each other. Using identity- and resource-based policies within single- and cross-account scenarios, learn about the evaluation logic that you can apply in your own environment. You must bring your laptop to participate.

In this workshop, learn how to validate identity and access management policies at scale before they reach your AWS environment. Build a CI/CD pipeline that validates these policies in AWS CloudFormation templates using AWS IAM Access Analyzer and the IAM Policy Validator for AWS CloudFormation. By validating identity and access management policies before they reach your environment, you can prevent policies that may be insecure or do not follow AWS best practices from being deployed. You must bring your laptop to participate.

This workshop provides hands-on experience applying attribute-based access control (ABAC) to achieve a secure and scalable authorization model on AWS. Learn how and when to apply ABAC, which is native to AWS Identity and Access Management (IAM). Also learn how to find resources that could be impacted by different ABAC policies and session tagging techniques to scale your authorization model across Regions and accounts within AWS.

In this session, review the firewall services that can be used on AWS, including OS firewalls (Windows and Linux), security groups and NACLs, AWS Network Firewall, and AWS WAF. The session covers a quick description of each service and where to use it and then offers strategies to help you get the most out of these services.

VPC network controls such as security groups, NACLs, route tables, AWS Network Firewall, and AWS PrivateLink help you control network access to your resources on AWS. This session demonstrates how you can use Amazon VPC Network Access Analyzer to specify your network access requirements and identify network paths in your AWS environment that do not meet your specified requirements. This can help you easily identify any unintended network access to your resources and also help demonstrate whether your network meets your compliance requirements.

Elastic Load Balancing (ELB) has a wide range of capabilities to improve security such as Network Load Balancer (NLB) integration with AWS PrivateLink, Application Load Balancer (ALB) integration with AWS WAF, and Gateway Load Balancer’s ability to activate scalable network security devices such as firewalls. These technologies can even be combined to take advantage of each of their strengths such as ALB as a target of NLB. This session reviews each ELB feature, highlighting how they can increase your security posture, and dives deep into some example architectures and best practices.

You may have heard a developers versus security story before, but is it accurate? Do developers not care about security, or do they just have too many things to think about when designing software? How can you reduce the impact of security on developers while ensuring that resources are being deployed securely to the cloud? Misconfiguration is one of the biggest threats to cloud security—and one of the simplest to prevent with the right tools. Learn how developers at Trend Micro secure their cloud-native applications at scale to prevent misconfigurations in the infrastructure-as-code world. This presentation is brought to you by Trend Micro, an AWS Partner.

AWS provides you with a broad selection of firewall deployment options that can help you protect your AWS-hosted applications exposed to the internet. The firewall you choose can depend on many factors, like the application you’re trying to protect or required depth of inspection and decryption capabilities. In this session, learn how to choose the appropriate firewall solution and the various network deployment options it supports.

Security at layer 7 is about more than DNS. In this session, hear inside stories from the edge. Edge computing, that is. Learn how AWS curates and improves how we approach layer 7 threats, how AWS derives AWS Managed Rules for AWS WAF, why Amazon Route 53 is the only AWS service with a 100 percent-availability SLA, and, most importantly, why it matters. Come for the stories about DDoS threats that AWS routinely defends against, and stay for the delineation of our network and application layer protection mechanisms. Gain a better understanding of how you and AWS can improve the safety and availability for your applications.

40 percent of website traffic is estimated to be generated by bots. Some of these bots are undesirable and could have a negative impact on your web application. Bots increase the cost of your infrastructure, might compromise its availability, and could damage your business with malicious activities such as credential stuffing. In this session, those who are familiar with AWS WAF can learn about its latest capabilities such as Bot Control, account takeover prevention, and CAPTCHA to protect against advanced bots. Join this session to dive into these capabilities, hear about configuration best practices, and learn about other techniques you can employ to fight bots, such as security automation.

QUIC, a newly standardized encrypted transport protocol, aims to improve performance and privacy for internet traffic. As a modern replacement for TCP and TLS, and the foundation of HTTP/3, QUIC brings its own security and deployment challenges. In this session, explore some exciting features of QUIC and learn about s2n-quic, an open-source QUIC implementation that delivers the performance and security AWS customers expect.

The AWS Well-Architected Framework helps you build a secure, high-performance, resilient, and efficient infrastructure for your applications and workloads. In this session, learn how you can build hybrid networks and discover key considerations, best practices, and tips and tricks around operational excellence, security, reliability, performance efficiency, and cost optimization.

In this session, learn how you can use AWS to automate one of the most common operational challenges that often emerge on the journey to the cloud: patch management and compliance. AWS gives you visibility and control of your infrastructure using AWS Systems Manager. See firsthand how to setup and configure an automated, multi-account and multi-region patching operation using Amazon EventBridge, AWS Lambda, and AWS Systems Manager.

Today’s on-premises infrastructure typically has a single internet gateway that is sized to handle all corporate traffic. With AWS, infrastructure as code allows you to deploy in different internet access patterns, including distributed DMZs. Automated queries mean you can identify your infrastructure with an API query and ubiquitous instrumentation, allowing precise anomaly detection. In this session, learn about AWS native security tools like Amazon API Gateway, AWS WAF, ELB Application Load Balancer, and AWS Network Firewall. These options can help you simplify internet service delivery and improve your agility.

When the Log4j vulnerability became known in December 2021, athenahealth made the decision to increase their cloud security posture by adding AWS Network Firewall to over 100 accounts and 230 VPCs. Join this session to learn about their initial deployment of a distributed architecture and how they were able to reduce their costs by approximately two-thirds by moving to a centralized model. The session also covers firewall policy creation, optimization, and management at scale. The session is aimed at architects and leaders focused on network and perimeter security that are interested in deploying AWS Network Firewall.

A transition is underway in enterprise networking. Organizations are incorporating new, cloud-native, wide-area networking services into their infrastructure because of their ability to create and configure connectivity on the fly—with elastic capacity and consumption-based pricing. In this session, learn how to get started with cloud-native networks using the new AWS Cloud WAN and AWS Direct Connect SiteLink services. The session begins with a simple architecture and then dives into real-world use cases that include details on how these services work with your SD-WAN, AWS Direct Connect, and AWS Transit Gateway usage.

Once devices run applications at the edge and are interacting with various AWS services, establishing a compliant and secure computing environment is necessary. It’s also necessary to monitor for unexpected behaviors, such as a device running malicious code or mining cryptocurrency. This builders’ session walks you through how to build security mechanisms to detect unexpected behaviors and take automated corrective actions for edge devices at scale using AWS IoT Device Defender and AWS IoT Greengrass.

In this builders’ session, review how the new Amazon VPC Network Access Analyzer helps you identify network configurations that can lead to unintended network access. Learn ways that you can improve your security posture while still allowing you and your organization to be agile and flexible.

Confirming that your applications deployed on AWS allow only the right protocol and port access to/from known network ranges is a foundation to security in the cloud. As AWS accounts and resources increase, you need a centralized mechanism to audit and manage these firewall rules across your AWS accounts. In this session, learn how to use AWS Firewall Manager to centrally manage and audit VPC security groups for overly permissive rules and distributed deployment of network firewall rules across VPCs and accounts.

Amazon VPC managed prefix lists allow users to populate a list of network prefixes that can be referenced in security groups, route tables, and other resources. In this builders’ session, learn how to use AWS Lambda to automatically populate these prefix lists and keep them up to date from multiple sources including AWS public IP JSON documents, security groups that cannot be referenced directly, and other data sources.

In this session, learn about the must-haves and architecture components for building an effective and AWS-permissible method for malware analysis in the cloud.

In this chalk talk, learn how building on the AWS Cloud makes it easier to manage your complex distributed environments. This includes visibility over what you have deployed, automated redeployments, and the ability to identify what you should patch most quickly. Learn how to approach patching, for any cloud maturity level, and help your business move quickly and stay secure. The techniques you learn for knowing what to patch and when can also help improve your operational excellence.

Balancing agility with maximizing uptime, while keeping security in mind, can be a daunting task. Throw in on-premises and cloud resources and that complexity is multiplied. In this chalk talk, learn how AWS Cloud Operations can help you strengthen your security posture through automation of ITSM operations processes, such as configuration management, event management, and change control, along with problem and incident management across all of your environments.

Early identification of erroneous changes in configuration or failures can help to avoid bigger challenges down the line. In this chalk talk, learn how to use services like AWS Security Hub, AWS Config, and Amazon CloudWatch Synthetics to deploy canaries and perform continuous end-to-end checks.

In this chalk talk, learn steps you can take to protect your business against ransomware. Discover practical lessons learned from helping many companies design their AWS environment to minimize impact and risks from ransomware.

Learn how managed protections help you protect your environment, gain visibility, and manage requests from bots and malicious account takeover attempts. In this chalk talk, learn about use cases, challenges, and best practices for using AWS WAF managed protections to secure your web applications and login pages. Learn how you can extend the security capabilities of your applications with the latest AWS WAF features.

Industries like financial services, online real money gaming, healthcare, and the public sector have strict regulations that require data to be stored on premises or within a geopolitical boundary. In this chalk talk, learn how AWS Outposts and AWS Local Zones bring AWS infrastructure and services to on-premises locations, colocation facilities, and areas near large cities to help meet requirements. Learn how companies are using AWS services, including Amazon EC2, Amazon EBS, Amazon S3 on Outposts, Amazon ECS, and Amazon EKS to host workloads and data that can’t move to an AWS Region due to data residency or security requirements.

This workshop accompanies the breakout session that describes how to design Amazon WorkSpaces to both mitigate emerging threats and curb data exfiltration. In this workshop, walk through implementing those security controls for Amazon WorkSpaces in a high-security-posture environment.

In this workshop, learn how to build a DDoS-resilient perimeter and how to use services like AWS Shield, AWS WAF, AWS Firewall Manager, and Amazon CloudFront to architect for DDoS resiliency and maintain robust operational capabilities that allow rapid detection and engagement during high-severity events. Learn how to detect and filter out malicious web requests, reduce attack surface, and protect web-facing workloads at scale with maximum automation and visibility.

ELB Gateway Load Balancer (GWLB) can help you deploy and scale security appliances on AWS. This workshop focuses on integrating GWLB with an open-source thread detection engine from Suricata. Learn about the mechanics of GWLB, build rules for GeoIP blocking, and write scripts for enhanced malware detection. The architecture relies on AWS Transit Gateway for centralized inspection; automate it using a GitOps CI/CD approach.

In this workshop, use AWS WAF to build an effective set of controls around your web application and perform monitoring and analysis of traffic that is analyzed by your web ACL. Learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and cross-site scripting. Additionally, learn how to use AWS WAF for advanced protections such as bot mitigation and JSON inspection. Also find out how to use AWS WAF logging, query logs with Amazon Athena, and near-real-time dashboards to analyze requests inspected by AWS WAF.

In this workshop, learn how to build and design connectivity for global networks using native AWS services. The workshop includes a discussion of security concepts such as segmentation, centralized network security controls, and creating a balance between self-service and governance at scale. Understand new services like AWS Cloud WAN and AWS Direct Connect SiteLink, as well as how they interact with existing services like AWS Transit Gateway, AWS Network Firewall, and SD-WAN. Use cases covered include federated networking models for large enterprises, using AWS as a WAN, SD-WAN at scale, and building extranets for partner connectivity.

In this workshop, learn how to access Amazon S3 buckets from on-premises networks using AWS Direct Connect or VPN via private connectivity using AWS PrivateLink for S3. Walk through how to use various DNS options to enable connectivity from on-premises applications. Also discover how to configure your on-premises DNS resolvers to direct S3 domain names to the interface endpoint IPs by forwarding DNS queries to Amazon Route 53 Resolver inbound endpoints.

How do you see what traffic is accessing your website and what is getting blocked after protecting web-facing resources against OWASP Top 10 security risks, mitigating bot issues, reducing exposure to CVEs, and using rate-limiting rules in AWS WAF? In this builders’ session, learn how to data mine the AWS WAF logs using Amazon Athena across the different dimensions of website traffic, such as traffic patterns, URLs accessed, source IP, country of source IP, and so on. Learn how to visualize the data extracted using Amazon QuickSight and how to gather actionable intelligence to block undesirable traffic using AWS Managed Rules.

This workshop guides participants through configuring a centralized AWS Network Firewall deployment and Amazon Route 53 Resolver DNS Firewall configuration in AWS multi-VPC environments. It demonstrates how multiple VPCs can be interconnected with a centralized AWS Network Firewall and DNS Firewall configuration in an automated way to ease the governance of network security and how AWS Firewall Manager can be used to centrally configure security policies.

Security incidents provide learning opportunities for improving your security posture and incident response processes. Ideally you want to learn these lessons before having a security incident. In this session, walk through the process of running and moderating effective incident response simulations with your organization’s playbooks. Learn how to create realistic real-world scenarios, methods for collecting valuable learnings and feeding them back into implementation, and documenting correction-of-error proceedings to improve processes. This session provides knowledge that can help you begin checking your organization’s incident response process, procedures, communication paths, and documentation.

AWS threat detection teams continue to innovate and improve the foundational security services for proactive and early detection of security events and posture management. Keeping up with the latest capabilities can improve your security posture, raise your security operations efficiency, and reduce your mean time to remediation (MTTR). In this session, learn about recent launches that can be used independently or integrated together for different use cases. Services covered in this session include Amazon GuardDuty, Amazon Detective, Amazon Inspector, Amazon Macie, and centralized cloud security posture assessment with AWS Security Hub.

Adopting a security framework can help you increase your security posture by finding efficiencies for scaling and aligning security controls across certifications and regulations. In this session, learn about best practices for using the Center for Internet Security (CIS) Critical Security Controls and CIS Benchmarks in your AWS security and compliance programs. Learn how you can use these CIS best practices to raise your security posture and support common cyber-insurance requirements.

The AWS internal security team addresses millions of security findings across hundreds of thousands of AWS accounts each year. How do they handle the volume of findings while maintaining a high security posture? In this session, explore various mechanisms that AWS uses to operationalize security issues, such as preventative and detective controls, security campaigns, decentralized ownership, enrichment and correlation techniques, and automated response and remediation.

In this session, learn about incident response best practices and tooling at your disposal to help prepare before a security incident occurs. The AWS Customer Incident Response Team (CIRT), will simulate a security event to help you learn about a set of open-source security projects and when it’s appropriate to engage the CIRT. CIRT is an internal operational team of AWS Professional Services security consultants and security specialist solutions architects who assist AWS customers with active security events on their accounts.

In the run-up to the 2021 holiday season, many companies were hit by security vulnerabilities in the widespread Java logging framework, Apache Log4j. Organizations were in a reactionary position, trying to answer questions like: How do we figure out if this is in our environment? How do we remediate across our environment? How do we protect our environment? In this session, learn about proactive measures that you should implement now to better prepare for future zero-day vulnerabilities.

Identifying suspicious behavior may only be the first step in responding to an incident. It is often important to investigate the root cause in order to efficiently remediate and address the original potential vulnerability. During this session, learn how to effectively use Amazon GuardDuty and Amazon Detective to simplify root cause analysis. Learn about the MITRE ATT&CK framework and best practices as you walk through real-world investigation scenarios and see a demo of the latest Amazon Detective capabilities.

Zoom, a leader in modern enterprise video communications, experienced hyperscale growth during the pandemic. Their customer base expanded by 30x and their daily security logs went from being measured in gigabytes to terabytes. In this session, Zoom shares how their security team supported this breakneck growth by evolving to a centralized infrastructure, updating their governance process, and consolidating to a single pane of glass for a more rapid response to security concerns. Solutions used to accomplish their goals include Splunk, AWS Security Hub, Amazon GuardDuty, Amazon CloudWatch, Amazon S3, and others.

Containers are a cornerstone of many AWS customers’ application modernization strategies. The increased dependence on containers in production environments requires threat detection that is designed for container workloads. To help meet the container security and visibility needs of security and DevOps teams, new container-specific security capabilities have recently been added to Amazon GuardDuty, Amazon Inspector, and other AWS services. In this session, learn about these new capabilities and the deployment and operationalization best practices that can help you scale your AWS container workloads. Additionally, the head of cloud security at HBO Max will share their container security monitoring best practices.

Memory contains a variety of rich data and artifacts that can be a critical supplement to traditional disk-based evidence. Should you be collecting it as part of your standard response? If so, what are the proper processes and techniques? How can you ensure you’re effectively using the power of AWS to preserve and collect all available artifacts? In this session, learn instance memory acquisition techniques, considerations for each approach, tips and tools for analysis, and what methods may be most useful for your environment.

Security operations can be improved with increased visibility and automation tools. Join this hands-on session to build a chatbot integrated with AWS to help improve automation, visibility, and incident response for your security operations. Learn about best practices for security automation, examine a detailed solution architecture, and discover how you can better implement this automation integration for your environment.

In this hands-on builders’ session, learn how to use Amazon CloudWatch and Amazon GuardDuty to effectively monitor Kubernetes audit logs—part of the Amazon EKS control plane logs—to alert on suspicious events, such as an increase in 403 Forbidden or 401 Unauthorized Error logs. Also learn how to automate example incident responses for streamlining workflow and remediation.

Join this hands-on builders’ session to learn how to mitigate the risk from ransomware in your AWS environment using the NIST Cybersecurity Framework (CSF). Choose your own path to learn how to protect, detect, respond, and recover from a ransomware event using key AWS security and management services. Use Amazon Inspector to detect vulnerabilities, Amazon GuardDuty to detect anomalous activity, and AWS Backup to automate recovery. This session is beneficial for security engineers, security architects, and anyone responsible for implementing security controls in their AWS environment.

When it comes to life in the cloud, there’s nothing more important than security. At AWS, the Customer Incident Response Team (CIRT) creates tools to support customers during active security events and to help them anticipate and respond to events using simulations. In this session, members of the AWS CIRT demonstrate best practices for using these tools to enable service logs with Assisted Log Enabler for AWS, run a security event simulation using AWS CloudSaga, and show how to analyze logs to respond to a security event with Amazon Athena.

With the increasing number of global data privacy guidelines and expanding definition of sensitive data, there is a growing volume of data that needs to be assessed for the presence of sensitive data and protected. In this builders’ session, get hands-on experience detecting and visualizing sensitive data in Amazon S3. Learn how to use Amazon Macie to detect sensitive data in Amazon S3 buckets and Amazon Athena to curate the results by severity and type. Use Amazon QuickSight to build a dashboard of your sensitive data search results, which can aid in prioritizing your response. You must bring your laptop to participate.

In this builders’ session, learn about concepts of chaos engineering and how it can be extended to perform experiments to explore the unknowns that may arise from security deviations. Find out how to design and implement chaos experiments with AWS Fault Injection Simulator to test the efficacy of security guardrails and detection (e.g. port/encryption/authorization misconfiguration). Builders are challenged to create experiment templates to run against a set of predesigned guardrails.

In this chalk talk, learn about vulnerability management strategies for Amazon EC2 instances on AWS at scale. Discover the role of services like Amazon Inspector, AWS Systems Manager, and AWS Security Hub in vulnerability management and mechanisms to perform proactive and reactive remediations of findings that Amazon Inspector generates. Also learn considerations for managing vulnerabilities across multiple AWS accounts and Regions in an AWS Organizations environment.

As organizations have embraced the cloud revolution, so too have adversaries. As noted in the CrowdStrike 2022 Global Threat Report, organizations face malicious threats to cloud environments as cloud-based services are “increasingly abused by malicious actors in the course of computer network operations (CNO), a trend that is likely to continue.” In this chalk talk, learn about three steps you can take to mitigate cloud security threats with an adversary-focused approach. Specifically, find out how to 1) shift left and enrich CI/CD processes to detect threats and vulnerabilities before they reach production; 2) provide real-time protection across the control plane; and 3) secure hosts and containers at runtime. This presentation is brought to you by CrowdStrike, an AWS Partner.

With many organizations migrating and expanding their AWS footprints, digital forensics and incident response (DF/IR) capabilities also need to evolve with the new tech stacks. Join this chalk talk to learn best practices for DF/IR on AWS and how to improve your DF/IR capabilities. Discover Financial Services (DFS) shares how they use tabletop exercises to collaborate across various internal teams, including engineering, security, and DF/IR teams, to identify requirements and build these new capabilities. Find out how DFS gained further visibility into their cloud resources, identified and obtained additional access, built new processes for DF/IR, and enhanced their overall security posture.

Many organizations do not validate their critical processes prior to an event such as a ransomware attack. Through a security tabletop exercise, customers can use simulations to provide a realistic training experience for organizations to test their security resilience and mitigate risk. In this chalk talk, learn about Amazon Managed Services (AMS) best practices through a live, interactive tabletop exercise to demonstrate how to execute a simulation of a ransomware scenario. Attendees will leave with a deeper understanding of incident response preparation and how to use AWS security tools to better respond to ransomware events.

Security analysts are under constant pressure to take meaningful action against security incidents while avoiding alert fatigue. This chalk talk describes best practices for aligning security with your business objectives, operationalizing your analysts’ ability to correlate large amounts of data across multiple AWS security domains, and cutting down response times by enabling your security personnel with access to critical data to help them make decisions during incidents.

Ransomware events can cost governments, nonprofits, and businesses billions of dollars, and interrupt operations. Early detection and automated responses are important steps that can limit your organization’s exposure. In this chalk talk, walk through the anatomy of a ransomware event in Amazon S3 and describe in detail best practices for detection, response, recovery, and protection.

You have a compromised resource on AWS. You've acquired the evidence. Where do you transfer it and store it? How do you ensure least privilege access to the evidence? Do you have the tools and capabilities needed to effectively analyze it? How do you analyze it safely within an isolated environment? And how do you learn from your analysis and investigation to improve your security? Join this chalk talk to walk through building a forensics lab on AWS, methods for implementing effective data acquisition, and how to make sure you are getting the most out of your investigations.

This workshop walks through scenarios covering threat detection and remediation using Amazon GuardDuty, a managed threat detection service. The scenarios simulate an incident that spans multiple threat vectors, representing a sample of threats related to Amazon EC2, AWS IAM, Amazon S3, and Amazon EKS, that GuardDuty is able to detect. Learn how to view and analyze GuardDuty findings, send alerts based on the findings, and remediate findings.

This workshop is designed to familiarize you with AWS Security Hub so that you can better understand how you would use it in your own AWS environment(s). The workshop is broken into two sections. The first section guides you through a demonstration of the features and functions of Security Hub. The second section demonstrates how to use Security Hub to import findings from different data sources, analyze findings so you can prioritize response work, and implement responses to findings to help improve your security posture.

This workshop guides you through building an incident response runbook for your AWS environment using Jupyter notebooks. Walk through an easy-to-follow sample incident using a ready-to-use runbook. Then add new programmatic steps and documentation to the Jupyter notebook, helping you discover and respond to incidents.

Join this workshop to get hands-on experience using Amazon Inspector to scan Amazon EC2 instances and container images residing in Amazon Elastic Container Registry (Amazon ECR) for software vulnerabilities. Learn how to manage findings by creating prioritization and suppression rules, and learn how to understand the details found in example findings.

Modern organizations understand that enterprise and industrial IoT (IIoT) yields significant business benefits. However, unaddressed security concerns can expose vulnerabilities and slow down companies looking to accelerate digital transformation by connecting production systems to the cloud. In this workshop, use a case study to detect and remediate a compromised device in a factory using security monitoring and incident response techniques. Use an AWS multilayered security approach and top ten IIoT security golden rules to improve the security posture in the factory.

You’ve received an Amazon GuardDuty finding drawing your attention to a possibly compromised Amazon EC2 instance. How do you respond? In part one of this workshop, perform an Amazon EC2 incident response using proven processes and techniques for effective investigation, analysis, and lessons learned. Use the AWS CLI to walk step-by-step through a prescriptive methodology for responding to a compromised Amazon EC2 instance that helps effectively preserve all available data and artifacts for investigations. In part two, implement a solution that automates the response and forensics process within an AWS account, so that you can use the lessons learned in your own AWS environments.