S U M M I T - Amazon Web Services Mark… · SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Quick Get the software you need in minutes with just

S U MM I TB E R L I N

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT

Migration: Safeguard the Integrity of Your Code for Fast and Secure DeploymentsBenjamin AndrewGlobal Lead Security, Networking & DevSecOps.AWS Marketplace


Quick

Get the software you need in

minutes with just a few clicks or use

the 1-Click deployment option.

Software in AWS Marketplace are

ready-to-run on AWS.

Pay-as-you-goOnly pay for what you use through various payment options and receive discounts on longer or custom terms.

All charges from AWS Marketplace are consolidated into one bill from AWS.

VerifiedAll software in AWS Marketplace are continuously scanned to ensure reliability.

AWS MarketplaceA curated digital software catalog that helpsyou find, buy, test, and deploy software


A growing digital software catalog

• Deploy software on demand

• 1,400+ ISVs

• Over 4,500 product listings

• 200,000 active customers

• Over 650 million hours of EC2 deployed monthly

• More than 950,000 subscriptions deployed

• Deployed in 16 regions

• Offers 35 categories

• Flexible consumption and contract models

• Easy and secure deployment, almost instantly

• One consolidated bill

• Always evolving


Operating

systems SIEMStorage BIDatabase DevOpsNetworking

8 popular categories most often provisioned

Security


Security IN the cloud

IdentifySecurity fundamentally anchors on having sufficient knowledge of your world.

ProtectThe best defense is an offense but…

DetectOne must ‘assume breach’and have a strong defense.

Knowing and being able to act swiftly is key in the cloud.

Respond/Recover

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.7

Why DevSecOps?

Business ImperativesCompeting forces

DevelopmentBuild it faster

OperationsKeep it stable

SecurityMake it secure

D E V O P S

BUILD TEST DISTRIBUTE

MONITOR

Developers Users

D E V S E C O P S

BUILD TEST DISTRIBUTE

MONITOR

Developers Users

SECURITY


Speed! Collaboration! Automation!

Waterfall

Agile

DevOps


Security & compliance of the code IN the pipeline

Pre Commit Commit Acceptance Deploy

Continuous Compliance

Threat modeling

Initial SAST inside IDE

Code review

“Break the build“

Compile/build

checks

SCA

Container security

Additional SAST

Unit test

Secure infra build

Functional testing

SCA DAST

Unit testing

Security attacks

Deep SAST

Fuzzing, Pen Tests

Provision runtime environment

Config management

RASP

Security

Compliance

CI/CD



Pre Commit

Threat modeling

Initial SAST inside IDE

Code review

Security

Compliance

CI/CD


Static Analysis Security Testing (SAST) in IDE

What it is: Automatically analyzes code for security early without slowing down development

Why it’s important: Introduces code analysis as ‘far left’ as possible

Why it’s critical to security: Catches vulnerabilities at the first point they can enter the application pipeline to reduce significant impacts


Vendor Highlight: Veracode Greenlight


Veracode Greenlight in AWS Marketplace

Coming soon.



Commit

“Break the build“

Compile/build

checks

SCA

Container security

Additional SAST

Unit test

Security

Compliance

CI/CD Pre Commit Commit Acceptance Deploy


Software Composition Analysis (SCA)

What it is: Vulnerability scanning tool for open source

Why it’s important: Most static analysis tools aren’t relevant for open source

Why it’s critical to security: Reduces the threat of vulnerabilities from dependencies on open source components


Vendor Highlight: WhiteSource


WhiteSource SaaS in AWS Marketplace


Container Vulnerability Analysis (CVA)

What it is: Vulnerability scanning tools that specifically target containers

Why it’s important: Security needs to be tailored to containerized applications

Why it’s critical to security: A vulnerability in one container can spread to others without isolation between containers


Vendor Highlight: Aqua


Aqua SaaS in AWS Marketplace


Microservices Firewall

What it is: Ensures security and compliance between interdependent microservices

Why it’s important: Security of microservices architectures alongside service meshes

Why it’s critical to security: Ensure latencies, failed instances, and security threats are contained to each microservice until affected services are reinstated


Vendor Highlight: Alcide


Alcide SaaS in AWS Marketplace



Acceptance

Secure infra build

Functional testing

SCA DAST

Unit testing

Security attacks

Deep SAST

Fuzzing, Pen Tests

Security

Compliance

CI/CD Pre Commit Commit Acceptance Deploy


Dynamic Analysis Security Testing (DAST)

What it is: Tests web applications for exposed HTTP and HTML interfaces while they are running

Why it’s important: Dynamic, for running applications, vulnerability scanning in testing, staging, and production

Why it’s critical to security: Looks for a broad range of vulnerabilities, such as input/output validation issues leading to cross-site scripting or SQL injection


Vendor Highlight: Qualys Web Application Scanner (WAS)


Qualys WAS SaaS in AWS Marketplace



Provision runtime environment

Config management

RASP

Security

Compliance

CI/CDPre Commit Commit Acceptance Deploy


Runtime Application Self-Protection (RASP)

What it is: controls execution and prevents real-time attacks in application runtime environment

Why it’s important: Targets application code security at runtime (powerful addition to a WAF)

Why it’s critical to security: protects against OWASP top runtime threats. Can capture zero-day vulnerabilities


Vendor Highlight: Prevoty


Prevoty AMI in AWS Marketplace


Continuous Compliance

What it is: Automate the compliance of your *infrastructure* code

Why it’s important: Ensure regulatory compliance

Why it’s critical to security: Secure application code can run on compliant/safe infrastructure


Vendor Highlight: Dome9


Dome9 in AWS Marketplace


Making DevOps Sec-sy


Customize the way you provision software

Find

Machine Learning

Containers

Networking

Security

Storage

DevOps

Database

Operating Systems

BI & Big Data

From a breadth

of categories:

Buy

Free trial

Pay-as-you-go

Hourly

Monthly

Annual and Multi-Year

Bring Your Own License (BYOL)

Seller Private Offers

Through flexible

pricing options:

Deploy

Amazon Elastic Container Services (ECS)

Amazon Elastic Container Services for

Kubernetes (EKS)

Amazon Machine Image (AMI)

Application Program Interface (API)

Amazon SageMaker

AWS Fargate

CloudFormation Template

SaaS

With multiple

deployment options:


“The ability to deploy software instantaneously anywhere in the world means we’re able

to scale immediately, and stretch or shrink the environment to accommodate our

needs.”

“Integrated billing on AWS Marketplace is very slick, very straightforward. One place,

one dashboard where all my costs appear.”

Why customers buy in AWS Marketplace

Flexible

consumption and

contract models

Easy and secure

deployment,

almost instantly

Single,

consolidated bill

Speed, simplicity and scalability

“One benefit of the pay-as-you-go model is the ability to deploy anywhere without

having to do a capital approval process to pay for infrastructure that may or may not

be used.”– Rob Gillan, CTO, SimplePay

– Briley James Yetter, Director of Technology, Goodwill Industries

– Richard Williams, Sr. Engineer, MakerBot


Thank you!

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Benjamin AndrewGlobal Lead Security, Networking & DevSecOps.AWS [email protected]/in/benandrew

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMITSUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Documents

S U M M I T - Amazon Web Services Mark… · SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Quick Get the software you need in minutes with just