Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
S U MM I TB E R L I N
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Migration: Safeguard the Integrity of Your Code for Fast and Secure DeploymentsBenjamin AndrewGlobal Lead Security, Networking & DevSecOps.AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Quick
Get the software you need in
minutes with just a few clicks or use
the 1-Click deployment option.
Software in AWS Marketplace are
ready-to-run on AWS.
Pay-as-you-goOnly pay for what you use through various payment options and receive discounts on longer or custom terms.
All charges from AWS Marketplace are consolidated into one bill from AWS.
VerifiedAll software in AWS Marketplace are continuously scanned to ensure reliability.
AWS MarketplaceA curated digital software catalog that helpsyou find, buy, test, and deploy software
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
A growing digital software catalog
• Deploy software on demand
• 1,400+ ISVs
• Over 4,500 product listings
• 200,000 active customers
• Over 650 million hours of EC2 deployed monthly
• More than 950,000 subscriptions deployed
• Deployed in 16 regions
• Offers 35 categories
• Flexible consumption and contract models
• Easy and secure deployment, almost instantly
• One consolidated bill
• Always evolving
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Operating
systems SIEMStorage BIDatabase DevOpsNetworking
8 popular categories most often provisioned
Security
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Security IN the cloud
IdentifySecurity fundamentally anchors on having sufficient knowledge of your world.
ProtectThe best defense is an offense but…
DetectOne must ‘assume breach’and have a strong defense.
Knowing and being able to act swiftly is key in the cloud.
Respond/Recover
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.7
Why DevSecOps?
Business ImperativesCompeting forces
DevelopmentBuild it faster
OperationsKeep it stable
SecurityMake it secure
D E V O P S
BUILD TEST DISTRIBUTE
MONITOR
Developers Users
D E V S E C O P S
BUILD TEST DISTRIBUTE
MONITOR
Developers Users
SECURITY
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Speed! Collaboration! Automation!
Waterfall
Agile
DevOps
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Security & compliance of the code IN the pipeline
Pre Commit Commit Acceptance Deploy
Continuous Compliance
Threat modeling
Initial SAST inside IDE
Code review
“Break the build“
Compile/build
checks
SCA
Container security
Additional SAST
Unit test
Secure infra build
Functional testing
SCA DAST
Unit testing
Security attacks
Deep SAST
Fuzzing, Pen Tests
Provision runtime environment
Config management
RASP
Security
Compliance
CI/CD
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Security & compliance of the code IN the pipeline
Pre Commit
Threat modeling
Initial SAST inside IDE
Code review
Security
Compliance
CI/CD
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Static Analysis Security Testing (SAST) in IDE
What it is: Automatically analyzes code for security early without slowing down development
Why it’s important: Introduces code analysis as ‘far left’ as possible
Why it’s critical to security: Catches vulnerabilities at the first point they can enter the application pipeline to reduce significant impacts
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: Veracode Greenlight
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Veracode Greenlight in AWS Marketplace
Coming soon.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Security & compliance of the code IN the pipeline
Commit
“Break the build“
Compile/build
checks
SCA
Container security
Additional SAST
Unit test
Security
Compliance
CI/CD Pre Commit Commit Acceptance Deploy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Software Composition Analysis (SCA)
What it is: Vulnerability scanning tool for open source
Why it’s important: Most static analysis tools aren’t relevant for open source
Why it’s critical to security: Reduces the threat of vulnerabilities from dependencies on open source components
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: WhiteSource
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
WhiteSource SaaS in AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Container Vulnerability Analysis (CVA)
What it is: Vulnerability scanning tools that specifically target containers
Why it’s important: Security needs to be tailored to containerized applications
Why it’s critical to security: A vulnerability in one container can spread to others without isolation between containers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: Aqua
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Aqua SaaS in AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Microservices Firewall
What it is: Ensures security and compliance between interdependent microservices
Why it’s important: Security of microservices architectures alongside service meshes
Why it’s critical to security: Ensure latencies, failed instances, and security threats are contained to each microservice until affected services are reinstated
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: Alcide
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Alcide SaaS in AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Security & compliance of the code IN the pipeline
Acceptance
Secure infra build
Functional testing
SCA DAST
Unit testing
Security attacks
Deep SAST
Fuzzing, Pen Tests
Security
Compliance
CI/CD Pre Commit Commit Acceptance Deploy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Dynamic Analysis Security Testing (DAST)
What it is: Tests web applications for exposed HTTP and HTML interfaces while they are running
Why it’s important: Dynamic, for running applications, vulnerability scanning in testing, staging, and production
Why it’s critical to security: Looks for a broad range of vulnerabilities, such as input/output validation issues leading to cross-site scripting or SQL injection
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: Qualys Web Application Scanner (WAS)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Qualys WAS SaaS in AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Security & compliance of the code IN the pipeline
Provision runtime environment
Config management
RASP
Security
Compliance
CI/CDPre Commit Commit Acceptance Deploy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Runtime Application Self-Protection (RASP)
What it is: controls execution and prevents real-time attacks in application runtime environment
Why it’s important: Targets application code security at runtime (powerful addition to a WAF)
Why it’s critical to security: protects against OWASP top runtime threats. Can capture zero-day vulnerabilities
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: Prevoty
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Prevoty AMI in AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Continuous Compliance
What it is: Automate the compliance of your *infrastructure* code
Why it’s important: Ensure regulatory compliance
Why it’s critical to security: Secure application code can run on compliant/safe infrastructure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Vendor Highlight: Dome9
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Dome9 in AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Making DevOps Sec-sy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Customize the way you provision software
Find
Machine Learning
Containers
Networking
Security
Storage
DevOps
Database
Operating Systems
BI & Big Data
From a breadth
of categories:
Buy
Free trial
Pay-as-you-go
Hourly
Monthly
Annual and Multi-Year
Bring Your Own License (BYOL)
Seller Private Offers
Through flexible
pricing options:
Deploy
Amazon Elastic Container Services (ECS)
Amazon Elastic Container Services for
Kubernetes (EKS)
Amazon Machine Image (AMI)
Application Program Interface (API)
Amazon SageMaker
AWS Fargate
CloudFormation Template
SaaS
With multiple
deployment options:
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
“The ability to deploy software instantaneously anywhere in the world means we’re able
to scale immediately, and stretch or shrink the environment to accommodate our
needs.”
“Integrated billing on AWS Marketplace is very slick, very straightforward. One place,
one dashboard where all my costs appear.”
Why customers buy in AWS Marketplace
Flexible
consumption and
contract models
Easy and secure
deployment,
almost instantly
Single,
consolidated bill
Speed, simplicity and scalability
“One benefit of the pay-as-you-go model is the ability to deploy anywhere without
having to do a capital approval process to pay for infrastructure that may or may not
be used.”– Rob Gillan, CTO, SimplePay
– Briley James Yetter, Director of Technology, Goodwill Industries
– Richard Williams, Sr. Engineer, MakerBot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT
Thank you!
SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Benjamin AndrewGlobal Lead Security, Networking & DevSecOps.AWS [email protected]/in/benandrew
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMITSUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.