ESG's Doug Cahill interviews Mark Terenzoni, GM, AWS security services.
Announcer: The following is an ESG On Location video.
Doug: I'm here with Mark Terenzoni, one of the general managers for security services at Amazon Web Services. Mark, thanks for joining me.
Mark: Great to be here, Doug.
Doug: Great to be at another re:Invent. And, you know, at every AWS re:Invent, Amazon makes a lot of announcements, but also a lot of announcements around new security services. And one of my first questions for you is, whether or not that changes how customers should think about the shared responsibility model with respect to the demarcation line, or is it really Amazon providing additional services and controls to help customers meet their part of their responsibility model?
Mark: Well, I'll answer that in a couple ways, Doug. First, you know, most of the services that we deliver are coming from feedback from our customers. They've asked us for certain things. We want to please them. We want to give them tools to help them fulfill their component within the shared responsibility model. So all the services that we've built, including features on to infrastructure services, are all focused on providing capabilities for the customer to help secure their components within AWS.
Doug: Sure. So those services include things like AWS Inspector, to be able to identify vulnerabilities on workloads, VPC Flow Logs, you get instrumentation at the network level, and then last year, AWS GuardDuty, an intrusion detection offering. What's happened with GuardDuty over the last year? Good, strong customer adoption.
How is that being used in production environments?
Mark: GuardDuty has had an amazing year, phenomenal adoption. I think one of the main reasons is it is just so simple to invoke and gather detections throughout your environment on all your accounts, virtually one click. And it made that really simple, and they have continued to add more detections over time. And I think you'll see that to continue at a rapid pace into 2019 as well.
Doug: Got it. So new detection rules, making GuardDuty even smarter.
Mark: For sure.
Doug: Got it, got it. And this year, at re:Invent, the company has announced Security Hub. To me, it sounds like an ability to aggregate security events. How should we think about the use cases around Security Hub?
Mark: So Security Hub will aggregate findings from all of the native AWS services. And, you know, one interesting use case could be, you know, from a customer that has a vulnerability on one of my assets. While GuardDuty detects anomalous behavior, now you've got two services, Inspector finding a vulnerability, and GuardDuty, a detection.
Security Hub will correlate those events and prioritize for the analyst what, you know, an area that they should focus on.
Doug: Okay. So I think about the broad set of services are now leveraging in Amazon Web Services and getting triggered events that are coming in. Security Hub has long... it really crossed correlation, high level of fidelity and survey analytics really around that event data.
Mark: Yeah, for sure, as well as compliance. So compliance of my environment, as well as all the findings that are associated from my environment, correlated by resources within my state.
Doug: Yeah. Well, it sounds like bringing really security operations into a cloud sort of context, not only with the visibility into what's happening across Amazon, but also doing it in the cloud, sort of bringing, you know, cloud-scale to security analytics. And you think about, you know, fortunately, the amount of event data that supposed to be left on the cutting room floor because of the, you know, skill set shortage, we just can't get to all of them.
Well, now, with higher fidelity and more storage or compute, we can get to more event data.
Mark: Yeah. AWS is a perfect place for security analytics. With an AWS in an elastic scale, it's a great opportunity to, you know, build those capabilities, get more innovative, and machine learning techniques become more available. And, you know, we see that as a tremendous opportunity for our partners, our customers in our existing security services to evolve.
Doug: You bet. Makes a ton of sense. Hey, so, and as short as these videos are, we've only been able to scratch the surface on these important topics. If I understand, there's a new event that Amazon announced this week where participants will be able to go deeper on these topics even more.
Mark: That is correct. We're really excited. Steve Schmidt announced it in his keynote, it'll be in June and in Boston, where both you and I are from. So we will have an easy commute for that.
Mark: And the intent there is to bring like-minded customers, partners, and AWS security professionals together in one place to collaborate, share best practices, and help each other, you know, secure the environments and protect these states.
Doug: Awesome. That's going to be a great event, and it's called AWS re:Inforce, end of June, in our hometown of Boston.
Mark: See you there.
Doug: Thanks, Mark.