I spent the last week at AWS re:Invent 2019 in Las Vegas with over 65,000 other AWS users. This conference is always jammed packed with announcements and interesting discussions with people both inside and outside of my normal security bubble. Overall I really enjoy this conference even though it is ridiculously large and I spent over 6 hours on the shuttles this week going between the 3 campuses of the conference.
I was glad to see Amazon finally get serious about security that matters to both practitioners and audit teams. While Encrypted by Default only applies to their Nitro Enclaves at this point I hope this is the start of moving this principal to all of their services.
Here are some roughly organized notes and thoughts about some of the services that were launched or announced this week that I was impressed or really confused about.
General Cloud
- AWS Outpost
- It is a rack full of AWS equipment they install in your data center and then you manage it through the AWS console. It only costs $225,504.81 for the entry-level model.
- AWS Nitro Enclaves
- Nitro Enclaves enables you to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information.
- AWS ARM Processors
- Amazon is launching its own Arm-based processors. You have wonder if at least part of this isn’t to hopefully avoid future side-channel attacks.
- AWS Compute Optimizer
- You pay AWS to tell you how to pay AWS less or something.
- Ubuntu Pro
- This is a customized version of Ubuntu to run on EC2 that comes with LivePatch and will have preinstalled hooks into the AWS security hub soon. On the downside, it does cost $.03 an hour to run which will end up costing about $25 a month per instance.
- This is a customized version of Ubuntu to run on EC2 that comes with LivePatch and will have preinstalled hooks into the AWS security hub soon. On the downside, it does cost $.03 an hour to run which will end up costing about $25 a month per instance.
Security
- Amazon Detective
- I think this is a SIEM? I really don’t know.
- Amazon Fraud Detector
- I am *super excited* about this offering. Fake accounts and purchases are a huge deal for security teams and if they can do what they are promising this could be game-changing.
- CloudTrail Application Anomaly Detection
- Here is a new tool from my friend Will Bengtson which is a simple CloudTrail based anomaly detection for use in AWS.
- IAM Access Analyzer
- A long-overdue tool to help control access and permissions to your AWS services and resource.
Machine Learning
- Amazon SageMaker Studio
- An IDE for SageMaker to help train your models.
- SageMaker Autopilot
- Data science for people who don’t understand data science.
¯\_(ツ)_/¯
- Amazon CodeGuru
- It is a super expensive linter that only does JAVA.
- Amazon Builders Library
- White papers on how Amazon tackled some of their biggest technical issues.
- Amazon Kendra
- It is Google but by Amazon?
- AWS DeepComposer
- It is a $99 keyboard that uses machine learning. I am guessing a SageMaker Autopilot model told someone this was a good idea.
General & Uncategorized Thoughts
- Amazon did a better job of not over-promising this year.
- All most everything they announced was in general availability or public preview.
- Blackberry QNX and Karma have built an amazing connected car platform.
- The builders’ fair projects were amazing this year.
- Firecracker VMs look promising.
