This post originally appeared at

Last week, the whirlwind that was AWS re:Invent, touched down in Las Vegas. This year’s show was the biggest yet, with more than 18,000 people attending. Trend Micro was proud to be a diamond sponsor again and even prouder to win both “sponsor of the year” and “think big” award!

New Services

During the day one keynote, Andy Jassy, senior vice president at Amazon Web Services, announced several new services, all captured by Jeff Barr, chief evangelist at Amazon Web Services, in an extensive summary post. Here’s a quick summary of the three AWS new security services, all supported by Trend Micro as launch partner.


The new AWS WAF sits in front of your CloudFront distribution and provides the ability to block incoming HTTP/HTTPS requests based on source IP or HTTP header matching. This simple capability allows you to successfully block a lot of the most common web attacks. To learn more, watch the AWS breakout session on AWS WAF (SEC302) and read my detailed blog post “AWS WAF and Deep Security”.

Amazon Inspector

Amazon Inspector is an automated assessment service focused on security and compliance. It lets you do a short analysis of your EC2 instances and highlights common security and compliance issues that you should probably mitigate. There was a great breakout session on the new service (SEC324) and I’ve got more details in my post “Amazon Inspector and Deep Security”.

AWS Config Rules

The third security-focused service announcement isn’t a standalone service but a substantial new addition to an existing one. AWS Config Rules allow you to connect AWS Lambda functions to various configuration changes within your AWS account. This new feature set permits you to start reacting to configuration changes automatically and is the start of create an event-driven security practice. Learn more by watching the breakout session (SEC314) and by reading my post, “AWS Config Rules and Deep Security”.


The biggest challenge attending AWS re:Invent is trying to figure out which talks to attend. The schedule was chalk full of great sessions putting you in the tough position of having to decide between two (or more) engaging sessions. Fortunately, AWS posts all of the talks up on their YouTube channel shortly after the show. Almost all of the talks are already posted with more coming daily. Here are some security-related talks I highly recommend:
(DVO304) AWS CloudFormation Best Practices CloudFormation is at the heart of any AWS deployment. It provides the ability to define your entire deployment making it very easy to deploy with a single command. The service also allows you to rollback just as easily. This service is key to making a really elegant continuous deployment pipeline.
(ARC403) From One to Many: Evolving VPC Design VPCs are the foundation piece of your deployment. This talk does a great job of starting off simple and then stepping up the complexity in very manageable and understandable progressions.
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less Identity and Access Management (IAM) spans all of the AWS services. You must have a concrete understanding of IAM in order to be safe and successful in AWS. This talk is the shortcut to getting past the basics in IAM.
(SEC302) IAM Best Practices to Live By IAM is important enough that I’ve highlighted two talks on the subject. Listen to the best practices pulled together by AWS in order to avoid some headaches down the road.
(SEC318) AWS CloudTrail Deep Dive AWS CloudTrail is often overlooked in the security space. This service provides a verifiable log of almost all of the AWS API activities on your accounts regardless of how the API call was made (command line, SDK, 3rd party tool, etc.). This talk gets into the weeds of how this service operates and how to get the most out of it.
(SEC303) Architecting for End-to-End Security in the Enterprise A cross-service talk, this one does a great job of demonstrating how various AWS services fit together to give your a complete (or near complete) solution stack. This talk highlights how the pieces connect.
(SEC308) Wrangling Security Events in The Cloud With the technology stack in the AWS it’s a lot simpler to create a feedback loop of security events at scale. This talks shows you how to setup this structure and tie it into your incident response.
I would be remiss not to mention that Trend Micro also had two talks during the show:
(DVO206) Lessons from a CISO: How to Securely Scale Teams, Workloads, and Budgets In this talk, we hear the story of Infor and how they’ve dealt with the impact of moving to the AWS Cloud had on not just their operations, but also their teams and their budgeting process.
(DVO207) Defending Your Workloads Against The Next Zero-Day Attack Automation is at the heart of AWS and your security practice should take full advantage of this. This talk walks through how you can use operational techniques and real time controls in order to build a resilient deployment.

What’s Next?

On Friday, October 16 at 1:00pm ET, I’m hosting a webinar to walk through the new AWS security services, how you can use the other new services to increase your security, and some additional talks you should be watching from the show. We’ll do an extensive Q&A session during the webinar, ensuring you can ask any questions about the new services and other announcements from the show. As always, you can reach me on Twitter where I’m @marknca if you want to chat.


14:05h 16-Oct-2015, post-webinar

The question came up on the webinar today of where to find the re:Invent materials from AWS;

14:27h 16-Oct-2015, post-webinar

Just posted the slides from today’s webinar to SlideShare.