Join the Center for Internet Security at AWS re:Invent 2021

This year, Amazon Web Services (AWS) returns to hosting its cloud computing conference, AWS re:Invent 2021, in person. Cloud professionals from around the globe will gather in Las Vegas to learn the latest news in AWS cloud computing. The five-day conference is packed with sessions on containers, DevOps, end user computing, IoT, and much more.

The Center for Internet Security (CIS) is a proud sponsor of AWS re:Invent, which will be held November 29 – December 3. Find us at Booth #732 on the Expo Floor at The Venetian. Not only is CIS sponsoring the event, but we’ve also highlighted several must-see sessions that leverage our best practices.

AWS re:Invent 2021 Essential Sessions

Workshop | WPS203 – Simplifying compliance with AWS GovCloud (US)

Tuesday, November 30 | 5:00 – 7:15 P.M.

AWS GovCloud (US) gives customers the flexibility to architect secure cloud workloads that comply with some of the strictest U.S. compliance regulations. From Controlled Unclassified Information (CUI), personally identifiable information (PII), sensitive patient medical records, and financial data to law enforcement data and export-controlled data, AWS GovCloud (US) can help address some of the most stringent security and compliance requirements. Join this workshop to dive into the basics of how AWS and AWS GovCloud (US) Regions can help address these stringent security, compliance, and governance requirements.

Furthermore, CIS offers CIS Hardened Images, pre-hardened virtual machine (VM) images, a trusted resource to help secure cloud workloads on AWS Cloud in the AWS GovCloud (US) Region. They’re available for Windows and Linux operating systems.

See full list of CIS Hardened Images on AWS Cloud – Free trials available

Chalk Talk | SEC312 – Develop a strategy for automated remediation and response

Wednesday, December 1 | 12:15 – 1:15 P.M.

In this chalk talk, you’ll consider a framework to use with AWS Security Hub to determine which findings should be auto-remediated. For example, the CIS AWS Foundations Benchmark is available within AWS Security Hub. This framework provides recommendations to securely configure your AWS account. It covers actions like identity and access management, networking, and more.

This session will explore whether a remediation is a destructive action and how to tag findings to automate these decisions. When auto-remediation isn’t appropriate or should include approvals, learn how to auto-respond to findings. You’ll learn how to enrich these findings with assignee information based on resource tags; you can then use that assignee information in email, Slack, or ticket notifications.

Chalk Talk | SEC305 – Automate vulnerability management with Amazon Inspector

Thursday, December 2 | 11:30 A.M. – 12:30 P.M.

Amazon Inspector is a vulnerability management service that scans AWS workloads for software vulnerabilities and unintended network exposure. In this chalk talk, learn how to get the most out of Amazon Inspector. This includes how to prioritize the most critical vulnerabilities to help increase remediation response efficiency.

Windows and Linux users can apply the knowledge from this session and run assessments to check the configurations of their Amazon EC2 instances against CIS Benchmarks. The findings within the Amazon Inspector assessment will detail the steps needed to remediate vulnerabilities.

From the CIS Booth: New CIS AWS Resources to Secure Cloud Workloads

Foundational Security for AWS

CIS Benchmarks are a set of prescriptive guides to help organizations securely configure a variety of technologies. They cover more than 25 vendor product families, helping to safeguard systems against today’s evolving cyber threats. Because of CIS’s deep partnership with AWS, CIS Benchmarks are integrated with several AWS services:

  • AWS Audit Manager
  • AWS Config
  • AWS Inspector
  • AWS Security Hub

These integrations allow AWS customers to audit and test the security of their AWS environments against CIS Benchmarks. Within these four AWS services, cloud consumers will find the CIS AWS Foundations Benchmark and CIS Benchmarks for various operating systems.

AWS Graviton2

At AWS re:Invent 2021, stop by our booth to learn how to implement the latest cloud security resources and provide feedback to the CIS team. First, CIS built two CIS Hardened Images on AWS Graviton2 processors. In addition to the compliance they offer to CIS Benchmarks standards, they also deliver 40% better price performance compared to current generation x86-based instances.

DISA STIG Compliance

For organizations and industries that require compliance to DISA Security Technical Implementation Guides (STIGs), CIS has created four Benchmarks. These are also available as pre-configured CIS Hardened Images in AWS Marketplace. Notably, CIS recently released a new hardened VM secured to STIG standards for Microsoft Windows Server 2019. STIG Benchmarks and CIS Hardened Images are also available for:

  • Amazon Linux 2
  • Microsoft Windows Server 2016
  • Red Hat Enterprise Linux 7
  • Ubuntu Linux 20.04

The team plans to release additional STIG Benchmarks and VMs for Apple macOS 11 and Red Hat Enterprise Linux 8 in the coming months.

These are just a few of the many cloud security resources that CIS provides. Stop by Booth #732 at AWS re:Invent 2021 to learn how you can incorporate CIS cloud security resources into your cybersecurity program.