By Lynn Greiner

AWS RE:INVENT — “In security, the job is always growing,” Stephen Schmidt, vice president, security engineering and CISO at Amazon Web Services, told attendees during a session at the annual AWS re:Invent conference this week. “One of the most difficult things is understanding what is really important.”

The challenge for security staff and MSSPs, says Schmidt? Figuring out what to look at.

Yet despite this, AWS doesn’t have a traditional security operations center. Schmidt insists that by the time an incident hits SecOps, you’re too late. Instead, the company relies on automation to detect and remediate most attack attempts. AWS has a single on-call security engineer, rotated every four hours, who receives alerts when human intervention is required. At each handoff, the engineer passes on outstanding tickets detailing next steps and who is doing what. Each handoff must be acknowledged by the recipient.

Schmidt was bemused when the acknowledgements began to take the form of whimsical memes, until he realized that in the process the engineers were teaching each other what was important.

“People look forward to seeing the memes, so are super focused,” he said.

The security process is metrics-driven; every month Schmidt sits down with AWS CEO Andy Jassy to evaluate how well people are doing compared with expectations. (See Jassy’s announcements from Day 1 of re:Invent here.)

“Human error is rarely an acceptable root cause” for an incident, Schmidt says. “It’s a deficiency in tooling.” Every action is logged, and those logs examined to guide AWS’ developers toward the process that needs to be automated next.

“Automated remediation is the best thing to focus on,” he advised. “Save security engineers for high-judgement activities. Pick one thing and start to get you over the hump of automating. Automation keeps people happy.”

Security is a high enough priority to AWS and its customers that the company has announced a dedicated security conference, AWS re:Inforce, to be held in Boston, June 25 – 26, 2019.

Later, during his keynote, Jassy announced a new security service, AWS Security Hub, which provides a single panel of glass from which to view a customer’s complete AWS security and compliance status.

The Security Hub collects and aggregates data from native and third-party security tools it detects in the customer’s environment, such as vulnerability scan results from Amazon Inspector, intrusion detection data from Amazon GuardDuty, and information from Amazon Partner Network (APN) members’ tools.

Security Hub integrates with Amazon CloudWatch and AWS Lambda so customers can launch automated remediation. It also integrates with automation workflows and third-party tools. So far, 24 providers, including Alert Logic, Check Point, Cloud Custodian, F5, Fortinet, IBM, McAfee, Palo Alto Networks, Splunk, Sophos and Trend Micro, have built integrations, with more to come.

Jassy noted that a product like this works only in tandem with …

… a robust partner infrastructure.

“As a global tech solutions services company, we face a diverse set of security, privacy and compliance requirements,” said Scott Mackelprang, CSO at Asurion, in a statement. “AWS Security Hub helps us to quickly scan a dashboard and review our security and compliance posture in AWS. Using Security Hub, we can now quickly focus on problem areas that will improve our compliance state and more easily satisfy our audit requirements.”

AWS Security Hub is now available in preview.

Lynn Greiner is a freelance journalist specializing in information technology and business topics. She is also an IT professional, giving her real-world experience that allows her to cut through the hype and address topics that are relevant in the business world. Her articles have been published in both print and online publications, including itWorld Canada, Computer Dealer News, CIO.com, DevSource, Canadian Security, ACM netWorker, Security Matters, GlobeTechnology.com, Report on Business, the Financial Post, Canadian Technology and Business, InformIT, Computing Canada, and many others. Follow her on Twitter.