Gaining Observability Across Your Devsecops Landscape Within AWS

Gaining observability across your DevSecOps landscape within AWS

Learn how to shift to an integrated approach – combining logs, metrics, and traces with security events to provide true, meaningful DevSecOps visibility.

Presenters will cover key points into how DevSecOps Mark Peters integration: Ambassador, DevOps Institute ○ Provides a unified view of observability through logs, metrics, traces to increase system resiliency ○ Reduces downtime, improves performance, and accelerates development cycles while ensuring security and compliance through understanding performance Chris Chapman ○ Improves mean time to repair (MTTR) while easing Partner Solutions Architect, AWS the debugging process with distributed local tracing ○ Can be easily integrated into your infrastructure with solutions in AWS Marketplace such as Elastic, Splunk, Sumo Logic, and Thundra Blanc Brothers

● First telegraph was optical, Semaphore communication base, based on flags ● First reported hack ○ 1834 – Francois and Joseph Blanc ○ Paris, to Tours, to Bordeaux ○ Injected symbol to reflect whether stock was up or down, Similar to SQL Injection ○ Copied via binoculars, human messenger ahead of post schedule ● Observability – Who is observing and when? ○ Time captured affects results, not quantum but Schroedinger’s cat-style ○ Understand the observability goals

The Skills Gap & How to Grow your Business 3 Practices and Outcomes

Flow Feedback Continuous Learning • Security Driven Development • Shift security left • Continual experimentation • Positive scenario • Shorten feedback • Indicator of • Negative scenario loops compromise • Shared on-call tasks • SIEM (Security • Product/feature teams • Data science Information and Event collaborate with security Management) • Share threat intel • Security Acceptance criteria • Indicator of Concern • Identify needed security • Establish policy feedback • Repetition of practices • Legacy codes • Current Scan status • Security Scaling • New implementations • Pipeline acceptance • Verification of • Improve collaboration • Fixed/Unfixed CVE continuous compliance 4 The Four DevOps Metrics

F= Events/Second

Code/Cycle

(Code/ feature) Cycles

Lead Time to Deployment Mean Time to Change Failure Change Frequency Recovery Rate The time it takes for Measure of how Mean time to Number of a bug fix, new frequently your team recovery is the deployments in feature or any deploys code average time that a which something other change to go device will take to goes wrong, out of from idea to recover from any the total number of deployment to failure deployments in any production given time

The Skills Gap & How to Grow your Business Managing Continuous Practices & Risk ● Continuous Monitoring ○ Automated metrics, set thresholds ● Continuous Security ○ Matching security to pipeline events ● Continuous Observability ○ Capable of transparency across activities

Monitoring, Observability and Security build through DAST, SAST, and RAST tools 6 Protection Metrics

1. Find the organizational ‘crown jewels’ • Understanding business value • Proprietary technical code • Secure practices • Elite employees 2. Identify exposure 3. Understand/Assign measurements • Tie telemetry to process • Automated processes to capture and report metrics

7 Advancing Measurement Practices

● How do you know? ● If true, what comes next? ● Are the premises true? ● Do conclusions follow premises? ● What arguments are needed for premises to be true? ● Compare apples to apples not oranges to elephants

● Dashboards do not equal awareness

8 Practicing Advancing Measurement: Lead Time to Change

● How long does it take to complete an action? ○ Story points ○ Stories/epic ○ Work in Progress ● Can you identify constraints? ○ How often do you think about value streaming change? ● Who built it? Assigning tasks? Why? ○ Do you measure complexity? ○ Manage team structures for assigned vs. complete ○ What are the parameters?

The Skills Gap & How to Grow your Business 9 More Advanced Measurement: Lead Time to Change

● Comparing different features over time ○ Priority scaling for tasks ○ Work assigned to teams/individuals ○ Team completion

● Security needs inclusion ○ Track how changes affect vulnerabilities ○ Impacts to code delivery timelines ○ Training time for security

The Skills Gap & How to Grow your Business 10 Manual vs automated

● Manual ○ Human-based, Usually labor-intensive ○ Verifies completion of desired task

● Automated ○ Machine based, possible ML ○ Large data volumes ○ Possible trust issues +

● Cooperative ○ Combine Automation & Human ○ Best of both options

The Skills Gap & How to Grow your Business Observable, Observing, Observability

● Observable: Functions designed to produce data in manipulatable formats ● Observing: The identification of persons or tools who interact with data at specified points ● Observability: The state of observing outputs from tools and functions

The Skills Gap & How to Grow your Business Open Policy Agent

● Open source, policy engine with high-level declarative language (Rego) ● Sidecar service to verify policies and configuration in: ○ Microservices ○ CI/CD Pipelines ○ API gateways ● Decouples decision-making from enforcement

The Skills Gap & How to Grow your Business Gaining observability across your DevSecOps landscape within AWS

Chris Chapman Partner Solutions Architect, AWS

Security

Master Account / Control Tower

Audit Account

Role Policy AWS Template Template CloudFormation

Role Policy

Amazon Logging Account CloudWatch Shared Services Account

AWS CloudTrail Template

BYOL Partner Cloud Role Policy

AWS Config

Security Account

Amazon Template GuardDuty Firehose -> HEC Role Policy

Amazon Pull Mod Input Route 53

Select

AWS Marketplace Seller Data7 AWS & AnalyticsCompetencies ISV Data1 AWS & CompetencyAnalytics ISV DevOps7 AWS CompetenciesISV Competency Competency Competency AWS Marketplace Seller DevOps ISV Competency DevOps ISV Competency

Security ISV Competency Security ISV Competency

Government ISV Containers ISV Competency Competency AWS Marketplace Seller IoT ISV Competency

Education ISV Experience

Cloud Management Tools ISV Competency

Pre-built SaaS AI-driven, real- Automated setup Manages solutions for time alerting and discovers AWS application health enterpriseSelect a partnership that hierarchy, by combining search, ensures complete configures data debugging with observability, and visibility no matter collection, and automated security, which where you are in installs out-of-the distributed tracing includes SIEM your DevOps box dashboards and security for and endpoint environment. and alerts for 9 serverless and capabilities. AWS services in containers. less than 15 minutes.

Results Click-and-drag workflows for SecOps “Protecting OLX • 10x+ increase in mission-critical data security event with Elastic Security coverage gives us and our • 30% expected customers the reduction in confidence that we security incident can enhance and response time expand our network • Reduced security of local trading toil platforms in a • PCI DSS secure compliant security environment.” coverage

Results Splunk Observability Suite • 1,000+ high Splunk APM reliability services Splunk Infrastructure delivered across Splunk RUM Monitoring 150k+ customers • 1.5M+ metrics/sec – 1,000+ of dashboards & detectors • 2,000 developers and SREs • Standard Terraform- Splunk Log Splunk On-Call based approach for Observer Observability-as- code “Splunk helps us improve customer experience and keeps our business humming by monitoring our cloud infrastructure, microservices and applications.” – Head of Engineering, Atlassian

Results “Sumo Logic’s AWS • 50% reduction in Observability alert noise Solution is providing • 7 AWS services the real-time consolidated into insights and single view intelligence across • More efficient root our platform to cause analysis operate at speed and scale, while protecting our customer data.”

- Jem Walters, Co- founder and CTO, Snoop

Results • 50% decrease in error rates • 60% decrease in MTTR • 50% decrease in function latency • 60% increase in application component response time • Effective cost prediction “Thundra’s platform is the missing piece of development tools, providing a fully immersive serverless development. ” – Antreas Pogiatzis, Software Engineer, Transforming Systems

Find, buy, and deploy solutions quicker Make more satisfying purchases

IT decision-makers (ITDMS) cut their ITDMS feel 2.4x better about time in half using AWS Marketplace purchasing using AWS Marketplace compared to other sources. compared to other sources.

*Amazon Web Services (AWS) Marketplace surveyed 500 IT decision-makers (ITDMs) and influencers across the U.S. to understand software usage, purchasing, consumption models, and compared savings.

Find Buy Deploy

A breadth of observability & Through flexible With multiple monitoring solutions: pricing options: deployment options:

Free trial SaaS Pay-as-you-go Amazon Machine Image (AMI) Budget alignment CloudFormation Template Bring Your Own License (BYOL) Containers Private Offers Amazon EKS/ Amazon ECS Billing consolidation AI / ML models Enterprise Discount Program AWS Data Exchange Private Marketplace AWS Control Tower

Implementing Identify key Create Don’t do it alone! observability metrics and continuous Choose partners increases concepts security practices that will bring organizational requiring based on skills and feedback. continuous developing expertise to help observability. Infrastructure as guide your Code. journey.

AWS Marketplace: aws.amazon.com/marketplace

AWS Control Tower SIEM Solutions

DevSecOps | AWS Marketplace (amazon.com)

Questions: [email protected]