Confirm and Proceed
View More
View Less
System Message
An unknown error has occurred and your request could not be completed. Please contact support.
Reserved - Scan in at least 10 minutes before the beginning of the session.
This has been added to your Planner. Please note: This is not a reserved seat.
Waitlisted - You may be assigned a reserved seat if one becomes available.

Please be sure to check the session schedule for any repeats of this session. In order to search for repeats of this session, please type the Session ID into the search bar at the top of the page.
Personal Calendar
Conference Event
There aren't any available sessions at this time.
Conflict Found
This session is already scheduled at another time. Would you like to...
Please enter a maximum of {0} characters.
{0} remaining of {1} character maximum.
Please enter a maximum of {0} words.
{0} remaining of {1} word maximum.
must be 50 characters or less.
must be 40 characters or less.
Session Summary
We were unable to load the map image.
This has not yet been assigned to a map.
Search Catalog
Replies ()
New Post
Microblog Thread
Post Reply
Your session timed out.
Meeting Summary

SEC337-R - [REPEAT] Build a Vulnerability Management Program Using AWS for AWS

Session Description

AWS provides you with the capabilities to track and maintain visibility into your AWS resources, configure and harden them according to custom and popular security standards such as CIS, detect vulnerabilities or deviation from state and automatically restore them to a secure state or apply patches.

In this workshop we start by guiding you through tagging your resources and maintaining an asset inventory for visibility and governance purposes with AWS SSM Inventory Manager and Tags. We then build an AMI baking pipeline, harden the AMI with AWS SSM and install the Amazon Inspector agent. Within the pipeline we look for vulnerabilities and apply patches before promoting the AMI for use by an application.

Next we construct a continuous detection framework to detect change in state of security or detection of highly critical vulnerabilities using Amazon Inspector, AWS SSM and AWS Config. We then build automation to rehydrate a production environment with a patched AMI using AWS SSM. Finally for the security analyst we develop reports for compliance purposes. For more advanced users we provide use cases using other AWS services including OpsWorks, Macie and Service Catalog.

Session Speakers
Additional Information
Security, Identity, and Compliance
300 - Advanced
Please note that session information is subject to change.
Session Schedule