What do you do when leadership embraces what was called "shadow IT" as the new path forward? How do you onboard new accounts while simultaneously pushing policy to secure all existing accounts? This session walks through Cisco’s journey consolidating over 700 existing accounts in the Cisco organization, while building and applying Cisco’s new cloud policies. Learn valuable tips and hear about mechanisms used to automate the process. Gain insight into how Cisco integrates AWS’s security and monitoring with Cisco’s enterprise tools, Cisco SSO integration and continuous security auditability on Cisco’s AWS account, and Cisco’s CI/CD pipelines with AWS to ensure secure development.
12. CSB Guardrail Validation (Audit): Automation
Runs every 24 hours across all Cisco AWS
accounts
table
Dynamo DB
Security
Assessment
Results
Amazon API
Gateway
AWS
Lambda
Security
Audit Scripts
Cross-Account
Security Audit
Role
Cisco AWS Tenant
Accounts
Risk Management
System (Jira)Nightly Reports
email
Real-time
Integration [WIP]
queue
Amazon
SQS
Cisco CSB Audit Account
13. Security Logging and Monitoring: Automation
Amazon
Kinesis
Cisco AWS Tenant Account
ELB
Logs*
VPC
Logs*
CloudTrail
Logs
Log BucketCloudWatch
Notifications from AWS security team
Log Bucket
Cisco security
investigator
Cisco CSIRT Account
(Cisco Security Incident Response Team)
Security Logs
Security
Plays
Exposure of insecure
services
Insecure authentication
Log cessation or
modification
Permissive network
ingress
Privileged account
compromise
*WIP
14. External Vulnerability Scan: Automation
Qualys Cloud
(Cisco Enterprise Account)
Cisco
Tenant-1
Cisco
Tenant-2
Cisco
Tenant-3
4. Vulnerability
Scan
1. Surface Identification: Identify
all external exposed EC2 instances
across all Cisco accounts
2. Notify AWS
(current via email)
3. Initiate Scan: Initiate
Qualys scan for external
AWS Cisco IP Addresses
5. Vulnerability Results
1
2
3
4
5
Automated nightly
scans
Vulnerabilities,
summarized and
reported to the
respective teams
CSB
15. AWS Security Risk Report Card
Overall Risk Score:
Security Metrics
Section Section Score
1. Identity and Access Management - 75.6/100
2. Network Security - 80/100
3. Storage (S3 buckets) - 100/100
4. Tagging - 90/100
5. External Vulnerabilities (Qualys) - 90/100
6. CIS AWS Benchmarks - 80/100
7. Trusted Advisor Checks - Not Scored
A B C D E F
16. • Consolidation of IAM users via SSO integration
• Identification and remediation of insecure S3 buckets
• Risk reporting (and grading) helps get attention and remediation
• Monitoring and vulnerability management capability extends to
cloud
• Tagging helps to improve attribution
• CSB seamlessly scale to 100s of AWS accounts
Benefits and Lessons Learned
17. • Identify your security guardrails
• Critical elements of security based on the enterprise needs
• Automate security in AWS cloud
• Scalability, speed, and lower cost
• Constantly evolve security automation and metrics
• Changing threat landscape, business needs
Summary