Do you know what is internet accessible in your AWS environments? The answer and methodology of how you arrive at the answer may be the difference between missing critical exposures and complete situational awareness. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of tools, techniques, and internet scanners can't find them. Let us show you how to find them and what it means for the future of unwanted exposures. A comprehensive asset inventory is step one to any capable security program. What does having an accurate inventory mean to an AWS administrator and ongoing security engineering effort?

Our approach involves leveraging AWS security services and metadata to translate the raw configuration into patterns of targetable services that a security team can utilize for further analysis.

In this presentation we will look at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox Cosmos (previously CAST) Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Key Takeaways:

• Learn how to continuously maintain an inventory of AWS services and understand their internet-exposures
• Discover how to leverage automation from AWS Access Analyzer and a freely available open source tool from Bishop Fox to operationalize exposure testing
• See practical demonstrations of how engineering and security teams can determine impact of their security group configurations