How to Become and Stay AWS Well Architected in a Smart Way

Summary

The AWS Well-Architected Framework is instrumental as a best practice for all companies on AWS. Especially so for ISV Partners to AWS. Now from 2021 onwards, ISVs need to be compliant with the Well-Architected Framework to be and stay an AWS Partner.

Becoming and staying Well Architected can be very challenging in practice. And security is often the most challenging part.

The good thing is that automated tooling can do a major part of the work for you. Let securiCAD do the key “heavy lifting” analyses required in the Well Architected Framework. Get continuous insights on your security posture, key risks and mitigation actions, improving security where it really counts.

Cloud Security and AWS Well Architected

The AWS Well Architected Framework is a is a best practice for all companies on AWS. It “helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time”.

From 2021 onwards, Well Architected is now also a specific requirement in the AWS ISV Partner Path, for all businesses that provide software solutions that run on or are integrated with AWS.

Security is often the most challenging part. The Security Pillar takes starting point in security foundations with how to Operating Your Workload Securely. This includes: To identify and prioritize risks using threat models. To identify and validate control objectives based on requirements and risks identified in the threat models. And to automate testing and validation of security controls in pipelines. Based on the security foundations, the framework then dives into ten different areas with a number of requirements in each area. In short, this is major and challenging work for most organizations.

The good thing is that automated threat modeling and attack simulations with securiCAD can do a major part of the work for you.

Automated Threat Modelling and Attack Simulations for AWS

Becoming AWS Well Architected is indeed a long list of work. And continuously staying Well Architected is even tougher. Good thing that automated tooling is here to help you!

securiCAD is a leading tool that conducts automated threat modeling and attack simulations on IT architectures. It is regarded as as one of the major innovations in cloud security. securiCAD enables users to leverage AI-based predictive cyber attack simulations to cut through analysis complexity, gain key insights, and take proactive actions where it really matters, automatically.

Let’s look at some examples on how securiCAD helps in becoming Well Architected:

1. AWS Requirement : “Identify and prioritize risks using a threat model: Use a threat model to identify and maintain an up-to-date register of potential threats. Prioritize your threats and adapt your security controls to prevent, detect, and respond. Revisit and maintain this in the context of the evolving security landscape.”

securiCAD does this for you. This requirement is a foundation in the AWS Well Architected. A foundation that also guides a number of the other requirements. Without securiCAD, this is a very manual process. Doing this manually is very time consuming and requires deep expertise and complex analyses. In larger environments, it is most often not even possible for the human brain to conduct the analyses at a meaningful level of detail. securiCAD does this work for you. Automated! 

2. AWS Requirement: “Identify and validate control objectives: Based on your compliance requirements and risks identified from your threat model, derive and validate the control objectives and controls that you need to apply to your workload. Ongoing validation of control objectives and controls help you measure the effectiveness of risk mitigation.”

– securiCAD does the vast majority work for you. securiCAD provides you with insights on key risks and derives what measures and controls you need to apply to your workloads to reduce risks to acceptable levels. It measures the effectiveness of the risk mitigations. And enables you to track your risk posture over time.

3. AWS Requirement: “Automate testing and validation of security controls in pipelines: Establish secure baselines and templates for security mechanisms that are tested and validated as part of your build, pipelines, and processes. Use tools and automation to test and validate all security controls continuously.”

– securiCAD does this work for you. securiCAD can continuously and test your security posture, and it can easily be integrated in your CI/CD pipelines; automatically generating digital twins of your environments, simulating attacks, and providing actionable insights on the security risk posture, the key risks, the weak links, and what security controls and actions provide the best effect in reducing risk levels.

For a personal meeting and demo, do not hesitate to reach out to us!

The examples above are some core examples of what securiCAD help you with. But the list is much longer. In our recent webinar on AWS Well Architected, Paul Ahlgren from AWS describes what it takes to Operate Workloads Securely with Best Practices of AWS Well-Architected Framework, and Erik Ringdahl from foreseeti shows how to leverage foreseeti’s securiCAD tool and AWS Security Solutions to adhere to the Framework.

For more information on how securiCAD works and how to operate securiCAD Vanguard and Enterprise for AWS, see www.foreseeti.com.

Capability PROFESSIONAL VANGUARD ENTERPRISE
Automated model generation

SDK/APIs

Manual model creation & editing

Attack Simulations

Risk levels, Attack Paths & Chokepoints

Threat Summary & Suggested Mitigations

Multiple attack scenarios & comparisons

Advanced Analysis, Reporting & Progress tracking

Multiple projects and models

Multiple Environments (On-prem, cloud, custom)

Multi-user collaboration

Capability VANGUARD ENTERPRISE
Automated model generation

SDK/APIs

Manual model creation & editing

Attack Simulations

Risk levels, Attack Paths & Chokepoints

Threat Summary & Suggested Mitigations

Multiple attack scenarios & comparisons

Advanced Analysis, Reporting & Progress tracking

Multiple projects and models

Multiple Environments (On-prem, cloud, custom)

Multi-user collaboration

WEBINAR NOVEMBER 19TH 17:00-18:30 CET

Automate Cyber Security in Cloud and DevOps Environments

We warmly welcome You to this webinar where our experts present leading security trends in using open-source software, hacker-powered knowledge, and attack simulations – automated in your pipelines!

detectify_outlined_logo_RBG
cropped-Debricked_LogoTransparentwhite (1)