Going serverless: Security outside the box

The advent of serverless technologies and infrastructure as code has changed how we build and deploy security services, empowering teams to create low-cost, scalable, and secure services to protect organizations. Drawing on their real-world experiences, Jack Naglieri and Austin Byers explore tools and techniques for successfully building, deploying, and debugging serverless security applications.

Finding an attacker’s needle in an enterprise haystack is a daunting challenge that traditionally requires a large and highly specialized security team. Endpoints, networks, and applications must be instrumented, logs must be analyzed, alerts must be triaged, and all of the supporting infrastructure must be deployed and maintained. But how can you empower security teams to build and utilize complex infrastructure without a large team? Fortunately, with the growing popularity of cloud platforms (Amazon Web Services, Google Cloud, and others), security teams can now take advantage of the serverless application model to build capabilities such as intrusion detection and static analysis without maintaining a single server. Serverless microservices also include the benefits of low operational overhead and built-in security and scalability. Drawing on their real-world experiences, Jack Naglieri and Austin Byers explore tools and techniques for successfully building, deploying, and debugging serverless security applications. Jack and Austin walk you through tried-and-true techniques with AWS serverless offerings to create an extensible security services ecosystem, all while keeping a low cost. Along the way, they discuss serverless application development, design patterns, monitoring, reliability, interservice communication, and more and tie everything together with the concept of infrastructure as code, teaching you how to create and deploy fully managed and reproducible security service within minutes.