AWS Summit SF 2022 - Amazon Neptune: Using graphs to gain security insights (DAT206)

AWS Summit SF 2022 - Amazon Neptune: Using graphs to gain security insights (DAT206)

AWS Summit SF 2022 - Amazon Neptune: Using graphs to gain security insights (DAT206)

Security is a complex domain because it has many layers to understand and vectors to consider. Graphs simplify the navigation of relationships between different assets and layers protecting them, revealing security insights. Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications. This session reviews Neptune key benefits and shares examples and techniques for using graph-based approaches to gain security insights. Ami Luttwak, CTO and co-founder of Wiz, shares how Wiz uses Neptune to power their cloud security solution, which provides a comprehensive risk assessment across an organization’s entire security stack.

Learn more about AWS Summits at https://go.aws/3zwaA9T.

Subscribe:
More AWS videos http://bit.ly/2O3zS75
More AWS events videos http://bit.ly/316g9t4

ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.

AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.

#AWSSFSummit2022 #AWSSummit #AWSAMERSummit #AWS #AmazonWebServices #CloudComputing


Content

0 -> (bright music)
8.67 -> I'm Brad Bebee.
9.74 -> I'm the general manager for the
11.51 -> Amazon Neptune service at AWS
14.14 -> and I'm very excited today to be joined by Dave Beckberger
18.09 -> who's a senior graph architect on the Neptune team,
21.13 -> and later he's gonna show you a demo
22.69 -> about how to use a security graph and build one.
25.28 -> And also a special treat.
27.1 -> We have Ami Luttwak, who's the CTO and co-founder of Wiz
31.5 -> who's an AWS partner and also an Amazon Neptune customer.
35.28 -> And they're gonna be talking about how they're using a graph
37.76 -> to do some really exciting things in the security space.
42.73 -> Before we get started,
43.86 -> I wanted to get a sense of the experience of the audience.
47.75 -> Can you raise your hand if you're building
49.99 -> or using security applications today?
54.72 -> Okay.
56.19 -> How about folks that are using a graph
58.86 -> in some form of graph database,
60.83 -> different kinds of graph analytics?
63.17 -> Okay, a couple, good to see you as well.
66.851 -> And then anybody using Amazon Neptune?
72.38 -> Fantastic.
73.46 -> Okay.
77.03 -> Customers are excited about graphs.
81.19 -> I was involved with Neptune
82.63 -> since it was announced as a preview at re:Invent,
86.94 -> and over time,
87.773 -> what we've seen is that customers continue to use
91.07 -> more of the relationships in their data
93.68 -> to gain insights and apply them to business problems.
96.95 -> And this is increasing year over year.
100.66 -> There are lots of different use cases for graphs,
104.23 -> but the ones that we're seeing the most traction in
107.04 -> are using graphs to detect fraud,
110.11 -> using graphs to resolve identities
113.01 -> or for Customer 360 type applications,
116.8 -> and using graphs to organize information
119.61 -> often known as knowledge graphs.
123.08 -> But the reason that we're here today talking
125.57 -> is that we're increasingly seeing another use case
129.1 -> and that's security graphs.
130.71 -> And so using graphs models to help people
134.46 -> to solve, use relationships in their data,
137.1 -> to solve security challenges.
140.19 -> Graphs and security is really a classic kind of application
143.51 -> that's been used for a very long time.
145.74 -> But I think what's changing today is that
148.73 -> the ability to use graphs
150.94 -> and use graphs as a managed service
153.34 -> has made it faster and easier for customers to do so.
156.8 -> So, security graphs are no longer the domain
159.75 -> of very large enterprises or particular government agencies,
163.63 -> but they can be applied much more easily.
168.87 -> For a quick background, graphs are a data structure.
174.84 -> They consist of nodes and edges,
177.06 -> or vertices and links.
178.92 -> Nodes represent your entities
181.08 -> and the links represent relationships between them.
184.89 -> Graph databases can efficiently store and process
189.23 -> data that's in a graph data model.
196.41 -> Many of us have been in a conference room with a whiteboard
200.3 -> and we've been trying to collaboratively solve a problem.
203.94 -> And often what happens is you start writing the things
207.02 -> that are important on the board
208.65 -> and you write something else
210.09 -> and then you make a connection to it.
212.12 -> And all of a sudden you've sort of, without knowing it,
214.7 -> you've built a graph model.
217.13 -> And then in many cases
218.04 -> you go put it in a relational database.
220.087 -> And we can talk about that later.
223.1 -> But in the security domain,
224.75 -> it's pretty easy to see how you can think of it as a graph.
229.52 -> If you look at the example here, you can see a user,
232.18 -> we see things that a user interacts with file systems,
236.05 -> computer network devices.
238.36 -> And so, when we have this kind of connected structure,
242.18 -> a graph data model makes a lot of sense to represent it.
245.83 -> And here's an example of what this sort of conceptual model
250.18 -> would look like as a graph model.
252.63 -> You can see that the devices become nodes.
256.03 -> These things have properties.
257.34 -> So I can assign things like IP addresses,
259.81 -> or Mac addresses or domain names.
262.58 -> And I can relate them.
263.59 -> I can relate them either via networks, or usage,
266.24 -> different relationships,
267.81 -> and those relationships themselves can have properties.
272.05 -> So it's a very natural to take a security model
275.5 -> and apply it as a graph.
280.22 -> And it turns out that when you
283.25 -> look at graphs in the security domain,
286.8 -> there's a lot of different problems
288.41 -> that you can solve relatively easily.
292.16 -> If you build a graph of your resources in the cloud,
296.32 -> you can start to query them
297.84 -> and try and understand which ones may have vulnerabilities
301.08 -> or where are their places
302.77 -> that you can improve the security.
305.1 -> If you look at how network flows
307.77 -> happen across boundaries, or between devices,
310.52 -> you can use that to detect ex filtration
312.68 -> or other kinds of data flows that you don't want.
315.98 -> And so on and so forth, identity and access management,
318.86 -> supply chain security, digital forensics.
321.787 -> "Where did this file come from?
323.57 -> I see this file hash, where else was it in my network?"
326.73 -> Those kinds of problems are much easier to look at
330.04 -> from a graph perspective.
334.27 -> There's also some challenges.
337.07 -> One of the challenges is understanding
340.4 -> which of the relationships
341.84 -> in your security graphs are important.
344.8 -> Everything's connected.
346.4 -> Which are the connections that you should pay attention to?
350.37 -> Which are the things where the absence of a connection
353.92 -> should be alerting you to something itself?
356.32 -> And so, that's one of the challenges.
358.94 -> Another challenge is that even for a small organization
363.47 -> these graphs can get large very quickly.
366.12 -> And when you think about
367.07 -> medium size enterprises and even larger,
370.61 -> you have to be able to store and manage and query
373.76 -> billions or even trillions of relationships
376.84 -> quickly and efficiently to be able to
380.27 -> solve these problems.
382.69 -> And finally, like many domains, the security space,
387.75 -> it's important to respect various
389.71 -> different legal protections, privacy protections,
393.14 -> local government regulations.
394.88 -> And so you need to make sure that you have
396.8 -> the right infrastructure to ensure
398.5 -> confidentiality and integrity in place
401.06 -> when you process this data.
405.86 -> Here's a hypothetical example about a security graph
410.17 -> and how it might flow.
412.77 -> If you look on your left,
413.8 -> you can see that there's a lot of different assets
415.92 -> that you might have in your organization or your company.
418.64 -> You have devices,
419.71 -> you have applications that are people using.
422.17 -> these are all producing various different kinds of metadata
424.96 -> they have different log files,
427.36 -> and you probably store that in something like a data lake.
430.08 -> Hopefully it's something like Amazon S3.
433.15 -> And once you have that data there,
435.31 -> you can process it to put it into a format
438.39 -> that you can look at as a graph.
440 -> Now, sometimes that means normalizing the data.
443 -> Sometimes it's other kinds of ETL things.
445.4 -> There's a number of different tools
446.52 -> that you can use to do that.
449.02 -> So to the middle step,
450.35 -> here we have an example of identity resolution,
453.18 -> but you often want to apply different kinds
455.81 -> of data analytics to the data
458.32 -> to help make it easier to process.
459.87 -> So, these can be things like normalizing,
463.35 -> different kinds of device identifiers,
465.5 -> or if you're dealing with biographic or personal data,
468.35 -> trying to identify which identities
470.77 -> represent the same people in the real world,
472.91 -> but they're important processing steps
474.78 -> to improve the quality of your graph application.
478.58 -> And then finally you wanna store it
481.36 -> and you wanna be able to store the graph
483.53 -> in a place where you can query it and access it
486.5 -> quickly and effectively.
492.16 -> So why would you use a graph database service
495.21 -> to store a security graph?
497.19 -> You certainly could use a relational database
500.05 -> or a key value store,
502.2 -> but you find there's a couple of different challenges.
504.88 -> The kinds of questions that you want to ask,
508.297 -> "Why is this the device connected to this device?
511.14 -> What are the vulnerabilities on there?"
513.22 -> are effectively traversals.
515.48 -> And to implement those in a SQL based system
518.93 -> means that you need to do a number of different joins.
522.85 -> Joint processing means that the SQL statements
525.68 -> are difficult to write and error prone,
528.91 -> and they're often also slow to execute
532.57 -> because relational databases aren't optimized
535.85 -> for the kinds of graph query patterns
538.24 -> and workloads that you see.
540.31 -> You can also use key value stores
542.45 -> and you encounter a similar challenge.
544.7 -> The look up on a key value is very fast
546.69 -> if you're looking up a particular point.
548.97 -> But if you need to do traversals across
551.25 -> or do joint processing,
552.93 -> it becomes very expensive because of
554.62 -> the network effects that you get to do that.
558.6 -> You could also choose to do a self-managed solution.
561.95 -> This can be a great option to get started,
564.03 -> but as you grow and expand,
566.65 -> it can become expensive and difficult to operate.
569.38 -> A lot of organizations don't have the expertise
572 -> to tune graph systems.
575.06 -> And finally, these graphs will grow and shrink over time.
578.61 -> So you wanna be able to scale your system up
581.15 -> quickly and effectively.
585.72 -> Amazon Neptune is a fast,
588.38 -> fully managed graph database service.
591.02 -> Being fully managed means you don't have to worry about
593.24 -> provisioning hardware or provisioning instances.
597.19 -> You can scale up and down and you only pay
599.57 -> for the resources that you use.
602.39 -> The core of Neptune is a purpose-built engine
606.56 -> that's optimized for graph processing,
609.61 -> it's durable and acid and provides immediate consistency
612.887 -> and it provides millisecond querying over billions of edges.
618.78 -> It also gives you as a developer,
621.3 -> the most choice of graph query languages,
624.85 -> Amazon Neptune supports the property graph
627.24 -> and the RDF graph models,
628.99 -> and we support the choices
630.24 -> of the OpenCypher query language
632.22 -> which is now generally available as of today.
635.77 -> The Apache TinkerPop Gremlin language,
637.5 -> which is an open source project for property graphs,
640.31 -> and the RDF SPARQL language.
645.28 -> You can see, we have a number of customers,
647.15 -> thousands of customers have built applications
649.127 -> and are running them on Neptune
651.36 -> and would encourage you to take a look
652.81 -> if you're interested in more.
654.32 -> And now I'm gonna get off the stage
655.68 -> and let you see Dave's demo.
657.48 -> Thank you.
660.9 -> Thank you, Brad.
661.733 -> Thank you for that great background
664.38 -> on security graphs and security
667.72 -> and the business challenges that people
670.95 -> are working with today
672.34 -> in order to get this up and running at scale.
676.25 -> So, for the demo I had to show you today,
680.11 -> we wanted to look at a couple of things.
682.9 -> What we're gonna be specifically showing here
684.87 -> is a cloud security demo.
686.92 -> So that cloud security demo
688.73 -> is going to show a couple of different things.
691.35 -> It's going to show,
692.45 -> we're gonna first start off and look a little bit
694.1 -> at what your resource,
695.7 -> your AWS resources look like as a graph.
698.54 -> So when you think about your AWS resources, excuse me,
701.95 -> you have things like key pairs, IAM roles, policies,
706.43 -> EC2 instances, security groups, things like that.
710.01 -> All of these represent entities.
711.98 -> These are all, you know,
712.813 -> physical things inside or assets inside of your network
715.92 -> and these things are all connected in various ways.
717.957 -> And we start to look at how these things are connected
720.48 -> we start to build out this graph,
722.467 -> and this graph can then be used
724.13 -> to help drive some specific insights
726.16 -> around what it is that you're doing
728.81 -> and how your network is set up.
730.01 -> Potential vulnerabilities, threat vectors,
733.89 -> exposure levels, things like that,
735.43 -> that people may be interested in when you're looking at
738.54 -> a security graph application for your cloud.
741.36 -> So let's just start off here,
742.95 -> and we'll, let's start by just taking a look
745.1 -> at what this account looks like.
748.45 -> So what we're looking at here
749.73 -> is this is what we call Neptune Notebooks.
751.97 -> This is the ID environment that we provide
754.9 -> for Amazon Neptune.
756.77 -> It is a open source package
759.01 -> that runs on top of Jupyter Notebooks,
761.58 -> if you're familiar with those?
762.85 -> So you can install this and it provides basically
765.49 -> a set of, called Jupyter magics,
768.57 -> which are basically commands that you can run inside there
771.61 -> that allow you to easily interact with Neptune.
773.85 -> And you can do this,
774.81 -> a couple of specific things you can do here.
776.9 -> You can run the different queries,
779.07 -> it's where we allow you to run queries, see the results,
782.4 -> and you can see the results in a couple of different ways.
784.58 -> What we're looking at right now is the tabular result
787.53 -> where you can also see the raw JSON value
789.86 -> that comes back from this,
791.42 -> as well as the one that really starts
793.18 -> to show a lot of this aspect of graph,
795.91 -> which is the network connectedness aspect of this.
799.66 -> So what we can see here is, you know,
802.12 -> we're looking at this graph of our AWS resources,
804.61 -> and this is a very small graph.
805.91 -> This, you know,
807.11 -> I'm sure most of the accounts that you all are working in
809.93 -> have many, many times or hundreds of times
812.27 -> the number of assets we're showing here,
814.43 -> but this demo is just kind of showing a smaller account
817.89 -> and how all of those,
819.26 -> even in the relatively small number of assets,
821.56 -> how all of these connections start to really build out
824.97 -> this web of networks of a network sort of aspect
829.26 -> that you want to be able to see,
831.1 -> and be able to kind of use
833.14 -> for your security graph application.
837.39 -> What you're also seeing here, beyond just the visualization,
840.08 -> is, as Brad mentioned,
842.19 -> the query language you're seeing here,
843.45 -> this is the OpenCypher query language.
845.77 -> As Brad mentioned, it went GA today,
848.78 -> but this is one of purpose-built
850.81 -> graph query languages out there that really
853.44 -> is very efficient at being able to
855.1 -> match patterns inside your data.
856.74 -> So you can kind of write a declarative statement of,
859.527 -> "I want to find everything in my data that looks like this,"
862.59 -> and this will let you do it.
864 -> I'm not gonna go into the specifics too much of cipher here,
866.43 -> but just so you can kind of understand
868.67 -> what you're looking at.
869.7 -> Anytime you see the parentheses,
871.48 -> that's representing an entity or a node inside your graph.
874.6 -> The little, the dashes and the lines,
876.22 -> represent the connections between things
878.11 -> and anything in brackets is representing the edges,
881.507 -> the specific named edges that you're trying to do.
884.19 -> So in this case,
885.023 -> I'm trying to find everything
886.97 -> that's connected to anything else.
888.45 -> So this is sort of the fetch the world time query.
892.09 -> Works on a small graph,
893.13 -> not something you necessarily want to run
894.57 -> if you have billions of billions of entities,
896.18 -> unless you wanna, you know,
897.74 -> see a big ball of spaghetti on the screen here.
901.55 -> So, you know, with that,
903.34 -> what is it that you're able to actually do
905.25 -> with this information?
906.74 -> Well, one thing that often people want to do
909.08 -> with a security graph,
910.57 -> especially when looking at it
911.46 -> from a cloud security perspective,
913.44 -> is you wanna start looking for vulnerabilities.
915.69 -> You know, maybe you wanna find out
917 -> which resources are insecure,
919.34 -> and have you configured insecurely or incorrectly
921.6 -> inside of your AWS account?
924.59 -> And a really common way that you see people
926.94 -> do this accidentally is they create policies,
929.7 -> IAM policies that are too permissive
931.94 -> for the sorts of things here.
933.59 -> So in this case what we're showing is,
936.51 -> I wanted to find the insecure policies in my thing.
938.57 -> And I did that through two ways.
939.77 -> I first found anyone's that had administrator access.
942.49 -> You know, the blanket administrator access policy
944.36 -> that comes with every AWS account.
946.54 -> I wanna see what's using that.
947.81 -> And then the other one I'm looking at is
950.16 -> I wanna see any policies that were created by somebody
952.91 -> that has a star in it.
954.26 -> You know, the very common use case of
956.63 -> don't put stars in your IAM policies.
959 -> I wanna see if anybody,
960.05 -> if anything in this account actually has.
962 -> So if I go here and I run this,
964.79 -> you'll see I'm able to find that information
967.13 -> almost instantaneously.
968.94 -> And when I view the graph, what I can see is, excuse me,
973.56 -> I havEC2 different policies here then.
975.37 -> I have the administrator access policy,
976.89 -> which we kind of expected,
978.86 -> as well as somebody went and created an open S3 policy,
982.63 -> giving blanket access across S3 buckets,
985.05 -> not something we probably want to have
986.82 -> in any sort of production account here.
990.41 -> So, you know, being able to see those policies is one thing,
993.42 -> but really the power of graphs
994.76 -> comes from not just seeing those policies,
997.1 -> but being able to see what's connected to those policies
999.027 -> and what you actually are able to do, you know,
1001.61 -> to be able to start traversing those relationships,
1003.8 -> or looking at the different connections
1005.44 -> and seeing how they're being used.
1007.13 -> So in this case, this next query,
1009.29 -> we're sitting there not only looking at the policy,
1011.12 -> but we're seeing if there's any
1011.98 -> roles attached to the policy.
1013.56 -> Because you might have a policy,
1014.67 -> it's got a star in it,
1015.503 -> but it's never being used inside your account.
1017.35 -> That represents much less of a threat
1018.95 -> than if something actually is.
1020.85 -> And if we take a look here,
1023.81 -> what we can see is that we have, with these policies,
1027.52 -> we have a couple of different roles attached to it.
1031.56 -> With the open S3 policy it's attached
1033.43 -> to a role called Altimeter shown right here,
1037.67 -> as well as an open S3 role and open S3, sorry,
1041.99 -> one called open S3 and one called open S3.
1044.36 -> And for the administrator access,
1046.24 -> we see somebody created a role called "I need admin access."
1049.25 -> This was probably somebody trying to,
1051.03 -> a developer or someone in operations
1052.61 -> trying to debug something maybe,
1054.97 -> as well as one down here called Admin.
1058.84 -> So with this,
1059.673 -> now that we've been able to see
1060.506 -> that these roles are being used,
1061.9 -> that there are insecure roles
1063.05 -> and that these roles are being used,
1064.97 -> what resources are associated with that?
1068.733 -> I'm able to sit there, you know,
1070.43 -> as we can kind of see from a query perspective,
1073.17 -> what you're doing is really starting to build out
1074.73 -> a bigger and bigger pattern.
1075.83 -> So, you know, in this case,
1077.54 -> I started with a policy node,
1078.85 -> now I wanna see how that's linked,
1080.63 -> and now I want to jump out even further
1082.65 -> and start looking at those different links
1084.29 -> and those different connections at different depths
1087.36 -> in order to see what might possibly be
1091.28 -> being exposed through this sort of interface.
1095.16 -> When I do that,
1096.93 -> what I can see is now I have
1098 -> a couple of interesting things here.
1100.16 -> Not only do I have those roles,
1101.47 -> but those roles are being used
1102.9 -> by three different EC2 instances.
1104.81 -> Now, as you know,
1106.24 -> someone looking at the security of my AWS account,
1108.64 -> now I'm starting to get worried.
1109.91 -> Now these are not just being used,
1112.04 -> you know, by ephemeral things.
1113.34 -> These are being used by long running compute resources,
1116.51 -> things that actually people may want to be able to
1119.46 -> gain access to for illicit purposes, something like that.
1123.79 -> So let's focus in on that a little bit
1126.41 -> and see what we're able to do from that.
1130.33 -> So, not only do I wanna see that I have those things,
1133.15 -> but I want to be able to see
1134.4 -> what those different things connect to as well.
1137.43 -> So, as you can see,
1138.56 -> what we're really doing is starting to build up
1140.04 -> these patterns of traversing and connections across things.
1144.46 -> You know, not only does this role exist,
1147.51 -> but this role exist or sorry, this policy exists,
1149.4 -> but that's connected to a role.
1150.45 -> That role is connected to an EC2 instance.
1152.9 -> That EC2 instance is connected to security groups,
1155.78 -> things of that nature.
1157 -> And you really start to see how you can start to see,
1159.15 -> not just that you have insecurities inside your account,
1163.67 -> but where those things are impact,
1165.65 -> what might be an area that, you know,
1168.51 -> what might be the blast radius, for lack of a better term,
1170.85 -> of some sort of, you know, illicit activity going on,
1174.39 -> if somebody was able to gain access
1176.1 -> to these sorts of things?
1181.22 -> So with that, let's maybe just focus in on those
1185.36 -> EC2 instances a little bit more.
1189.46 -> As we can see,
1190.38 -> we can look at these different EC2 instances,
1192.61 -> and because we're able to actually look at these as a graph
1196.74 -> it's not just the connections associated with it,
1199.38 -> but we also get to see how they're connected, how exactly,
1202.47 -> you know, what is the exact path or vector from
1207.31 -> this open S three role, sorry,
1209.62 -> this open S three policy to the open S three role,
1212.73 -> to the transient access, as well as to the EC2 instance.
1217.16 -> So you can really start to see,
1218.95 -> not necessarily just what that you do have a problem,
1223.04 -> but how you have a problem.
1224.48 -> And that's one of the real big advantages
1226.76 -> of something like a graph database
1228.32 -> is they don't necessarily just tell you the answer,
1230.09 -> but they also tell you how do you gut the answer.
1232.42 -> So you have a way to kind of be able to backtrack
1235.38 -> from where your answer was back to the starting location.
1238.68 -> So you can start to do some sort of mitigations,
1241.45 -> things of that nature.
1247.06 -> And finally, just because I have an EC2 instance
1251.37 -> that's associated with the role,
1252.74 -> a very important question
1253.95 -> you may want to be able to answer is,
1255.74 -> is this exposed to the internet?
1257.76 -> Because an EC2 instance with an insecure role is bad,
1260.47 -> one that's exposed publicly to the internet is much worse.
1264.6 -> It's a much worse scenario to be in.
1266.62 -> And in this case, you can see that, excuse me,
1270.73 -> that two of the three actually have
1272.91 -> public IP addresses associated with us.
1275.01 -> So this is an area where you probably want to start
1277.61 -> taking a deeper look at these, and not just the fact,
1280.42 -> not just looking at the fact
1281.74 -> that I have these EC2 instances and that I have this,
1283.9 -> but I probably wanna start looking at this
1285.37 -> as a way to be able to mitigate, you know,
1287.826 -> now that I know I have a problem
1289.45 -> how do I go about mitigating the problem?
1290.95 -> Where do I need to look
1291.8 -> to be able to find this sort of information?
1295.32 -> And with graphs, you can do this again,
1297.67 -> just by continually expanding this
1299.92 -> deep link analysis of your AWS resources.
1304.3 -> You're able to also see things that show,
1307.96 -> not only do I have this EC2 instance, you know,
1311.1 -> not only do I have this, excuse me, this insecure role,
1314.1 -> this role is associated with that EC2 instance
1315.53 -> and that EC2 instance is associated
1317.56 -> with this specific security group.
1319.14 -> So now I'm able to also pinpoint
1320.52 -> where I probably want to go start looking at,
1323.26 -> in order to be able to, or excuse me,
1331.84 -> where I wanna start looking in order to be able
1334.42 -> to start mitigating this problem early and often.
1338.27 -> So with that,
1339.24 -> that was sort of the end of the demo
1341.04 -> that I had kind of planned today.
1343.82 -> If you're interested in the tools I used here,
1350.2 -> so the tool I here to create this graph
1352.21 -> is a tool called Altimeter.
1354.69 -> Altimeter is an open source project
1357.48 -> that is backed by Tableau.
1360.18 -> And what it does is it uses Boto3,
1363.407 -> the Boto3 Python client to scan your AWS account
1367.84 -> and build a graph of that account
1370.73 -> and that data can be stored directly into Amazon Neptune.
1373.33 -> So if you wanna get started today, this is a tool.
1375.82 -> If you just want to see and start one, start with graphs,
1378.7 -> it's a great tool to use for that.
1379.96 -> And if you want to start using that today,
1382.96 -> there is a blog post here about
1385.16 -> how to graph your AWS resources,
1387.33 -> where we go into the details of exactly,
1389.14 -> of building out exactly that sort of
1391.32 -> security graph that you saw me demonstrate here today.
1396.09 -> So with that,
1397.98 -> I would like to bring to the stage Ami Luttwak
1401.66 -> who is the co-founder and CTO of Wiz.
1404.37 -> Wiz is revolutionizing cloud security
1407.08 -> with an agentless graph-based approach,
1409.85 -> and very excited to hear him talk today
1412.1 -> about how they're using Amazon Neptune
1413.7 -> as a critical part of the infrastructure.
1416.14 -> Thank you. Thank you.
1417.879 -> So, very happy to be here today.
1421.96 -> So Wiz is a cloud security solution that is really
1425.83 -> revolutionizing cloud security using graphs.
1428.34 -> And I wanna explain to you today why we do,
1431.73 -> why we use graphs and how we work with Neptune
1433.75 -> to really change the cloud security market.
1436.32 -> So, I start from the beginning,
1438.41 -> I'm Ami, the CTO for Wiz and
1441.63 -> Wiz is a company that's just two years old,
1444.05 -> and it's already the fastest growing
1445.893 -> cybersecurity company in history.
1448.28 -> And we scan billions of files every day.
1450.61 -> We work with the largest cloud environments in the world.
1452.94 -> We cover more than 20% of the
1454.64 -> Fortune 500 cloud environments.
1457.11 -> And, a lot of this is because we come with
1460.38 -> a new approach to cloud security
1462.73 -> and the key of that is actually using the graph, right?
1466.29 -> And I, what I wanna show you today,
1468.8 -> is why we chose the graph and why I think these
1471.01 -> graph-based use cases are a way to
1473.11 -> change how we approach security
1474.8 -> and maybe even many other areas, not only security.
1478.37 -> So just a quick word of what Wiz does
1480.8 -> and how we work and operate.
1482.16 -> So our approach to cloud security is pretty simple.
1485.9 -> It's four key steps,
1487.11 -> and each of them is very different
1488.3 -> from the way legacy solution works.
1490.58 -> So the first approach is ingest everything
1492.87 -> across all of the layers of the environment, right?
1496.21 -> So we call it the agentless scanning.
1497.54 -> So you can scan everything from the cloud environment,
1500.19 -> even into the workloads.
1501.9 -> The second step and the third step
1503.67 -> are actually possible using the graph.
1505.92 -> So the ability for us to do deep analysis,
1509.33 -> and we look at use cases that we can do today,
1511.67 -> like analyzing the exposure of a resource,
1515.38 -> analyzing the actual risk
1517.29 -> of an attack in the cloud environment
1520.01 -> is doable because we map all of the different
1522.49 -> pieces that we collect into a graph.
1525.06 -> And then the third piece is that we show the user
1528.91 -> what they really have to fix right now in the environment.
1531.507 -> And we can do that because we put
1534.05 -> all of that in to a graph, right?
1535.94 -> And the last part is also a game changer
1539.03 -> because we can basically split it into sort of mini graphs,
1543.19 -> where each owner is the dev team that owns this environment.
1546.49 -> We can basically build a tool that can be deployed
1549.7 -> across any scale in any cloud,
1551.67 -> then scan it and really analyze
1553.47 -> the key issues in the environment and have the owners
1556.4 -> of that environment actually fix the tools.
1559 -> So why are we using graphs?
1561.452 -> So let's start from the beginning.
1564.78 -> The way I see it is that really the world is a graph, right?
1567.93 -> The world is not a table, right?
1569.38 -> Even if you look not on the security,
1571.33 -> just even this right now, I'm doing,
1574.25 -> we are in a conference, this is a talk, right?
1577.31 -> So yeah, you can put all of that in a table,
1579.47 -> the list of talks,
1580.53 -> but if you wanna really model what's what's happening,
1582.75 -> so there is the talk.
1585.11 -> And it's happening in a location, right?
1587.92 -> And I'm part of a company and the company
1590.36 -> it works with certain customers
1592.68 -> and you can ask questions about location, right?
1595.04 -> So you think about it. This is actually a graph.
1597.24 -> Now, security is just the same.
1600.74 -> If I want to answer the most important
1602.82 -> question in cloud security,
1604.28 -> which is what are my critical risks in the cloud?
1607.14 -> This is actually a graph question, right?
1610.01 -> And there is actually no way to solve this
1612.34 -> without using this graph technology.
1615.58 -> And if you look,
1618.32 -> and we'll now go through use cases for that,
1621.34 -> but just what's the key question I'm trying to answer?
1623.64 -> A critical attack path,
1625.05 -> a critical risk in the environment.
1627.47 -> Let's break it down to three questions.
1629.08 -> What is exposed for the attacker?
1631.01 -> What the attacker can actually make use of?
1633.35 -> What's vulnerable, right?
1634.7 -> And then, what are the risks
1636.81 -> that you can actually escalate to a sensitive resource?
1640.01 -> All of these are actually use cases of graph questions.
1643.21 -> And before we build this in this way,
1645.49 -> legacy solutions just couldn't answer these questions.
1648.61 -> So that means that all of the existing solutions today,
1652.45 -> when you ask them,
1653.327 -> "What is the critical risk in the environment?"
1655.35 -> they don't really an give you the answer.
1657.28 -> They maybe give you, you know,
1658.83 -> millions of vulnerabilities you have,
1661.28 -> but they can't really answer the graph question,
1663.59 -> which is, what do I have to fix?
1665.31 -> That's what you care about.
1666.45 -> Getting a million vulnerabilities.
1667.66 -> Now, I'm actually saying million,
1668.7 -> because for even small environments,
1670.47 -> you really do get the million vulnerabilities,
1672.55 -> but you need answers.
1673.91 -> And the ability for us to enter the simple questions,
1677.37 -> on cloud is only available if you do it using the graph.
1682.31 -> Questions?
1684.19 -> Okay. So let's start looking at the use cases.
1687.6 -> The first basic use case is network exposure, right?
1690.66 -> And again, this is maybe
1691.81 -> the most basic question on a cloud environment.
1694.86 -> What is exposed from the environment?
1697.64 -> Now, most legacy solutions,
1699.83 -> and again, it's pretty surprising,
1702.34 -> but even when you showed the demo you mentioned it.
1705.61 -> How do you know if something is a exposed?
1707.08 -> You check if it has a public IP, right?
1709.46 -> But that's not true. It's simply not true.
1711.18 -> Like, if you look at just,
1712.57 -> if you try to think about cloud environments,
1714.43 -> what is exposed to the internet
1715.68 -> is not what it has public IPs.
1717.04 -> That's not how you build cloud, right?
1719.06 -> You have a load balancer,
1720.16 -> you have millions of resources behind it.
1723.53 -> You might have a container within a cluster
1725.69 -> that has even within it
1727 -> it has different routing within the cluster, right?
1729.68 -> So actually answering this question,
1731.64 -> you need to understand everything in the environment.
1733.852 -> You need to understand the firewalls, the security groups,
1737.15 -> the Kubernetes clusters, the peering connections.
1739.97 -> This is a highly complex question to answer, right?
1742.85 -> And that is a graph question.
1744.52 -> And without modeling it as a graph,
1747.11 -> you simply can't answer it.
1748.49 -> So security teams today are actually
1752.14 -> completely blind to the question of
1754.3 -> what do I have exposed in my environment?
1756.6 -> 'Cause they can't answer this question.
1758.45 -> And continue to the second use case.
1761.65 -> Okay, so I wanna know what's exposed,
1763.99 -> but then what is actually risky?
1767.065 -> So if I have a vulnerability,
1768.98 -> how do I know I have to fix it?
1770.21 -> So I need more context.
1771.98 -> And actually adding context is a graph question, right?
1774.91 -> 'Cause the context can be across very different layers.
1777.36 -> It can be what is vulnerable, but that's just one graph.
1781.12 -> We also have the identity graph,
1782.61 -> which is what do I have access to?
1785.57 -> That's another part of the graph if I have high permissions.
1788.38 -> Another graph is what secrets I have on this instance.
1791.91 -> Right?
1792.743 -> So these are actually a lot of different graphs
1794.323 -> that you can put all together across the different layers.
1797.27 -> But eventually the question becomes a graph question.
1800.097 -> "Show me every vulnerability
1802.36 -> that I really have to fix right now."
1805.6 -> And that's really is a graph question.
1807.76 -> And the third question is an escalation path, right?
1810.84 -> So what is really critical to fix
1812.85 -> if you can escalate from the development environment
1815.42 -> to the production environment.
1817.15 -> If I have a way to see there is a workload,
1819.37 -> it's exposed, it has a secret,
1821.24 -> this secret is actually a production secret
1823.23 -> and from there you can escalate to production,
1826.16 -> I really, I will fix it right now,
1828.08 -> I will stop everything and do it.
1829.4 -> But this is a graph question, right?
1831.31 -> The ability for us to analyze those kind of paths
1833.77 -> was never possible using security tools
1836.4 -> because we didn't have this ability
1838.53 -> to see across environments
1840.75 -> and correlate all of those different layers.
1842.747 -> And that's exactly what the graph technology
1845.08 -> allows us to do, right?
1846.4 -> So it breaks it basically, and that's what you get.
1849.59 -> Breaks down the silos.
1852.29 -> You don't think anymore in the sense of
1854.53 -> my Kubernete scanning tool,
1856.35 -> my identity tool, my network tool.
1858.19 -> No, you have your security graph that shows you
1862.01 -> what you have in that environment,
1863.64 -> and the true magic is to pinpoint you
1866.25 -> in what you have to fix.
1867.32 -> And that becomes just the queries on the graph, right?
1870.41 -> And it sounds simple, but,
1872.71 -> it was just not possible without using
1874.853 -> this kind of technology,
1876.77 -> and just showing you how this looks like
1879.42 -> in the actual product.
1880.89 -> So, this is an example of eventually a query on the graph.
1885 -> Eventually the customer gets an issue, right?
1888.3 -> Gets an alert.
1889.24 -> But this is an alert that is much more advanced
1892.22 -> than what we used to call a cloud security alert, right?
1895.56 -> It's 10 X more context because it says
1898.24 -> it's a highly exploitative vulnerability.
1900.49 -> It's an exposed VM and it has high permissions, right?
1903.13 -> I'm correlating multiple graphs.
1905.45 -> And I even showing the customers,
1907.32 -> eventually this runs on the graph, they see the graph,
1910.09 -> and it's customizable for them
1912.23 -> and they can immediately get these kind of insights.
1915.56 -> Eventually that's what you want,
1917.34 -> as a security team also as a dev team,
1919.45 -> to know what you have to focus on.
1922.03 -> Any questions so far? Okay.
1925.29 -> So, how does this all work?
1933.86 -> So we were privileged to work with the Neptune team
1939.33 -> to really take this use case of a security graph at scale.
1943.88 -> I think today Wiz is probably one of the largest
1946.88 -> graph as a service implementations in the world
1950.01 -> and it's really thanks to the
1952.81 -> joint work that we have with the Neptune team
1954.92 -> in every aspect of the pipeline that we're building, right?
1958.237 -> And this is a huge scale.
1959.76 -> We're talking about hundreds of billions
1962.1 -> of trippers in the graph.
1963.28 -> In every data center, we have dozens of data centers.
1965.74 -> we're ingesting hundreds of millions of objects every day.
1969.29 -> This is a scale of graph implementation that you don't see.
1973.24 -> Usually what you see in graphs is like the demo we saw,
1976.15 -> which is nice, but it works for the demo environment.
1978.49 -> It doesn't actually work for huge cloud environments.
1981.61 -> And I'm talking about the largest implementations
1983.907 -> and what we've done here together with the team
1986.01 -> is to take every part of what we need to do
1988.45 -> in a graph implementation that needs to scale and solve it.
1991.43 -> Right?
1992.263 -> So I'm talking about ingestion optimizations.
1994.82 -> How can I ingest millions of objects?
1998.02 -> Optimizing the queries themselves
1999.57 -> so the work that is going on on the DFE
2002.6 -> the ability to automatically optimize the query
2005.54 -> so the customer doesn't need to know a lot about graphs.
2008.11 -> They use the product, they get just get the answers, right.
2011.31 -> They don't really need to know
2012.99 -> how to open optimize graph queries.
2015.38 -> And so we're doing a lot of work,
2017.16 -> both on the ability to optimize
2019.66 -> and also from my perspective, from the security side,
2023.32 -> just to give you another aspect,
2024.54 -> the fact that we can do all of that natively
2026.71 -> allows us to be compliant,
2028.29 -> allows us even to look at more advanced environments
2033.2 -> and just take the same design what we've done
2034.93 -> and just run it on Gulf Cloud, for example.
2039.27 -> But this really proves is that graph technology
2042.94 -> is ready for mainstream huge scale implementations, right?
2047.51 -> This is not anymore an academic kind of exercise.
2051.5 -> And it really,
2053.81 -> this also proves that this kind of new capability
2056.98 -> allows you to really redefine
2058.83 -> what is possible when you build a tool.
2062.09 -> And just a few more
2063.57 -> advanced kind of capabilities that we can do
2066.59 -> because we have, and we run on Neptune.
2069.65 -> So, basically we don't look at cloud security anymore
2073.83 -> in the same view as in the past
2076.01 -> where you have different scanners.
2077.53 -> We are now flexible.
2078.92 -> We can take all of the different
2080.63 -> scanners you had in the past, right,
2082.287 -> and we just put them all in the single graph.
2085.49 -> So we basically consolidated everything to a basic question,
2088.29 -> which is cloud scanning.
2089.56 -> So identity analysis, right, data analysis,
2092.75 -> wanna be the analysis, secret analysis,
2094.49 -> it's very easy to extend the model where you have a graph
2097.5 -> because you simply add more components to the graph, right?
2101.8 -> And that's a critical capability that
2103.65 -> when you used to be with databases,
2105.49 -> you couldn't just add another completely new layer,
2108.45 -> data layer to your application
2110.52 -> and just everything work with it just seamlessly.
2113.87 -> Another really key capability is the ability for us
2117.24 -> to segregate the graph to the owners, right?
2120.31 -> You don't just create a huge graph.
2122.5 -> You actually,
2123.333 -> you have the ability to build access to mini graphs
2126.19 -> based on the owners so you can have a dev team
2129.25 -> accessing the graph and they see only their stuff, right?
2131.77 -> And they can do self service, they can fix their own issues.
2135.43 -> And we do that on top of the Neptune graph.
2137.96 -> And the third thing, which is, I think very interesting,
2140.76 -> is that graph doesn't sell over the use cases, right?
2144.085 -> There's a lot of data types that are not used
2146.673 -> and are not great with graph.
2148.62 -> And what we've done is we've built really great integration
2151.86 -> between RDS databases and graph.
2156.15 -> So basically, we have the graph to present the state,
2159.06 -> like I showed you,
2159.97 -> but also wherever you have data
2161.61 -> that is not supposed to be on the graph it's correlated.
2165 -> And there's a lot of really cool use cases where that
2167.35 -> enabled us to basically, any kind of,
2169.76 -> if you need high bandwidth streaming outside of database,
2172.72 -> we would put it on the database.
2174.44 -> When you ask questions about critical risks,
2176.72 -> you would use the graph.
2179.33 -> Any questions?
2183.15 -> Great.
2183.983 -> So, really if I wanna summarize the way I see it,
2192.12 -> I think that graphs today are revolutionizing security
2196.99 -> because they allow us to answer questions
2199.66 -> that we couldn't before,
2201.51 -> and allow us to focus on what we have to fix.
2205.44 -> And again, this is just a quote from one of our customers,
2209.6 -> but I think it really is a good example of
2212.19 -> how customers see this in the context of security, right?
2216.53 -> So, it's like socially graphs have a huge impact
2221.386 -> on the way we analyze social the field.
2226.58 -> In security, once we start using graphs,
2229.38 -> it allows us to build completely new type of solutions,
2232.46 -> in a way that the solution understands
2235.6 -> the context of the cloud environment.
2237.43 -> So anything related to the real risk, a real threat,
2242.08 -> now you have context, right?
2243.57 -> You don't just look at the public IP,
2245.12 -> you really understand what's at risk.
2246.85 -> And, I truly think that because
2248.77 -> the clouds are so complex today,
2250.52 -> there is no other way to build these kind of solutions.
2253.76 -> And I think that this kind of technology
2257.65 -> is not only for security.
2258.9 -> I think that once we understand that graph technology
2261.79 -> is really a better way to model the world, right,
2264.343 -> this can also change other industries.
2267.07 -> I think that security is just the beginning.
2272.67 -> Any questions?
2274.9 -> Perfect. Great.
2275.733 -> So I think that's a great segue to give it back to you.
2279.847 -> Right. Thank you Ami.
2281.47 -> Thanks for that great look at how Wiz is using Neptune
2285.03 -> and why you chose graph as kind of
2287.15 -> the foundational technology of your solution.
2291.27 -> So, we've talked a little bit about
2293.32 -> the business use cases for security graphs.
2295.75 -> We've talked a little bit
2296.664 -> about some of the technical challenges.
2298.51 -> You've seen a demo of a very simple, you know, aspect,
2303.15 -> or a very simple example
2304.31 -> of how you can use a security graph.
2306.21 -> What one might look like,
2307.24 -> the type of insights you might be able to derive
2309.56 -> from using a security graph
2311.17 -> or graph for your security type applications.
2313.83 -> So what are some resources to get started?
2316.26 -> Well, but before I jump right into some of the resources,
2319.3 -> it's actually kind of my privilege today
2321.05 -> to be able to announce a couple new features of Neptune.
2324.24 -> First one being, as Brad alluded to earlier,
2326.66 -> openCypher for Amazon Neptune.
2329.15 -> So OpenCypher for Amazon Neptune is,
2331.96 -> well, first off OpenCypher.
2333.25 -> OpenCypher is a widely adopted
2335.06 -> open query language for property graphs.
2338.31 -> It provides an intuitive way to look at your property graph
2342.12 -> by providing a familiar syntax.
2344.1 -> If you, you know, what we saw earlier in the demo,
2346.01 -> that was an example of OpenCypher.
2348.11 -> It's very much familiar,
2350.15 -> or it's the learning path forward
2353.37 -> is much less for someone like business analysts,
2357.05 -> data scientists to learn something like OpenCypher
2359.53 -> because of its SQL inspired syntax.
2364.333 -> So OpenCypher was announced for Amazon Neptune last July,
2367.79 -> but it was in lab mode release.
2369.31 -> As of actually this morning,
2370.66 -> it is now available for, in all regions,
2373.84 -> for where Neptune's supported for production level usage.
2377.81 -> This has been one of the highest level
2379.75 -> or one of the most commonly requested features
2382.11 -> of Neptune for quite a while,
2384.06 -> so we're very excited that this is actually now out there,
2387.29 -> and this is really about giving customers
2389.49 -> the most choice to build
2390.81 -> and migrate their graph applications to a highly available,
2394.21 -> secure, and fully managed graph database.
2397.16 -> One of the very interesting things here
2399.2 -> about our specific implementation is
2401.75 -> if you are currently using Neptune
2403.38 -> or you've thought about using Neptune before,
2405.24 -> maybe you have some data loaded in there already,
2407.63 -> you can actually start using this today
2409.09 -> without having to reload your data.
2411.48 -> But between the Apache TinkerPop Gremlin query language
2414.13 -> and OpenCypher they're interoperable
2415.86 -> over that same property graph data.
2417.47 -> So you store your data one time
2419.08 -> and we allow you the choice and flexibility
2421.73 -> to choose the query language that either best fits
2424.17 -> the problem that you're looking at
2426.07 -> or best fits the team dynamic that the team,
2429.027 -> and the team skills, that you have today.
2432.07 -> So that's kind of the first announcement
2433.43 -> that we get to make.
2434.27 -> So the next announcement
2435.88 -> that I'm also really excited about is as of today
2439.73 -> we actually now offer a free trial of Amazon Neptune.
2442.9 -> This is really about allowing you
2444.19 -> to start building your graph applications for free,
2446.31 -> for trying out some of these things
2447.84 -> that we're talked about today.
2449.15 -> You know, with this,
2451.65 -> this free trial offer doesn't limit the features of Neptune.
2455.3 -> This means you can choose from any of our
2456.92 -> other three supported query languages.
2458.82 -> You can use Gremlin or OpenCypher
2460.71 -> on top of Property Graph data, if you want to,
2463.65 -> or you can use SPARQL if you're looking at using
2466.26 -> RDF with a resource description framework.
2469.921 -> And, you know, with this, any customer, you know,
2474.19 -> this is for eligible customers,
2475.98 -> for any eligible customers you can get 750 hours
2478.39 -> of T3, medium instances, 10 million IO operations,
2483.32 -> one gigabyte storage, one gigabyte of backup.
2486.47 -> And there are, like I mentioned,
2487.57 -> there's no feature restrictions
2488.74 -> on what you can do with that data.
2490.17 -> So this is a really great way to start out, you know,
2493.42 -> start with graphs if you're new to it,
2495.35 -> or start out trying some of these sort of things that we,
2498.99 -> that you've excuse me, that we've shown you today.
2502.42 -> And finally, this is free from expensive licenses.
2505.22 -> It's, you know,
2506.053 -> Neptune at its very core is a pay as you go model.
2508.81 -> So if you're using this in your application
2511.32 -> and you use those 750 hours after that,
2514.53 -> you're just gonna pay for whatever resources you use.
2516.63 -> You don't have to sign up for,
2518.05 -> or lock yourself into any sort of long term agreement
2521.7 -> or anything like that in order
2522.9 -> to get started with this today.
2526.17 -> So with those announcements over
2528.19 -> I wanted to give you some resources
2530.56 -> that you can actually use to get started.
2532.64 -> The first resource you'll see up there
2534.44 -> is the Neptune notebook.
2536.36 -> The Neptune notebook is what I was demoing earlier.
2539.34 -> That is that set of Jupyter,
2540.95 -> that is that IDE built on top of Jupyter
2543.34 -> that's really targeted for, you know,
2545.73 -> the developer experience to be able to write your queries,
2548.18 -> visualize your results, look at the type of information.
2551.73 -> We only touched a very small portion
2553.57 -> of what you can do with that today.
2555.61 -> Beyond just being able to write and visualize your queries
2558.24 -> you can use that to do other things.
2560.21 -> You can use that to view the Neptune streams functionality,
2562.82 -> which is a CDC stream of changes coming off your graph
2565.64 -> that you can use to trigger downstream workflows.
2568.07 -> You can use that to build a Neptune ML model.
2570.89 -> Neptune ML is a feature of Neptune
2573.16 -> where that integrates with SageMaker
2575.17 -> to allow you building out graph neural networks,
2577.28 -> based on your model to add predictions, you know,
2579.67 -> and machine learning based predictions to your system.
2583.03 -> The next link there is a link to
2585.4 -> the Neptune reference architectures.
2587.16 -> If you're interested at what it looks like
2588.74 -> to actually build an application on a graph database,
2592.44 -> maybe, you know, I know from an earlier,
2594.94 -> a lot of people were new to graph databases.
2597.15 -> If you're interested what it looks like
2598.15 -> to actually build a real application
2599.72 -> I suggest going and taking a look
2601.04 -> at the reference architectures.
2602.57 -> If you wanna see what's in sample applications,
2604.68 -> some sample full stack applications look like,
2606.95 -> that third link will take you to a GitHub repo,
2609.56 -> where we have a variety of different full stack examples
2611.89 -> of how to build out specific types of applications.
2614.91 -> Maybe you're interested in what it looks like
2617.36 -> to be able to integrate, you know,
2618.87 -> how you might integrate a chat bot with a knowledge graph,
2621.54 -> something like that.
2622.373 -> I know for example,
2623.33 -> there is a specific example out there
2624.77 -> for that type of application for the user.
2628.58 -> If you're just interested a little bit more
2629.89 -> in graphs in general,
2630.76 -> the next two links are kind of great ones.
2632.73 -> The first one is a link to a bunch of example use cases,
2636.69 -> videos, blogs, things like that
2639.21 -> that are really helpful to start, you know,
2641.36 -> to help you get started using Neptune,
2643.86 -> or to understand what sort of use cases,
2646.28 -> graphs, and graph databases are good for,
2648.14 -> and maybe not as good at.
2650.3 -> And like I said, the bottom one there
2651.49 -> is a list to customer testimonials
2654.18 -> and customer success stories.
2658.8 -> You know, we also encourage you to get engaged
2663.64 -> with the AWS Training and Certification content.
2667.95 -> Two things we kind of wanna highlight here.
2669.41 -> First is Skill Builder.
2671.47 -> Skill Builder is an online training center
2674.12 -> that makes it easy for anyone be it beginners
2676.65 -> or experienced professionals
2678.55 -> to build their AWS cloud skills.
2681.04 -> There's over 500 free digital courses on that
2684.68 -> that are really aimed at helping, you know,
2687.04 -> providing a learning path for you as our customers,
2691.12 -> to be able to get up to speed on best practices
2694.42 -> for building out applications inside AWS.
2697.79 -> You know, within Skill Builder
2699.04 -> you can take advantage as a flexible learning pass
2702.07 -> with suggested digital courses and dig, and excuse me,
2706.18 -> in specific domains or for specific job roles.
2711.32 -> And as you build you these skills, you know,
2713.55 -> you may wanna take advantage of these Skill Builder classes
2716.51 -> to look at being able to actually get certified with AWS.
2722.37 -> We really invite you to enjoy the community
2725.3 -> of AWS Certified Professionals here.
2727.42 -> It's an industry recognized certification
2730.1 -> that spans foundational, professional and specialty levels
2733.991 -> that really validate that you are an expert
2736.52 -> in the AWS concepts, constructs and skills
2740.04 -> that you say you are.
2742.77 -> You know, with these two things
2744.03 -> you get access to a lot of additional tooling,
2746.65 -> discussion forms, learning and networking opportunities,
2749.8 -> and challenges, you know, different challenges that come up
2752.87 -> that allow you to earn rewards and recognition
2755.77 -> within the greater environment.
2760.34 -> So with that,
2761.9 -> I would first like to thank both Brad and Ami
2765.64 -> for presenting with us today.
2766.85 -> And I would like to open it up to any questions
2768.95 -> that may be out there.
2770.769 -> (applause)
2776.849 -> (audience member indistinct question)
2817.44 -> So if I can maybe summarize your question for Ami here?
2821.75 -> You're interested in Wiz's architectural choice
2824.03 -> of using and agentless graph,
2826.77 -> sorry, agentless approach to being a scanner,
2830.73 -> and how that may impact essentially delays
2833.11 -> in the changes and how changes might be propagated
2835.57 -> into the graph, is that the?
2838.09 -> So I think when we look at
2840.86 -> Wiz's example in general for graphs,
2843.4 -> I spoke about the interesting integration
2845.5 -> between other technologies and the graphs.
2846.82 -> So first of all, is a graph real time?
2850.09 -> So it can be, right?
2851.42 -> So yeah, you can look for example,
2853.62 -> into the event stream that is coming.
2856.21 -> When an event is coming,
2857.65 -> you detected a change and you put
2859.07 -> the update to the graph.
2860.2 -> So definitely it can be real time,
2862.89 -> or near real time as needed, right?
2864.92 -> And also,
2865.753 -> there is no limitation into what you put into the graph.
2869.15 -> I'm not limited just to get resources, metadata resources.
2872.45 -> I also can in the workloads themselves
2875.39 -> in an agentless manner and put that on the graph, right?
2878.06 -> So the graph is not limited to just grabbing from APIs.
2881.89 -> That's the beauty.
2882.723 -> You can see basically everything on the graph,
2885.48 -> even you can be on the graph, right?
2886.89 -> Why? Because you push code.
2888.12 -> And the code becomes a vulnerability
2890.408 -> so I want you on the graph.
2891.241 -> So basically think about multiple sensors
2895.438 -> that are working together.
2896.63 -> They can feed from real time streams,
2899.16 -> as well as offline streams.
2900.72 -> The beauty is that it doesn't matter.
2902.22 -> Eventually you have the current state on the graph.
2905.28 -> Okay, so (indistinct).
2911.34 -> So, just to repeat the question
2913.5 -> just so everyone can hear it.
2915.15 -> The question was,
2915.983 -> is there any TPS limits to the amount of updates
2917.84 -> you can add to the graph?
2919.384 -> (indistinct speech)
2920.46 -> So there is a lot of the optimizations
2923.42 -> that we work together with the Neptune team
2925.54 -> is around optimizing ingestion, right?
2929.06 -> And there is a lot of work that we do
2930.36 -> both in the sense of how can we optimize
2932.89 -> and basically all ingestions that we do
2934.72 -> will be based on the optimized keywords, right?
2938.08 -> And also we do a lot of effort on modeling the graph
2941.39 -> in a way that is very, very efficient.
2944.2 -> There is a lot of details of how you do all of this magic
2947.38 -> without going into the problems
2949.67 -> of actually building an inefficient model.
2953.4 -> If I would try to put an edge
2955.31 -> between every VM and every other VM
2957.68 -> and they have access to each other,
2959.13 -> that would never be able to scale
2962.04 -> and work in this real time considerations.
2964.3 -> But it's about using really optimized ingestion,
2967.75 -> but also building the right model.
2973.202 -> (audience member asks indistinct question)
3000.511 -> So the question was,
3001.74 -> for the security graph our use case that was exposed,
3005.26 -> is there any plans to add that as a feature?
3008.8 -> I think that, you know,
3009.89 -> we're always looking at kind of working backwards
3012.36 -> from what customers are interested in and,
3014.46 -> we're really interested in how we can use graphs
3017.36 -> to help customers secure their AWS resources in general.
3020.1 -> So, we don't have specific plans for that feature,
3022.84 -> but we are looking at things that are similar to that.
3025.99 -> Yeah, I mean that (indistinct)
3036.09 -> Yeah, mm-hmm.
3037.759 -> it's basically be easier for us to navigate.
3039.24 -> Another question is,
3042.05 -> can you add more metadata on the node?
3045.599 -> When I click the node (indistinct).
3048.94 -> Oh yeah.
3050.42 -> I actually, I didn't demonstrate that.
3052.29 -> So the question was, can you add more metadata on the nodes?
3054.57 -> So when you are working with a labeled property graph,
3057.51 -> it has both those nodes contain not only
3059.94 -> the fact that they're node,
3060.78 -> but they have a thing called a label,
3061.96 -> which is you can sort of think of
3063.15 -> as a group that they belong to
3064.98 -> as well as a variety of
3066.16 -> different properties associated with them.
3067.82 -> So you can assign properties to nodes.
3070 -> But one of the unique aspects of graphs
3072.03 -> is you can actually assign properties to the edges.
3073.82 -> So you can assign properties
3074.84 -> to the relationships between items.
3077.44 -> So, you know, I like to think of it is,
3079.48 -> I often say, working with graphs,
3082.23 -> edges are first class citizen,
3083.62 -> or relationships are first class citizens because those,
3086.7 -> not only do those get to have properties themselves,
3089.08 -> but they're also one of the big differences
3091.07 -> between something like a graph database
3092.77 -> and a relational database
3094.04 -> is those edges are actually materialized.
3095.93 -> They're stored to disk.
3097.27 -> So, one of the reasons graph databases
3100.36 -> are great at traversing edges
3101.4 -> is because it doesn't have to calculate those at run time.
3104.17 -> If you do something like a relational database,
3105.62 -> it has to calculate those relationships at run time.
3108.18 -> Whereas graph databases we've already calculated them.
3110.6 -> They're stored on disc,
3111.48 -> and it makes that very efficient
3112.88 -> to be able to traverse across those or move across those.
3117.513 -> (indistinct question)
3129.82 -> Sorry, the second one was syslog?
3131.315 -> Syslog. Syslog (indistinct speech).
3135.35 -> So the question was,
3136.55 -> what is the level of effort or complexity
3138.31 -> around integrating things like CloudWatch logs or syslogs
3141.086 -> into Neptune into a graph environment?
3143.9 -> When you start looking at something like that,
3145.3 -> it actually becomes a very interesting problem
3147.05 -> because what you really want to do there
3149.06 -> is not necessarily integrate specifically
3151.38 -> just the CloudWatch logs.
3152.81 -> You want to integrate the associations
3155.25 -> inside those CloudWatch logs.
3156.85 -> And that's really where the graph comes into it.
3159.12 -> This is sort of a lot like,
3160.03 -> we see a lot of things for like IOT use cases.
3162.98 -> You don't necessarily want to integrate necessarily
3166.234 -> each log, or each event in a CloudWatch log, into a graph,
3170.53 -> because graphs just by their very nature,
3174.09 -> the amount of time any traversal takes
3175.92 -> is really associated with the amount of
3178.17 -> the graph you have to touch.
3179.18 -> And if you have to traverse 10 million edges,
3181.92 -> it's gonna take longer than if you have to traverse
3183.42 -> one million edges to get the same sort of answer.
3186.64 -> So in those sorts of scenarios,
3188.13 -> we actually really often look to integrate
3192.06 -> something like CloudWatch logs.
3193.66 -> We want to pre-process them
3195.32 -> and integrate essentially the connections
3197.01 -> between the events into the graph,
3198.9 -> but the logs themselves,
3199.97 -> you would want to store in a different sort of system,
3202.18 -> same thing with like syslog, things like that.
3204.24 -> Any sort of log or IOT time stream type data.
3208.77 -> You don't wanna just take that
3209.74 -> and dump it blatantly into a graph. (chuckles)
3212.66 -> You really wanna extract out
3214.26 -> the key relations in those things.
3217.39 -> Yeah, the level of effort
3218.24 -> from a integration perspective is relatively low.
3221.22 -> The real, the thing what's important,
3223.21 -> is the thinking about what are the questions
3226.25 -> that you wanna answer from those CloudWatch logs
3228.86 -> and that's where some of the pre-processing comes in.
3231.862 -> Yeah.
3233.28 -> Yeah.
3234.34 -> The temporal aspect there is also key, yes.
3238.33 -> Any other questions there?
3240.912 -> Oh, sorry.
3241.77 -> Thank you. (chuckles)
3242.797 -> You need sunglasses.
3245.022 -> (indistinct question from audience member)
3249.57 -> Sorry, the open source which database?
3250.92 -> I think the question was, "How is Neptune compared
3253.23 -> to the open source Neo4J version?"
3255.6 -> Is that correct?
3257.53 -> Okay, thank you.
3259.74 -> So Amazon Neptune is, you know,
3262.88 -> probably the biggest difference is
3265.63 -> Amazon Neptune is a fully managed service.
3268.13 -> When you start up a cluster of Amazon Neptune
3270.73 -> you're already getting, you know, a highly available,
3274.32 -> distributed storage aspect to it.
3278.382 -> Because we're, you know,
3279.81 -> a purpose-built database for the cloud
3281.33 -> we're actually able to take advantage
3282.48 -> of some of the cloud-specific aspects.
3285.51 -> We're actually able to separate out our compute layer
3287.65 -> from our storage layer,
3290.32 -> allowing you to independently optimize both of those.
3292.62 -> So we didn't go into quite the architecture of Neptune,
3295.89 -> but Neptune's has an instance based model
3298.42 -> where you're able to horizontally scale reads
3300.64 -> and vertically and horizontally scale
3302.45 -> both reads and rights by choosing different instance sizes.
3306.16 -> So, that compute layer all sits on top of
3310.54 -> a cloud native storage layer.
3312.39 -> When you write data Neptune, it's written six times,
3316.21 -> twice in each of three availability zones.
3318.16 -> So kind of out of the box,
3319.48 -> what you're getting with Neptune
3321.13 -> that you don't get with some other database providers
3323.2 -> is that really production ready type of infrastructure.
3326.2 -> You don't have to, you know,
3327.5 -> build your application and then go through the process
3330.13 -> of actually productionizing it.
3332.12 -> You've already built your, you know,
3333.24 -> your application is already built with a production ready
3335.39 -> type of infrastructure.
3336.71 -> And that's probably one of the things I would say
3338.37 -> is one of the biggest differences
3339.61 -> that fully managed aspect of Neptune versus some others.
3343.7 -> I can add, like from our perspective is like,
3346.41 -> if you wanna build an application at scale,
3348.73 -> I think being that on an open source tool, if I compare,
3353.12 -> like if we had chosen to build that one
3354.66 -> on an an opensource library,
3356.08 -> we probably need like a whole team
3357.27 -> that will just try to manage that
3359.51 -> and create more features that are missing, right?
3361.74 -> So if you plan for huge scale,
3363.69 -> it's a huge help that there's an entire
3366.79 -> graph as a service team that helps you
3368.53 -> scale as you need it and not you becoming the one
3371.653 -> that actually has to really understand
3373.72 -> all the complexities about scaling that.
3379.54 -> Well, sorry.
3381.52 -> We'll be around here,
3382.353 -> but we are getting the cutoff signal, so. (laughs)
3386.825 -> Why don't you come up afterwards and we'll-
3387.658 -> Yeah, so if you wanna come up,
3388.491 -> we definitely can answer all your questions
3389.357 -> and I wanna thank everyone
3391.14 -> for coming to our presentation today.
3392.77 -> Thank you. (applause)
3394.924 -> (bright music)

Source: https://www.youtube.com/watch?v=PXK9DOT2f8M