2025-07-01 –, Room 1
Network egress controls are a well recognised technique to defend against exfiltration of sensitive data and malware/attackers using command and control channels. AWS has managed services for this: Network Firewall, DNS Firewall, and VPC endpoint policies. I implemented egress controls at scale using these services and encountered many implementation challenges.
This presentation addresses these challenges including service limitations, techniques for evading the controls, and unexpected issues presented by several services. You’ll learn what security can or cannot be provided if done correctly and how to successfully approach a large scale implementation.
Greg holds a degree in Electrical and Computer Systems Engineering from Monash University, Australia. He has a diverse background spanning telecommunications, software engineering, infrastructure, and cloud security. Over the past decade, he has focused exclusively on AWS, with the last seven years dedicated to cloud security. Greg is currently employed at Block.