SlideShare a Scribd company logo

Automating Security Operations on AWS

Evident.io
Evident.io

This document discusses automating security operations on AWS. It begins by noting the large costs of data breaches and intellectual property theft for businesses. It then discusses how AWS can provide more security than an on-premises environment through features like automated logging and monitoring, simplified access controls, and encryption. The document emphasizes that security is a shared responsibility between AWS and the customer, with AWS securing the underlying cloud infrastructure and customers securing their applications and data. It provides examples of AWS security certifications and programs. Finally, it discusses how security automation is key to keeping up with the scale of cloud infrastructure and software delivery.

Technology
1 of 51
Download to read offline
Automating Security Operations on AWS Pat McDowell Solutions Architect at AWS Tim Prendergast CEO and Co-Founder at Evident.io Shannon Lietz DevSecOps Leader at Intuit
$6.53M 56% 70% Increase in theft of hard intellectual property Of consumers indicated they’d avoid businesses following a security breach Average cost of a data breach Your data and IP are your most valuable assets https://www.csid.com/resources/stats/data-breaches/ http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html https://www.csid.com/resources/stats/data-breaches/
In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS can be more secure than your existing environment
AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
Constantly monitored The AWS infrastructure is protected by extensive network and security monitoring systems: • Network access is monitored by AWS security managers daily • AWS CloudTrail lets you monitor and record all API calls • Use VPC Flow Logs to monitor and analyze network traffic to your instances
Highly available The AWS infrastructure footprint protects your data from costly downtime: • 33 Availability Zones in 12 regions for multi-synchronous geographic redundancy • Retain control of where your data resides for compliance with regulatory requirements • Mitigate the risk of DDoS attacks using services like AutoScaling, Route 53
Integrated with your existing resources AWS enables you to improve your security using many of your existing tools and practices: • Integrate your existing Active Directory • Use dedicated connections as a secure, low-latency extension of your data center • Provide and manage your own encryption keys if you choose
Key AWS Certifications and Assurance Programs
+
Security Automation is a key differentiator for cloud companies
You are responsible for protecting your data/assets Customer Data Applications Identity Access Management OS Network Firewall Client-side Encryption Server-side Encryption Network Traffic Protection Compute Storage Networking AWS Global Infrastructure (Regions, Azs, Edge Locations) AWS: Security of the Cloud Customer: Security on the Cloud
You have a huge quantity of intelligence to process This is just a SUBSET of an average company’s data flows Amazon Elasticsearch
The Human Challenge Humans have finite scale…
…Then we turn to automation.
Security breach
Why automate Security? We’re less than one million security professionals short of “equilibrium” and lagging…
No matter how good your process is, Alert Fatigue will trump it… Why automate Security? Alert Psychology proves that fatigue destroys process
As infrastructure and software delivery accelerate, there is no alternative. The fallacy of choice…
Security DevOps Security Automation is good for everyone  DevOps builds Value  Security builds Trust  Customers / businesses need  Trust and Value
Evident Security Platform (ESP)  Built by cloud pioneers from Adobe, AWS, and Netflix  Agentless deployment (<5 mins)  Continuous security scanning & alerting across several AWS Services  Aligns your Security and DevOps teams on protecting cloud assets  Tracks security state to support audit, compliance, and incident response needs
Leader in Cloud Security Automation & Innovation Leader in DevSecOps + Evident & Intuit
Cloud Security Operations “boldly go where no human has gone before…” Shannon Lietz DevSecOps Leader at Intuit @devsecops
The Context… Cloud Security Operations Imagine:  Software defined security  Thousands of changes a day  The biggest “big data” problem MeanTimetoResolution(MTTR) 6 months Fast MTTR… the final frontier
So what hinders “secure” innovation @ speed & scale? 1. Manual processes & meeting culture 2. Point in time assessments 3. Friction for friction’s sake 4. Contextual misunderstandings 5. Decisions being made outside of value creation 6. Late constraints and requirements 7. Big commitments, big teams, and big failures 8. Fear of failure, lack of learning 9. Lack of inspiration 10. Management and political interference (approvals, exceptions)
In the Cloud, Everything is Code
Let’s switch some things around… Data Center Network Servers Virtualization Operations Platforms Buyer Identifier Cloud Account(s) Virtual IP Addresses Containerization Appliances Storage Security Features Applications Ephemeral Instances Scale on Demand IAAS, PAAS, SAAS Resource Testing Built-In Security Long-Term Contracts Partner Marketplaces Slow-ish Decisions Experiments
Software Defined Security  Requires significant intimate knowledge, context & understanding  Critical Cloud Security Operations Elements: – Zoning & Blast Radius Containment – Instrumentation & Monitoring to create the feedback loop – Security as Code Platform (Whitelisting, Encryption, Authorization) – API Catalog & Testing for the Full Stack – Asset Inventory & Hardened Baselines [Software, Services, Components, etc.]
The Basic Cloud Model Cloud Provider Network Backbone Cloud Platform (Orchestration) Network Compute Storage Cloud Account(s) Load Balancers Compute Instances VPCs Block Storage Object Storage Relational Databases NoSQL Databases Containers Content Acceleration Messaging Email Utilities Key Management API/Templates Certificate Management Partner PlatformInternet Backbone
Developers have lots of options…
Reality… Data Center Cloud Provider Network Internet Cloud Provider Network Data Center Cloud Provider Network Cloud Provider Network Cloud Provider Network
And Attackers also have lots of options… Victims Attackers
Shift controls & mindset Security Monitoring
Cloud Security Operations in the Cloud… Monitor & Inspect Everything insightssecurity science security tools & data Cloud accounts S3 Glacier EC2 CloudTrail ingestion threat intel continuous response security feedback loop (speed matters)
What’s this look like in practice? Etc…Etc…Etc…
Account Sharding is a new control!  Splitting cloud workloads into many accounts has a benefit.  Accounts should contain less than 100% of a cloud workload.  Works well with APIs; works dismal with forklifts.  What is your appetite for risk? Cloud Workload Templates Cloud Provider Network 33 % 33 % 33 % Attacker Cloud Account Cloud Account Cloud Account
Long live APIs…  Everything in the cloud should be an API, even Security…  Protocols that are not cloudy should not span across environments.  If you wouldn’t put it on the Internet then you should put an API and Authentication in front of it: – Messaging – Databases – File Transfers – Logging Cloud Provider Network Tested machine image… Tested instances... Tested roles... Tested passwords... New instance created… Instance 12345 changed… User ABC accessed Instance 12345... B User Routing Data Replication Application Gateway File Transfers Log Sharing Messaging My API
Host-Based Controls  Shared Responsibility and Cloud require host-based controls.  Instrumentation is everything!  Fine-grained controls require more scrutiny and bigger big data analysis.  Agents & Outbound Reporting to an API are critical Tested machine image… Tested instances... Tested roles... Tested passwords... New instance created… Instance 12345 changed… User ABC accessed Instance 12345... B Instance Cloud Provider Network Instance
Don’t Hug Your Instances…  Research suggests that you should replace your instances at least every 10 days, and that may not be often enough.  Use Blue/Green or Red/Black deployments to reduce security issues by baking in patching.  Make sure to keep a snapshot for forensic and compliance purposes.  Use config management automation to make changes part of the stack.  Refresh routinely; refresh often! 10DAYS
Overcoming Inconvenience  Use built-in transparent encryption when possible.  Use native cloud key management and encryption when available.  Develop back up strategies for keys and secrets.  Apply App Level Encryption to help with SQL Injection and preserving Safe Harbor.  Use APIs to exchange data and rotate encryption.
Migrating Security to the Left where it can get built-in design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes Happen during design Security is a Design Constraint faster security feedback loop
Use Cloud Native Security Features...  Cloud native security features are designed to be cloudy.  Audit is a primary need!  Configuration and baseline checks baked into a Cloud Provider’s Platform help with making decisions and uncovering risks early in the Continuous Delivery cycle.  Be deliberate about how to use built-in security controls and who has access.
Secure Baselines & Patterns help a lot! AMI Amazon Elastic MapReduce AWS Import/ Export Security Monitoring Egress Proxy CFn Template Bastion CFn Template Secure VPC CFn Template CloudTrail CFn Template Secrets Bundle MarketPlace templates resourcespatterns services
Fanatical Security Testing static UX & Interfaces Micro Services Web Services Code CFn Templates dynamic Build Artifacts Deployment Packages Resources Patterns & Baselines run-time Security Groups Account Configuration Real-Time Updates Patterns & Baselines
Red Team, Security Operations & Science  API Key Exposure -> 8 hrs  Default Configs -> 24 Hrs  Security Groups -> 24 Hrs  Escalation of Privs -> 5 D  Known Vuln -> 8 Hrs
Cloud Security Disaster Recovery & Forensics is a different animal…  Regional recovery is not enough to cover security woes.  Security events can quickly escalate to disasters.  Got a disaster recovery team?  Multi-Account strategies with separation of duties can help.  Don’t hard code if you can help it.  Encryption is inconvenient, but necessary… Cloud Workload Templates Disaster Templates Cloud Provider Network 50 % 50 % Cloud Account Cloud Account Cloud Account 50 % Cloud Account 50 %
Compliance Operations as Continuous Improvement https://www.kpmg.com/BE/en/IssuesAndInsights/ArticlesPublications/Documents/Transforming-Internal-Audit.pdf
Code can solve the great divide  Paper-resident policies do not stand up to constant cloud evolution and lessons learned.  Translation from paper to code can lead to mistakes.  Traditional security policies do not 1:1 translate to Full Stack deployments. Data Center • Choose strong passwords • Use MFA • Rotate API credentials • Cross-account access Page 3 of 433 Cloud Provider Network • Lock your doors • Badge in • Authorized personnel only • Background checks EVERYTHING AS CODE
Security Decision Support
Speed & Ease can increase security!  Fast remediation can remove attack path quickly.  Resolution can be achieved in minutes compared to months in a datacenter environment.  Continuous Delivery has an advantage of being able to publish over an attacker.  Built-in forensic snapshots and blue/green publishing can allow for systems to be recovered while an investigation takes place. APP APP DB DB APP DB ATTACKED FORENSICSRECOVERED
This could be your MTTR…MeanTimetoResolution(MTTR) 6 months
Get Involved and Join the Community  devsecops.org  @devsecops on Twitter  DevSecOps on LinkedIn  DevSecOps on Github  RuggedSoftware.org  Compliance at Velocity

Recommended

Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...Evident.io
 
Velocity 2015-tim-prendergast-continuous-security-the-devops-way
Velocity 2015-tim-prendergast-continuous-security-the-devops-wayVelocity 2015-tim-prendergast-continuous-security-the-devops-way
Velocity 2015-tim-prendergast-continuous-security-the-devops-wayEvident.io
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 

Recommended

Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...Evident.io
 
Velocity 2015-tim-prendergast-continuous-security-the-devops-way
Velocity 2015-tim-prendergast-continuous-security-the-devops-wayVelocity 2015-tim-prendergast-continuous-security-the-devops-way
Velocity 2015-tim-prendergast-continuous-security-the-devops-wayEvident.io
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryJames Strong
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application securityJohn Varghese
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minuteskieranjacobsen
 
Security Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsSecurity Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsJohn Varghese
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016Gaurav "GP" Pal
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Amazon Web Services
 
Making the Best Marketing Campaigns Even Better- UK- 2014
Making the Best Marketing Campaigns Even Better- UK- 2014Making the Best Marketing Campaigns Even Better- UK- 2014
Making the Best Marketing Campaigns Even Better- UK- 2014Nielsen Market Research
 
mHealth Apps: Supporting a Healthier Future
mHealth Apps: Supporting a Healthier Future mHealth Apps: Supporting a Healthier Future
mHealth Apps: Supporting a Healthier Future Research Now
 

More Related Content

What's hot

Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryJames Strong
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application securityJohn Varghese
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minuteskieranjacobsen
 
Security Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsSecurity Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsJohn Varghese
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016Gaurav "GP" Pal
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Amazon Web Services
 

What's hot (20)

Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no try
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security Ninja
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
 
Security Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsSecurity Observability for Cloud Based Applications
Security Observability for Cloud Based Applications
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit Tests
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
 

Viewers also liked

Making the Best Marketing Campaigns Even Better- UK- 2014
Making the Best Marketing Campaigns Even Better- UK- 2014Making the Best Marketing Campaigns Even Better- UK- 2014
Making the Best Marketing Campaigns Even Better- UK- 2014Nielsen Market Research
 
mHealth Apps: Supporting a Healthier Future
mHealth Apps: Supporting a Healthier Future mHealth Apps: Supporting a Healthier Future
mHealth Apps: Supporting a Healthier Future Research Now
 
Ramco Global Payroll on a Single Unified Platform
Ramco Global Payroll on a Single Unified PlatformRamco Global Payroll on a Single Unified Platform
Ramco Global Payroll on a Single Unified PlatformRamco Systems
 
The Correlation between Patient Reported Outcomes and Clinician Reported Outc...
The Correlation between Patient Reported Outcomes and Clinician Reported Outc...The Correlation between Patient Reported Outcomes and Clinician Reported Outc...
The Correlation between Patient Reported Outcomes and Clinician Reported Outc...TransPerfect Trial Interactive
 
Questions to Ask Before Selecting a Global Payroll Provider
Questions to Ask Before Selecting a Global Payroll ProviderQuestions to Ask Before Selecting a Global Payroll Provider
Questions to Ask Before Selecting a Global Payroll ProviderSafeGuard World International
 
How localization can double your revenues
How localization can double your revenuesHow localization can double your revenues
How localization can double your revenuesRWS Moravia
 

Viewers also liked (7)

Making the Best Marketing Campaigns Even Better- UK- 2014
Making the Best Marketing Campaigns Even Better- UK- 2014Making the Best Marketing Campaigns Even Better- UK- 2014
Making the Best Marketing Campaigns Even Better- UK- 2014
 
mHealth Apps: Supporting a Healthier Future
mHealth Apps: Supporting a Healthier Future mHealth Apps: Supporting a Healthier Future
mHealth Apps: Supporting a Healthier Future
 
Metrix lab wat kan en moet je weten
Metrix lab wat kan en moet je wetenMetrix lab wat kan en moet je weten
Metrix lab wat kan en moet je weten
 
Ramco Global Payroll on a Single Unified Platform
Ramco Global Payroll on a Single Unified PlatformRamco Global Payroll on a Single Unified Platform
Ramco Global Payroll on a Single Unified Platform
 
The Correlation between Patient Reported Outcomes and Clinician Reported Outc...
The Correlation between Patient Reported Outcomes and Clinician Reported Outc...The Correlation between Patient Reported Outcomes and Clinician Reported Outc...
The Correlation between Patient Reported Outcomes and Clinician Reported Outc...
 
Questions to Ask Before Selecting a Global Payroll Provider
Questions to Ask Before Selecting a Global Payroll ProviderQuestions to Ask Before Selecting a Global Payroll Provider
Questions to Ask Before Selecting a Global Payroll Provider
 
How localization can double your revenues
How localization can double your revenuesHow localization can double your revenues
How localization can double your revenues
 

Similar to Automating Security Operations on AWS

CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionAmazon Web Services
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?AWS Germany
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSAmazon Web Services
 
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...Amazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
A Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig BaldingA Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig Baldingcraigbalding
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
AWSome Day Philippines Keynote 2015
AWSome Day Philippines Keynote 2015AWSome Day Philippines Keynote 2015
AWSome Day Philippines Keynote 2015Hwee Bee Tan
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS MeetupsJohn Varghese
 

Similar to Automating Security Operations on AWS (20)

CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud Adoption
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
A Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig BaldingA Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig Balding
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
AWSome Day Philippines Keynote 2015
AWSome Day Philippines Keynote 2015AWSome Day Philippines Keynote 2015
AWSome Day Philippines Keynote 2015
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 

Automating Security Operations on AWS

  • 1. Automating Security Operations on AWS Pat McDowell Solutions Architect at AWS Tim Prendergast CEO and Co-Founder at Evident.io Shannon Lietz DevSecOps Leader at Intuit
  • 2. $6.53M 56% 70% Increase in theft of hard intellectual property Of consumers indicated they’d avoid businesses following a security breach Average cost of a data breach Your data and IP are your most valuable assets https://www.csid.com/resources/stats/data-breaches/ http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html https://www.csid.com/resources/stats/data-breaches/
  • 3. In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS can be more secure than your existing environment
  • 4. AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
  • 5. Constantly monitored The AWS infrastructure is protected by extensive network and security monitoring systems: • Network access is monitored by AWS security managers daily • AWS CloudTrail lets you monitor and record all API calls • Use VPC Flow Logs to monitor and analyze network traffic to your instances
  • 6. Highly available The AWS infrastructure footprint protects your data from costly downtime: • 33 Availability Zones in 12 regions for multi-synchronous geographic redundancy • Retain control of where your data resides for compliance with regulatory requirements • Mitigate the risk of DDoS attacks using services like AutoScaling, Route 53
  • 7. Integrated with your existing resources AWS enables you to improve your security using many of your existing tools and practices: • Integrate your existing Active Directory • Use dedicated connections as a secure, low-latency extension of your data center • Provide and manage your own encryption keys if you choose
  • 8. Key AWS Certifications and Assurance Programs
  • 9. +
  • 10. Security Automation is a key differentiator for cloud companies
  • 11. You are responsible for protecting your data/assets Customer Data Applications Identity Access Management OS Network Firewall Client-side Encryption Server-side Encryption Network Traffic Protection Compute Storage Networking AWS Global Infrastructure (Regions, Azs, Edge Locations) AWS: Security of the Cloud Customer: Security on the Cloud
  • 12. You have a huge quantity of intelligence to process This is just a SUBSET of an average company’s data flows Amazon Elasticsearch
  • 13. The Human Challenge Humans have finite scale…
  • 14. …Then we turn to automation.
  • 16. Why automate Security? We’re less than one million security professionals short of “equilibrium” and lagging…
  • 17. No matter how good your process is, Alert Fatigue will trump it… Why automate Security? Alert Psychology proves that fatigue destroys process
  • 18. As infrastructure and software delivery accelerate, there is no alternative. The fallacy of choice…
  • 19. Security DevOps Security Automation is good for everyone  DevOps builds Value  Security builds Trust  Customers / businesses need  Trust and Value
  • 20. Evident Security Platform (ESP)  Built by cloud pioneers from Adobe, AWS, and Netflix  Agentless deployment (<5 mins)  Continuous security scanning & alerting across several AWS Services  Aligns your Security and DevOps teams on protecting cloud assets  Tracks security state to support audit, compliance, and incident response needs
  • 21. Leader in Cloud Security Automation & Innovation Leader in DevSecOps + Evident & Intuit
  • 22. Cloud Security Operations “boldly go where no human has gone before…” Shannon Lietz DevSecOps Leader at Intuit @devsecops
  • 23. The Context… Cloud Security Operations Imagine:  Software defined security  Thousands of changes a day  The biggest “big data” problem MeanTimetoResolution(MTTR) 6 months Fast MTTR… the final frontier
  • 24. So what hinders “secure” innovation @ speed & scale? 1. Manual processes & meeting culture 2. Point in time assessments 3. Friction for friction’s sake 4. Contextual misunderstandings 5. Decisions being made outside of value creation 6. Late constraints and requirements 7. Big commitments, big teams, and big failures 8. Fear of failure, lack of learning 9. Lack of inspiration 10. Management and political interference (approvals, exceptions)
  • 26. Let’s switch some things around… Data Center Network Servers Virtualization Operations Platforms Buyer Identifier Cloud Account(s) Virtual IP Addresses Containerization Appliances Storage Security Features Applications Ephemeral Instances Scale on Demand IAAS, PAAS, SAAS Resource Testing Built-In Security Long-Term Contracts Partner Marketplaces Slow-ish Decisions Experiments
  • 27. Software Defined Security  Requires significant intimate knowledge, context & understanding  Critical Cloud Security Operations Elements: – Zoning & Blast Radius Containment – Instrumentation & Monitoring to create the feedback loop – Security as Code Platform (Whitelisting, Encryption, Authorization) – API Catalog & Testing for the Full Stack – Asset Inventory & Hardened Baselines [Software, Services, Components, etc.]
  • 28. The Basic Cloud Model Cloud Provider Network Backbone Cloud Platform (Orchestration) Network Compute Storage Cloud Account(s) Load Balancers Compute Instances VPCs Block Storage Object Storage Relational Databases NoSQL Databases Containers Content Acceleration Messaging Email Utilities Key Management API/Templates Certificate Management Partner PlatformInternet Backbone
  • 29. Developers have lots of options…
  • 30. Reality… Data Center Cloud Provider Network Internet Cloud Provider Network Data Center Cloud Provider Network Cloud Provider Network Cloud Provider Network
  • 31. And Attackers also have lots of options… Victims Attackers
  • 32. Shift controls & mindset Security Monitoring
  • 33. Cloud Security Operations in the Cloud… Monitor & Inspect Everything insightssecurity science security tools & data Cloud accounts S3 Glacier EC2 CloudTrail ingestion threat intel continuous response security feedback loop (speed matters)
  • 34. What’s this look like in practice? Etc…Etc…Etc…
  • 35. Account Sharding is a new control!  Splitting cloud workloads into many accounts has a benefit.  Accounts should contain less than 100% of a cloud workload.  Works well with APIs; works dismal with forklifts.  What is your appetite for risk? Cloud Workload Templates Cloud Provider Network 33 % 33 % 33 % Attacker Cloud Account Cloud Account Cloud Account
  • 36. Long live APIs…  Everything in the cloud should be an API, even Security…  Protocols that are not cloudy should not span across environments.  If you wouldn’t put it on the Internet then you should put an API and Authentication in front of it: – Messaging – Databases – File Transfers – Logging Cloud Provider Network Tested machine image… Tested instances... Tested roles... Tested passwords... New instance created… Instance 12345 changed… User ABC accessed Instance 12345... B User Routing Data Replication Application Gateway File Transfers Log Sharing Messaging My API
  • 37. Host-Based Controls  Shared Responsibility and Cloud require host-based controls.  Instrumentation is everything!  Fine-grained controls require more scrutiny and bigger big data analysis.  Agents & Outbound Reporting to an API are critical Tested machine image… Tested instances... Tested roles... Tested passwords... New instance created… Instance 12345 changed… User ABC accessed Instance 12345... B Instance Cloud Provider Network Instance
  • 38. Don’t Hug Your Instances…  Research suggests that you should replace your instances at least every 10 days, and that may not be often enough.  Use Blue/Green or Red/Black deployments to reduce security issues by baking in patching.  Make sure to keep a snapshot for forensic and compliance purposes.  Use config management automation to make changes part of the stack.  Refresh routinely; refresh often! 10DAYS
  • 39. Overcoming Inconvenience  Use built-in transparent encryption when possible.  Use native cloud key management and encryption when available.  Develop back up strategies for keys and secrets.  Apply App Level Encryption to help with SQL Injection and preserving Safe Harbor.  Use APIs to exchange data and rotate encryption.
  • 40. Migrating Security to the Left where it can get built-in design build deploy operate How do I secure my app? What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes Happen during design Security is a Design Constraint faster security feedback loop
  • 41. Use Cloud Native Security Features...  Cloud native security features are designed to be cloudy.  Audit is a primary need!  Configuration and baseline checks baked into a Cloud Provider’s Platform help with making decisions and uncovering risks early in the Continuous Delivery cycle.  Be deliberate about how to use built-in security controls and who has access.
  • 42. Secure Baselines & Patterns help a lot! AMI Amazon Elastic MapReduce AWS Import/ Export Security Monitoring Egress Proxy CFn Template Bastion CFn Template Secure VPC CFn Template CloudTrail CFn Template Secrets Bundle MarketPlace templates resourcespatterns services
  • 43. Fanatical Security Testing static UX & Interfaces Micro Services Web Services Code CFn Templates dynamic Build Artifacts Deployment Packages Resources Patterns & Baselines run-time Security Groups Account Configuration Real-Time Updates Patterns & Baselines
  • 44. Red Team, Security Operations & Science  API Key Exposure -> 8 hrs  Default Configs -> 24 Hrs  Security Groups -> 24 Hrs  Escalation of Privs -> 5 D  Known Vuln -> 8 Hrs
  • 45. Cloud Security Disaster Recovery & Forensics is a different animal…  Regional recovery is not enough to cover security woes.  Security events can quickly escalate to disasters.  Got a disaster recovery team?  Multi-Account strategies with separation of duties can help.  Don’t hard code if you can help it.  Encryption is inconvenient, but necessary… Cloud Workload Templates Disaster Templates Cloud Provider Network 50 % 50 % Cloud Account Cloud Account Cloud Account 50 % Cloud Account 50 %
  • 46. Compliance Operations as Continuous Improvement https://www.kpmg.com/BE/en/IssuesAndInsights/ArticlesPublications/Documents/Transforming-Internal-Audit.pdf
  • 47. Code can solve the great divide  Paper-resident policies do not stand up to constant cloud evolution and lessons learned.  Translation from paper to code can lead to mistakes.  Traditional security policies do not 1:1 translate to Full Stack deployments. Data Center • Choose strong passwords • Use MFA • Rotate API credentials • Cross-account access Page 3 of 433 Cloud Provider Network • Lock your doors • Badge in • Authorized personnel only • Background checks EVERYTHING AS CODE
  • 49. Speed & Ease can increase security!  Fast remediation can remove attack path quickly.  Resolution can be achieved in minutes compared to months in a datacenter environment.  Continuous Delivery has an advantage of being able to publish over an attacker.  Built-in forensic snapshots and blue/green publishing can allow for systems to be recovered while an investigation takes place. APP APP DB DB APP DB ATTACKED FORENSICSRECOVERED
  • 50. This could be your MTTR…MeanTimetoResolution(MTTR) 6 months
  • 51. Get Involved and Join the Community  devsecops.org  @devsecops on Twitter  DevSecOps on LinkedIn  DevSecOps on Github  RuggedSoftware.org  Compliance at Velocity

Editor's Notes

  1. At AWS we have a shared security model, where we are responsible for some aspects of security, whereas you get to choose other security measures you put in place. As AWS we are responsible for the security of the underlying infrastructure . That of course include physical security across our regions, our data centers, our availability zones, our edge locations. We are also responsible for the security of the foundation services that underpin the AWS environment. This includes the infrastructure that supports our compute, storage, database and networking services. As a customer, then, you have a choice of what security controls you choose to deploy to protect your virtual networks, servers, your data and what access control policies you wish to put in place. For highly sensitive content and applications you may want to put very stringent controls in place. For less sensitive applications, you may want to dial security back – you get to choose.
  2. We are also certified and accredited by a wide range of regulators and industry bodies. Here is a list of key bodies that have either certified us, or we have a workbook of guidance showing you how to validate an AWS environment against these standards. Top Row (left to right) ISO 27001 Information Security Management ISO 9001 Quality Management Systems Requirements American Institute of Certified Professional Accounts (SOC 1, SOC 2, SOC 3 reports) Payment Card Industry Data Security Standard (PCI-DSS) Federal Information Security Management Cloud Security Alliance Middle Row: TUV Trust IT – independent certification body for the German Federal Office for Information Security (BSI) IT Baseline protection methodology (IT Grundschutz) UK G-Cloud Digital Marketplace HIPAA (Health Information Portability and Accountability Act) Federal Information Processing Standards 140-2 Americans with Disabilities Act Section 508 Motion Pictures of America Association Bottom Row: US International Traffic in Arms Regulations Department of Defense Cloud Security Model Criminal Justice Information Systems (CJIS) Security Policy Federal Risk Authorization Management Program (FedRAMP) Australian Information Risk Assurance Program US Department of Education (FERPA) <FOR MORE IN DEPTH QUESTIONS REFER THE CUSTOMER TO http://aws.amazon.com/compliance FOR MORE DETAILS>
  3. Customer data Platform, applications, identity, and access management Operating system, network, & firewall config Client-side data encryption & integrity authentication, server-side encryption (FS/data), Network Traffic Protection (encryption, integrity, identity) ----------------- customer above, aws below ------------------- Compute | storage | database | networking AWS Global Infrastructure >> [regions | availability zones] | edge locations
  4. Clean up the logos to be good on white
  5. w