Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
AWSSecurityArchitecture
Week
ATaleofSecurity&OpsTeamworkforRapidSecurityIncidentResolution
Agenda
●QuickIntroduction
●DefinetheProblemWe’reSolvingFor
●FrameworkforThinkingaboutSecurityandOperations
○People
○Proces...
3
SecurityThatSupportsYourOrganization’s
BusinessObjectives
4hoursto4minutesReal-timeAlerting1ConsoleforComplex
Environmen...
Real-TimeHostMonitoring
Behavior-basedmonitoringanddetectionof
suspiciousevents,featuringanout-of-the-box
rulesetofalertsf...
Thingsthatyouwillneverhear...
5
Cropimagetofitinsidethisbox
“Here’san
awardfornot
lettingusget
breached.”
6
Cropimagetofitinsidethisbox
7
“Idon’tmind
thatyougetin
myway
becauseit’s
protectingour
company.”
Cropimagetofitinsidethisbox
8
“Igetit!That
singlechart
veryclearly
communicates
howmuch
you’vereduced
ourrisk.”
9
“Abreach
wouldn’tbe
thatbigofa
deal.”
10
“Sure,youcan
buythattool.
Towhom
shouldIwrite
thecheck?”
Ops/DevOps/NoOps!SoftwareDefinedEverything!
●Securityisn’tallowedtoretreattotheperimeteranylonger
○Deploymentmodelisn’ttec...
Ops/DevOps/NoOps!SoftwareDefinedEverything!
●Securityisn’tallowedtoretreattotheperimeteranylonger
○Deploymentmodelisn’ttec...
“
13
Focusonincreasingtime-to-exfiltrationand
loweringtime-to-discovery.Bysodoing,
hopefullyyoucanstopincidentsfrombecomin...
14
Youneedallthree.
15
Rethinking“People”
Cropimagetofitinsidethisbox
16
Integration
GoesWay
BeyondAPIs.
Cropimagetofitinsidethisbox
Don’tTryto
HireYourWay
outofEvery
Problem
17
Cropimagetofitinsidethisbox
18
Focuson
Building
Empathy-
NotRules
Rethinking“Process”
19
20
ReduceYourRiskbyIsolating
Failure...Everywhere
Cropimagetofitinsidethisbox
21
Buildprocesses
andpoliciesas
though
everything
wereonthe
Internet.
Cropimagetofitinsidethisbox
22
Thinkabout
which
communication
channelsare
already
working-and
leveragethem.
Rethinking“Technology”
23
Cropimagetofitinsidethisbox
24
Stoptryingto
retrofit
technologythat
wasn’tbuiltfor
thecloud.
Cropimagetofitinsidethisbox
25
Don’tConnect
AWSDirectly
toYourOffice’s
Network.
Cropimagetofitinsidethisbox
26
Stoptryingto
build
everything
yourself.
Sowheredidweland?
27
Whataboutincidents&
respondingtothem?!
28
Everythingwe’vetalkedaboutsupportsincidentresponse,
makingitefficientandmoreeffe...
Ifyouthinkthisisoldhatand
thatitcan’tworkbecauseithas
neverworkedforyou,thenit
soundslikeyou’vealreadymade
upyourmindandyo...
Wheredidweland?Welandedhere
30
1.Leveragetherestoftheorganizationasaforcemultiplier
2.Everythingmustbecontinuousandincreme...
Wanttochatsomemore?
31
Workshoplatertoday
FindaThreatStackteammemberaroundtheLoft
www.threatstack.com
@sbisbee
Entertowina...
Appendix
32
You’ve finished this document.
Upcoming SlideShare
Digital Transformation with smart products - EVRYTHNG
Next
Upcoming SlideShare
Digital Transformation with smart products - EVRYTHNG
Next

0

Share

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

by Threat Stack

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

  1. 1. AWSSecurityArchitecture Week ATaleofSecurity&OpsTeamworkforRapidSecurityIncidentResolution
  2. 2. Agenda ●QuickIntroduction ●DefinetheProblemWe’reSolvingFor ●FrameworkforThinkingaboutSecurityandOperations ○People ○Process ○Tools 2
  3. 3. 3 SecurityThatSupportsYourOrganization’s BusinessObjectives 4hoursto4minutesReal-timeAlerting1ConsoleforComplex Environments SOC2,HIPAA,PCI, HITRUST,SOX404, ISO27001 IncreasedVelocityof YourSecurity Operations Real-timeVisibility intoBehavior (Who,what,where,when?) ContinuousSecurity Monitoring&AlertingAcross YourEnvironment ContinuousCompliance (Automaticcontrols, policies,&procedures)
  4. 4. Real-TimeHostMonitoring Behavior-basedmonitoringanddetectionof suspiciousevents,featuringanout-of-the-box rulesetofalertsformostcommonsecurity events. 4 SpanningyourDataCenterandCloud withOnePlatform VulnerabilityMonitoring Detectsystemsandpackagescontainingknown vulnerabilitiesandcross-referenceagainstmore thantwomillionidentifiedCVEs,automatically categorizethemaccordingtosecurityrisk. ThreatIntelligenceCorrelation Continuouslymonitorconnectionstoknown badaddressesandreceivereal-timealerts whentheseconnectionsoccur. ContinuousCompliance AchievecompliancecriteriaacrossHIPAA,PCI DSS,SOC2,ISO27001,andSOX404 regulationsandregularlyreport/auditrelevant activity. ConfigurationAuditing ScanAWSconfigurationstoensuretheproper securitysettingshavebeenselectedand enabled,whileprovidinganaccuratesecurity baseline. WorkflowIntegrations Increaseefficiencywithout-of-the-box integrationswithpopularconfiguration managementandalertingtools,enablingeasy collaborationacrosssecurityandDevOps teams.
  5. 5. Thingsthatyouwillneverhear... 5
  6. 6. Cropimagetofitinsidethisbox “Here’san awardfornot lettingusget breached.” 6
  7. 7. Cropimagetofitinsidethisbox 7 “Idon’tmind thatyougetin myway becauseit’s protectingour company.”
  8. 8. Cropimagetofitinsidethisbox 8 “Igetit!That singlechart veryclearly communicates howmuch you’vereduced ourrisk.”
  9. 9. 9 “Abreach wouldn’tbe thatbigofa deal.”
  10. 10. 10 “Sure,youcan buythattool. Towhom shouldIwrite thecheck?”
  11. 11. Ops/DevOps/NoOps!SoftwareDefinedEverything! ●Securityisn’tallowedtoretreattotheperimeteranylonger ○Deploymentmodelisn’ttechnicallyfeasible ○Thismodeldidverylittletosecureorganizationsevenintheonpremdatacenter ●SecurityreliesonOperationsfor: ○Installingcontinuousmonitoring(agents,AWSIAM,etc.) ○Remediatingrisksoractivethreats ●OperationsreliesonSecurityfor: ○Requirementsandguidanceonhowtobuildsecuresystems ○Feedbackonwhererisksoractivethreatsare,andhowtoremediatethem ●Thissymbioticrelationshipdependsonahighvelocityfeedbackloop ○Requirestrust,whichoftenrequiresdata ○Requiresorganizationalinvestment-oftenstartswiththeCEO 11
  12. 12. Ops/DevOps/NoOps!SoftwareDefinedEverything! ●Securityisn’tallowedtoretreattotheperimeteranylonger ○Deploymentmodelisn’ttechnicallyfeasible ○Thismodeldidverylittletosecureorganizationsevenintheonpremdatacenter ●SecurityreliesonOperationsfor: ○Installingcontinuousmonitoring(agents,AWSIAM,etc.) ○Remediatingrisksoractivethreats ●OperationsreliesonSecurityfor: ○Requirementsandguidanceonhowtobuildsecuresystems ○Feedbackonwhererisksoractivethreatsare,andhowtoremediatethem ●Thissymbioticrelationshipdependsonahighvelocityfeedbackloop ○Requirestrust,whichoftenrequiresdata ○Requiresorganizationalinvestment-oftenstartswiththeCEO 12 EVERYONECANNOTOWNSECURITY but,everyonedoeshavetoplayarole.
  13. 13. “ 13 Focusonincreasingtime-to-exfiltrationand loweringtime-to-discovery.Bysodoing, hopefullyyoucanstopincidentsfrombecoming breaches. Verizon2017DBIR
  14. 14. 14 Youneedallthree.
  15. 15. 15 Rethinking“People”
  16. 16. Cropimagetofitinsidethisbox 16 Integration GoesWay BeyondAPIs.
  17. 17. Cropimagetofitinsidethisbox Don’tTryto HireYourWay outofEvery Problem 17
  18. 18. Cropimagetofitinsidethisbox 18 Focuson Building Empathy- NotRules
  19. 19. Rethinking“Process” 19
  20. 20. 20 ReduceYourRiskbyIsolating Failure...Everywhere
  21. 21. Cropimagetofitinsidethisbox 21 Buildprocesses andpoliciesas though everything wereonthe Internet.
  22. 22. Cropimagetofitinsidethisbox 22 Thinkabout which communication channelsare already working-and leveragethem.
  23. 23. Rethinking“Technology” 23
  24. 24. Cropimagetofitinsidethisbox 24 Stoptryingto retrofit technologythat wasn’tbuiltfor thecloud.
  25. 25. Cropimagetofitinsidethisbox 25 Don’tConnect AWSDirectly toYourOffice’s Network.
  26. 26. Cropimagetofitinsidethisbox 26 Stoptryingto build everything yourself.
  27. 27. Sowheredidweland? 27
  28. 28. Whataboutincidents& respondingtothem?! 28 Everythingwe’vetalkedaboutsupportsincidentresponse, makingitefficientandmoreeffective.
  29. 29. Ifyouthinkthisisoldhatand thatitcan’tworkbecauseithas neverworkedforyou,thenit soundslikeyou’vealreadymade upyourmindandyourcurrent employerispayingyourpast employersdebts. 29
  30. 30. Wheredidweland?Welandedhere 30 1.Leveragetherestoftheorganizationasaforcemultiplier 2.Everythingmustbecontinuousandincremental,which requiresautomation 3.EmbracethenewfactslikeWAN-onlyandlookfornew solutionswithinthem 4.Writemorecodethanpolicies-bonuspointsforturning yourpoliciesintocode
  31. 31. Wanttochatsomemore? 31 Workshoplatertoday FindaThreatStackteammemberaroundtheLoft www.threatstack.com @sbisbee Entertowina$100amazongiftcardatourtable!!
  32. 32. Appendix 32

by Threat Stack

Views

Total views

406

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

0

Shares

0

Comments

0

Likes

0

×