SlideShare une entreprise Scribd logo

Best Practices for Managing Security Operations in AWS - March 2017 AWS Online Tech Talks

Amazon Web Services
Amazon Web Services

To help prevent unexpected access to your AWS resources, it is critical to maintain strong identity and access policies. It is equally important to track and alert on changes to your AWS resources. In this tech talk, you will learn how to use AWS Identity and Access Management (IAM) to control access to your AWS resources and integrate your existing authentication system with AWS IAM. We will cover how you can deploy and control your AWS infrastructure using code templates, including change management policies with AWS CloudFormation. In addition, we will explore different options for managing both your AWS access logs and your Amazon Elastic Compute Cloud (EC2) system logs using Amazon CloudWatch Logs. We also will cover how to use these logs to implement an audit and compliance validation process using services such as AWS Config, AWS CloudTrail, and Amazon Inspector. Learning Objectives: • Understand the AWS Shared Responsibility Model. • Understand AWS account and identity management options and configuration. • Learn the concept of infrastructure as code and change management using AWS CloudFormation. • Learn how to audit and log your AWS service usage. • Learn about AWS services to add automatic compliance checks to your AWS infrastructure.

Technologie
1  sur  45
Télécharger pour lire hors ligne
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Armando Leite, Principal Security Architect 03/29/17 Best Practices for Managing Security Operations in AWS
A practical approach to help achieve SecOps excellence + How to leverage AWS services to implement. + Take home toolkit i.e. try it by yourself. Control Monitor Fix What to expect from the session
In detail 1. Introduction 2. CMF: Control/Monitor/Fix - Control: Creating the guardrails. - IAM, Code*, AWS Config - Monitor: Provide visibility - Cloudtrail, Flowlogs, Syslog, Cloudwatch - Fix: Dealing with Exceptions - Lambda 3. In Practice (aka demo) 4. Your take home kit and actions MSB – Minimum Security Baseline Pro Level – What to aim for.
Cloud Adoption Framework The Security Perspective Directive Preventive Detective Responsive Control Monitor ? Fix Driving the right behavior Maintain and assure over time. Get back to known good.
Our guidelines (‘Directive’) Operating principles: 1. Think pipelines/workflows, not isolated controls. 2. Use the data. 3. The SOP is Code.
Control Monitor FixControl Monitor Fix
Phase 1: Control Goal: • Drive towards secure outcomes i.e. Build guardrails Possible options: • IAM • Cloudformation • Code* Best practice: • MSB: Individual users + Least privilege + use of groups. • Pro level: Centralized deployment of controls across N accounts.
AWS Identity and Access Management (IAM)  Enables you to control who can do what in your AWS account  Splits into users, groups, roles, and permissions  Control  Centralized  Fine-grained - APIs, resources, and AWS Management Console  Security  Secure (deny) by default Final decision =“deny” (explicit deny) Ye s Final decision =“allow” Ye s No Is there an Allow? 4 Decision starts at Deny 1 Evaluate all applicable policies 2 Is there an explicit deny? 3 No Final decision =“deny” (default deny) 5  AWS retrieves all policies associated with the user and resource.  Only policies that match the action and conditions are evaluated.  If a policy statement has a deny, it trumps all other policy statements.  Access is granted if there is an explicit allow and no deny. • By default, an implicit (default) deny is returned.
Top 11 IAM best practices 1. Users – Create individual users. 2. Permissions – Grant least privilege. 3. Groups – Manage permissions with groups. 4. Conditions – Restrict privileged access further with conditions. 5. Auditing – Enable AWS CloudTrail to get logs of API calls. 6. Password – Configure a strong password policy. 7. Rotate – Rotate security credentials regularly. 8. MFA – Enable MFA for privileged users. 9. Sharing – Use IAM roles to share access. 10.Roles – Use IAM roles for Amazon EC2 instances. 11.Root – Reduce or remove use of root.
One AWS account vs. multiple AWS accounts? Use a single AWS account when you:  Want simpler control of who does what in your AWS environment.  Have no need to isolate projects/products/teams.  Have no need for breaking up the cost. Use multiple AWS accounts when you:  Need full isolation between projects/teams/environments.  Want to isolate recovery data and/or auditing data (e.g., writing your CloudTrail logs to a different account).  Need a single bill, but want to break out the cost and usage.
Segmented AWS Account Structure Procurement and Finance SOC/Auditors Billing account Production accounts User management account Security / Audit account Application Owners Security/auditUtilityFinancial Consolidated Billing, Billing Alerts Read-only access for all accounts Dev / Test accounts Operational Logging account Backup / DR account Key management account Shared services account Domain Specific Admins Event and State Logging Read-only access to logging data
Introducing AWS Organizations Control AWS service use across accounts Policy-based management for multiple AWS accounts. Consolidate billingAutomate AWS account creation
Typical Use Cases Control the use of AWS services to help comply with corporate security and compliance policies. Automate the creation of AWS accounts for different resources. • API response to trigger additional automation. (e.g. deploy CloudFormation template)
What is AWS CloudFormation? • AWS CloudFormation allows you to model, provision, and update the full breadth of AWS resources. • Manage anything from a single Amazon EC2 instance to a multi-tier application. • Integrates with other development and management tools.
Source Code Running Host Continuous Integration / Continuous Deployment Cloudformation Security
Elements of a Continuous Delivery Pipeline Commit Phase: Source Control changes • Static code analysis: Analyze the CFN templates against a set of security rules Acceptance Phase: Dev Environment • Dynamic analysis: Run template in sandbox / acceptance test environment. Capacity/Integration/Staging Phases: Pre-Prod Environment • Load, performance, Penetration and failover testing. Production Phase: Prod Environment • Deploy controls.
Code* for Infrastructure code Create Stack CloudFormation CodePipeline DevOps Code Push Code Pull Static Code Analysis Lambda Dynamic Security checks Lambda Manual Approval Create ChangeSet CloudFormation Approve ChangeSet Delete Stack CloudFormation Execute ChangeSet CloudFormation Commit Phase Acceptance Phase Prod Phase S3
Control Monitor Fix
Phase 2: Monitor Goals: - Ensure effective operation over time. - Detect anomalies/change. Options: • Cloudtrail, Cloudwatch*, VPC Flowlogs, Config… Best Practice: • MSB: Aggregate log data. • Pro level: Analyze and act on log data as it arrives.
What is AWS CloudTrail? A fully managed service that records API calls made on your AWS account. Customers are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to customers
Alert indexer Triage/Classification rules Cloudtrail Cloudtrail Cloudtrail ... ... Security accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket Automated configuration to enable logging and aggregation destination. Log files deposited in S3 bucket under Security Account. SNS notifies lambda of new events available for processing. Each lambda evaluates a specific compliance item or misuse case. Rules engines help defin action to take based on asset and environment. If dictated by rules engine, event results in notification via email i.e. critical events. Alerts preserved in Dynamodb for reporting and indexing of raw data. All processing in Security Account i.e. no external dependencies to add new logic, log processing, etc.
AWS Config & Config Rules Changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized
AWS Config: Inventory and compliance
AWS Config Rules: Evaluate resource Config
Alert… Account DB Cloudtrail Cloudtrail Cloudtrail ... ... Logging aggregation accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket SQS Dashboard CWE Config Config Config Ticketing…
Alert… Account DB ... ... Logging aggregation accountAccount 1 Account 2 Cloudtrail aggregation bucket SQS Dashboard CWE Ticketing… Cloudtrail Account N Config Flowlogs CloudtrailConfig Flowlogs CloudtrailConfig Flowlogs Flowlogs Aggregation bucket
Control Monitor Fix
Goal: • Return to ‘known good’ • ‘Don’t throw the baby out with the bathwater’… Options: • Lambda shines but whole AWS platform plays a role. Best Practices: • MSB: automate alerting and integrate with ticketing systems. • Pro Level: Closed loop. Fix – Correcting anomalies
Signal Noise Gather Remediate Do Nothing Correct Alert Enrich Stop Measure Spectrum of options
Fix using AWS services Trusted Advisor AWS Config Managed Rules AWS Config Custom Rules with remediation CloudWatch Events with Lambda rules Lambda code with various triggers Ease of getting started vs. customization and control
Security Incident Response Simulations Test and benchmark your security response to security events. Experts from the Security, Risk and Compliance (SRC) practice can help you assess your current state of incident response readiness, then prepare and execute an exercise to practice that response. Objectives: • Assess current incident response processes and procedures • Provide recommendations for using AWS services of incident response • Test the cloud incident response process via a simulated exercise Typical effort: 15 Man Days
Control Monitor FixControl Monitor Fix In practice…
Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are good  Logon ok? Logon is OK! SSH Login! (CWECustom)
Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail SSH Login! (CWECustom) A logon event occurs. We go to Enhanced surveillance mode. Control: - Dynamically add lambda subscriptions to log feeds. Monitor: - In instance activity (privilege escalation) - Initiation of forbidden flows. Fix: - Alert only. Watchful but passive. Enhance OS data analysis Network data analysis Subscribe to Syslog Enable Instance level flowlogs Subscribe to instance flowlogs Flowlogs Logon ok? Logon NOT ok.
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data Root Access CloudWatch
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch Block all
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Block all Dereg ASG/ELB
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Logs Block all Dereg ASG/ELB Amazon EBS snapshots
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active security group EC2 instance Anomaly An escalation occurred and we switched to Active i.e. intervene and get it fixed. Control: - SG to isolate anomalous instance. - Preserve instance for both live and offline analysis. - Deregister application from live use. Monitoring: - We continue to monitor all activity as per previous steps. Fix: - The control actions cause ASG to be 1 instance short and will recover to original fleet size from ‘last known good’.
Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked to TT. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are BACK TO good 
Summary Control: • IAM is the foundation for everything else. • Service catalogue as an option to standardize product distribution. • Code*: Embed security throughout (‘Fail early’). Monitor: • Cloudtrail, Config, Flowlogs,…:To get visibility, you need to see – enable logging. • Data is good. Better if you use it. Great if used to drive automation. Fix: • Reduce ‘Detect-Report-Remediate’ cycles. • Automate to gain speed + free human intellect to more added value tasks.
Take home kit – your turn! #1 Demo code is published • https://github.com/awslabs/automating-governance-sample #2 Implementing DevSecOps using AWS Codepipeline • https://aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline #3 “what should I Control/Monitor/Fix next?” • https://aws.amazon.com/whitepapers/aws-security-best-practices/ #4 (Optional) Come Jam with us!
San Francisco Summit 2017 – April 18 (am) and April 19 (pm) Washington DC, Public Sector Summit - June 12 (pm) More to come… Your company? 
Thank you! Armando Leite, Principal Security Architect

Recommandé

Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
 
Business Track
Business Track Business Track
Business Track Amazon Web Services
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep DiveAmazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 

Recommandé

Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
 
Business Track
Business Track Business Track
Business Track Amazon Web Services
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep DiveAmazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAmazon Web Services
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudAmazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security OverviewAmazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...😸 Richard Spindler
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS SecurityAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processeswhite paper
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management ServicesNagesh Ramamoorthy
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best PracticesAmazon Web Services
 
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)Amazon Web Services
 
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWSAmazon Web Services
 

Contenu connexe

Tendances

Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAmazon Web Services
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudAmazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security OverviewAmazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...😸 Richard Spindler
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processeswhite paper
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management ServicesNagesh Ramamoorthy
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best PracticesAmazon Web Services
 

Tendances (20)

Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the Cloud
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated Billing
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processes
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best Practices
 

En vedette

AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)Amazon Web Services
 
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWSAmazon Web Services
 
Hands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech Talks
Hands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech TalksHands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech Talks
Hands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech TalksAmazon Web Services
 
AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...
AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...
AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...Amazon Web Services
 
AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)
AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)
AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)Amazon Web Services
 
(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS
(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS
(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWSAmazon Web Services
 
AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)
AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)
AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)Amazon Web Services
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesAmazon Web Services
 
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at ScaleAmazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at ScaleAmazon Web Services
 
Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...
Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...
Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...Amazon Web Services
 
Dynamo db pros and cons
Dynamo db pros and consDynamo db pros and cons
Dynamo db pros and consSaniya Khalsa
 
AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...
AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...
AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...Amazon Web Services
 
Understanding AWS Storage Options
Understanding AWS Storage OptionsUnderstanding AWS Storage Options
Understanding AWS Storage OptionsAmazon Web Services
 
AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)
AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)
AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)Amazon Web Services
 
Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...
Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...
Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...Amazon Web Services
 
AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...
AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...
AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...Amazon Web Services
 
Getting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCacheGetting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCacheAmazon Web Services
 

En vedette (20)

AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
AWS re:Invent 2016: Deep Dive on Amazon DynamoDB (DAT304)
 
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
(STG312) Amazon Glacier Deep Dive: Cold Data Storage in AWS
 
(STG402) Amazon EBS Deep Dive
(STG402) Amazon EBS Deep Dive(STG402) Amazon EBS Deep Dive
(STG402) Amazon EBS Deep Dive
 
Hands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech Talks
Hands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech TalksHands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech Talks
Hands-on Labs: Getting Started with AWS - March 2017 AWS Online Tech Talks
 
AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...
AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...
AWS Storage Services - AWS Presentation - AWS Cloud Storage for the Enterpris...
 
AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)
AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)
AWS re:Invent 2016: Migrating Your Data Warehouse to Amazon Redshift (DAT202)
 
(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS
(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS
(STG202) AWS Import/Export Snowball: Large-Scale Data Ingest into AWS
 
AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)
AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)
AWS re:Invent 2016: Deep Dive on Amazon Elastic File System (STG202)
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code Services
 
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at ScaleAmazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
 
Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...
Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...
Announcing AWS Snowball Edge and AWS Snowmobile - December 2016 Monthly Webin...
 
Intro to AWS: Storage Services
Intro to AWS: Storage ServicesIntro to AWS: Storage Services
Intro to AWS: Storage Services
 
Dynamo db pros and cons
Dynamo db pros and consDynamo db pros and cons
Dynamo db pros and cons
 
AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...
AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...
AWS re:Invent 2016: ElastiCache Deep Dive: Best Practices and Usage Patterns ...
 
Understanding AWS Storage Options
Understanding AWS Storage OptionsUnderstanding AWS Storage Options
Understanding AWS Storage Options
 
AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)
AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)
AWS re:Invent 2016: Deep Dive on Amazon Glacier (STG302)
 
Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...
Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...
Accelerating Application Performance with Amazon ElastiCache (DAT207) | AWS r...
 
Deep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDBDeep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDB
 
AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...
AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...
AWS Snowball: Accelerating Large-Scale Data Ingest Into the AWS Cloud | AWS P...
 
Getting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCacheGetting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCache
 

Similaire à Best Practices for Managing Security Operations in AWS - March 2017 AWS Online Tech Talks

Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWSAmazon Web Services
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)Amazon Web Services
 
Automated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAutomated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAmazon Web Services
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...AWS Germany
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesAmazon Web Services
 
Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made SimpleMark Nunnikhoven
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesTensult
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAmazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 

Similaire à Best Practices for Managing Security Operations in AWS - March 2017 AWS Online Tech Talks (20)

Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWS
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
 
Automated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAutomated Governance of Your AWS Resources
Automated Governance of Your AWS Resources
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS Resources
 
Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made Simple
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large Enterprises
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resources
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Getting Started Best Practices
Getting Started Best PracticesGetting Started Best Practices
Getting Started Best Practices
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 

Dernier (20)

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 

Best Practices for Managing Security Operations in AWS - March 2017 AWS Online Tech Talks

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Armando Leite, Principal Security Architect 03/29/17 Best Practices for Managing Security Operations in AWS
  • 2. A practical approach to help achieve SecOps excellence + How to leverage AWS services to implement. + Take home toolkit i.e. try it by yourself. Control Monitor Fix What to expect from the session
  • 3. In detail 1. Introduction 2. CMF: Control/Monitor/Fix - Control: Creating the guardrails. - IAM, Code*, AWS Config - Monitor: Provide visibility - Cloudtrail, Flowlogs, Syslog, Cloudwatch - Fix: Dealing with Exceptions - Lambda 3. In Practice (aka demo) 4. Your take home kit and actions MSB – Minimum Security Baseline Pro Level – What to aim for.
  • 4. Cloud Adoption Framework The Security Perspective Directive Preventive Detective Responsive Control Monitor ? Fix Driving the right behavior Maintain and assure over time. Get back to known good.
  • 5. Our guidelines (‘Directive’) Operating principles: 1. Think pipelines/workflows, not isolated controls. 2. Use the data. 3. The SOP is Code.
  • 7. Phase 1: Control Goal: • Drive towards secure outcomes i.e. Build guardrails Possible options: • IAM • Cloudformation • Code* Best practice: • MSB: Individual users + Least privilege + use of groups. • Pro level: Centralized deployment of controls across N accounts.
  • 8. AWS Identity and Access Management (IAM)  Enables you to control who can do what in your AWS account  Splits into users, groups, roles, and permissions  Control  Centralized  Fine-grained - APIs, resources, and AWS Management Console  Security  Secure (deny) by default Final decision =“deny” (explicit deny) Ye s Final decision =“allow” Ye s No Is there an Allow? 4 Decision starts at Deny 1 Evaluate all applicable policies 2 Is there an explicit deny? 3 No Final decision =“deny” (default deny) 5  AWS retrieves all policies associated with the user and resource.  Only policies that match the action and conditions are evaluated.  If a policy statement has a deny, it trumps all other policy statements.  Access is granted if there is an explicit allow and no deny. • By default, an implicit (default) deny is returned.
  • 9. Top 11 IAM best practices 1. Users – Create individual users. 2. Permissions – Grant least privilege. 3. Groups – Manage permissions with groups. 4. Conditions – Restrict privileged access further with conditions. 5. Auditing – Enable AWS CloudTrail to get logs of API calls. 6. Password – Configure a strong password policy. 7. Rotate – Rotate security credentials regularly. 8. MFA – Enable MFA for privileged users. 9. Sharing – Use IAM roles to share access. 10.Roles – Use IAM roles for Amazon EC2 instances. 11.Root – Reduce or remove use of root.
  • 10. One AWS account vs. multiple AWS accounts? Use a single AWS account when you:  Want simpler control of who does what in your AWS environment.  Have no need to isolate projects/products/teams.  Have no need for breaking up the cost. Use multiple AWS accounts when you:  Need full isolation between projects/teams/environments.  Want to isolate recovery data and/or auditing data (e.g., writing your CloudTrail logs to a different account).  Need a single bill, but want to break out the cost and usage.
  • 11. Segmented AWS Account Structure Procurement and Finance SOC/Auditors Billing account Production accounts User management account Security / Audit account Application Owners Security/auditUtilityFinancial Consolidated Billing, Billing Alerts Read-only access for all accounts Dev / Test accounts Operational Logging account Backup / DR account Key management account Shared services account Domain Specific Admins Event and State Logging Read-only access to logging data
  • 12. Introducing AWS Organizations Control AWS service use across accounts Policy-based management for multiple AWS accounts. Consolidate billingAutomate AWS account creation
  • 13. Typical Use Cases Control the use of AWS services to help comply with corporate security and compliance policies. Automate the creation of AWS accounts for different resources. • API response to trigger additional automation. (e.g. deploy CloudFormation template)
  • 14. What is AWS CloudFormation? • AWS CloudFormation allows you to model, provision, and update the full breadth of AWS resources. • Manage anything from a single Amazon EC2 instance to a multi-tier application. • Integrates with other development and management tools.
  • 15. Source Code Running Host Continuous Integration / Continuous Deployment Cloudformation Security
  • 16. Elements of a Continuous Delivery Pipeline Commit Phase: Source Control changes • Static code analysis: Analyze the CFN templates against a set of security rules Acceptance Phase: Dev Environment • Dynamic analysis: Run template in sandbox / acceptance test environment. Capacity/Integration/Staging Phases: Pre-Prod Environment • Load, performance, Penetration and failover testing. Production Phase: Prod Environment • Deploy controls.
  • 17. Code* for Infrastructure code Create Stack CloudFormation CodePipeline DevOps Code Push Code Pull Static Code Analysis Lambda Dynamic Security checks Lambda Manual Approval Create ChangeSet CloudFormation Approve ChangeSet Delete Stack CloudFormation Execute ChangeSet CloudFormation Commit Phase Acceptance Phase Prod Phase S3
  • 19. Phase 2: Monitor Goals: - Ensure effective operation over time. - Detect anomalies/change. Options: • Cloudtrail, Cloudwatch*, VPC Flowlogs, Config… Best Practice: • MSB: Aggregate log data. • Pro level: Analyze and act on log data as it arrives.
  • 20. What is AWS CloudTrail? A fully managed service that records API calls made on your AWS account. Customers are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to customers
  • 21. Alert indexer Triage/Classification rules Cloudtrail Cloudtrail Cloudtrail ... ... Security accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket Automated configuration to enable logging and aggregation destination. Log files deposited in S3 bucket under Security Account. SNS notifies lambda of new events available for processing. Each lambda evaluates a specific compliance item or misuse case. Rules engines help defin action to take based on asset and environment. If dictated by rules engine, event results in notification via email i.e. critical events. Alerts preserved in Dynamodb for reporting and indexing of raw data. All processing in Security Account i.e. no external dependencies to add new logic, log processing, etc.
  • 22. AWS Config & Config Rules Changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized
  • 23. AWS Config: Inventory and compliance
  • 24. AWS Config Rules: Evaluate resource Config
  • 25. Alert… Account DB Cloudtrail Cloudtrail Cloudtrail ... ... Logging aggregation accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket SQS Dashboard CWE Config Config Config Ticketing…
  • 26. Alert… Account DB ... ... Logging aggregation accountAccount 1 Account 2 Cloudtrail aggregation bucket SQS Dashboard CWE Ticketing… Cloudtrail Account N Config Flowlogs CloudtrailConfig Flowlogs CloudtrailConfig Flowlogs Flowlogs Aggregation bucket
  • 28. Goal: • Return to ‘known good’ • ‘Don’t throw the baby out with the bathwater’… Options: • Lambda shines but whole AWS platform plays a role. Best Practices: • MSB: automate alerting and integrate with ticketing systems. • Pro Level: Closed loop. Fix – Correcting anomalies
  • 30. Fix using AWS services Trusted Advisor AWS Config Managed Rules AWS Config Custom Rules with remediation CloudWatch Events with Lambda rules Lambda code with various triggers Ease of getting started vs. customization and control
  • 31. Security Incident Response Simulations Test and benchmark your security response to security events. Experts from the Security, Risk and Compliance (SRC) practice can help you assess your current state of incident response readiness, then prepare and execute an exercise to practice that response. Objectives: • Assess current incident response processes and procedures • Provide recommendations for using AWS services of incident response • Test the cloud incident response process via a simulated exercise Typical effort: 15 Man Days
  • 32. Control Monitor FixControl Monitor Fix In practice…
  • 33. Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are good  Logon ok? Logon is OK! SSH Login! (CWECustom)
  • 34. Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail SSH Login! (CWECustom) A logon event occurs. We go to Enhanced surveillance mode. Control: - Dynamically add lambda subscriptions to log feeds. Monitor: - In instance activity (privilege escalation) - Initiation of forbidden flows. Fix: - Alert only. Watchful but passive. Enhance OS data analysis Network data analysis Subscribe to Syslog Enable Instance level flowlogs Subscribe to instance flowlogs Flowlogs Logon ok? Logon NOT ok.
  • 35. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data Root Access CloudWatch
  • 36. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch
  • 37. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch Block all
  • 38. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Block all Dereg ASG/ELB
  • 39. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Logs Block all Dereg ASG/ELB Amazon EBS snapshots
  • 40. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active security group EC2 instance Anomaly An escalation occurred and we switched to Active i.e. intervene and get it fixed. Control: - SG to isolate anomalous instance. - Preserve instance for both live and offline analysis. - Deregister application from live use. Monitoring: - We continue to monitor all activity as per previous steps. Fix: - The control actions cause ASG to be 1 instance short and will recover to original fleet size from ‘last known good’.
  • 41. Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked to TT. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are BACK TO good 
  • 42. Summary Control: • IAM is the foundation for everything else. • Service catalogue as an option to standardize product distribution. • Code*: Embed security throughout (‘Fail early’). Monitor: • Cloudtrail, Config, Flowlogs,…:To get visibility, you need to see – enable logging. • Data is good. Better if you use it. Great if used to drive automation. Fix: • Reduce ‘Detect-Report-Remediate’ cycles. • Automate to gain speed + free human intellect to more added value tasks.
  • 43. Take home kit – your turn! #1 Demo code is published • https://github.com/awslabs/automating-governance-sample #2 Implementing DevSecOps using AWS Codepipeline • https://aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline #3 “what should I Control/Monitor/Fix next?” • https://aws.amazon.com/whitepapers/aws-security-best-practices/ #4 (Optional) Come Jam with us!
  • 44. San Francisco Summit 2017 – April 18 (am) and April 19 (pm) Washington DC, Public Sector Summit - June 12 (pm) More to come… Your company? 
  • 45. Thank you! Armando Leite, Principal Security Architect