SlideShare une entreprise Scribd logo

Protect your applications from DDoS/BOT & Advanced Attacks

Amazon Web Services
Amazon Web Services
1  sur  63
Télécharger pour lire hors ligne
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Protect your Applications from DDoS / BOT & Advanced Attacks AWS x F5 Peter Chan Solutions Architect Amazon Web Services Ryan Lo Regional Manager Shape Security Solutions Engineering F5 Networks Clive Chan Manager Solutions Engineering F5 Networks
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection/Amplification Web Request Floods Crawlers Content Scrapers Scanners & Probes Credential Stuffing Denial of Service App Vulnerabilities Bots
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services ü Well Architected Application ü Traffic monitoring for detection and alerts ü Operations and Incident response Cloud native approach Mitigation approach
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS Shield Standard Protects AWS services against common DDoS attacks AWS WAF Protects web applications by allowing you to write custom rules or choose managed rules from AWS or the AWS Marketplace. AWS Shield Advanced Resource specific detections, advanced mitigation, access to SRT, enhanced visibility and economic protection AWS Firewall Manager Centrally configure and manage security rules across accounts and applications Protecting the Application Perimeter
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services ü Available at no additional charge ü Baselining and anomaly detection across all AWS ü Mitigation with proprietary packet filtering stacks using suspicion based scoring ü Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region ü Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 Built-in Protection With Shield Standard Automatic Layer 3/4 protection Recommended with CloudFront and Route 53
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Enhanced Protection 24x7 access to DDoS Response Team (DRT) CloudWatch Metrics Attack Diagnostics Global threat environment dashboard DDoS Expertise Visibility & Compliance Economic Benefits AWS WAF at no additional cost for protected resources AWS Firewall Manager at no additional cost Cost Protection for scaling AWS Shield Standard & Advanced Built-in DDoS Protection for Everyone
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS Shield Advanced
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Shield Response Team (SRT) Pre-Configured Protection Point and Protect Wizard CloudWatch Metrics Attack Diagnostics Global Threat Environment Dashboard Quarterly Security Report AWS WAF at No Additional Cost For protected resources AWS Firewall Manager at No Additional Cost Cost Protection for Scaling AWS Shield Proactive Engagement
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Protect Resources with AWS Shield Amazon CloudFront AWS Shield Amazon Route 53 Elastic Load Balancing AWS Global Accelerator Elastic IP Address
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Easy to configure without changing your application architecture Comprehensive protection against DDoS attack vectors Near-real time event visibility Protection from economic attack vectors AWS Shield Advanced Managed Threat Protection
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services 24x7 access to Shield Response Team Before Attack Proactive consultation and best practice guidance During Attack Attack mitigation After Attack Post-mortem analysis
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS WAF
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Advanced automation: API driven architecture Frictionless set up: No changes required Low operation overhead: Ready to use rules Customizable security: Custom rule engine AWS WAF Web Application Protection
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Amazon CloudFront Application Load Balancer Amazon API Gateway AWS WAF Protect Resources With AWS WAF
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Option to use a rule building engine or JSON to create custom rules, and define: • Type of rule (regular, rate limit) • Different parts of the request to be inspected (IP, country, HTTP attributes..) • Transformations • Logical combination of statements • Action to take (block, allow, count) • Priority of execution Rule Groups
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Set of pre-configured rules that you can deploy on your application • Covers common attack vectors and threats • Curated and maintained by threat research team • Influenced by OWASP Top 10 Web Application Security Risks Available to all customers at no extra charge AWS Managed Rules
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services • Rules written, updated, and managed by security experts • Pay as you go: No lock-in or long-term commitment • Easy to deploy • Choice of protections • OWASP Top 10 & other web exploits • Common Vulnerabilities and Exposures (CVE) • Bot protection • IP reputation lists • CMS rules (WordPress, Joomla, and others) • Apache and NGINX vulnerabilities Marketplace Rules
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services CloudWatch metrics • Metrics on every rule • Allowed | Blocked | Counted | Passed Sampled web requests • Detailed logs of a sample of requests • Automatically available for every rule Full logs • Detailed logs of every request • Optionally enabled for your web ACL Use case Set alarms for notifications Use case Quickly test AWS WAF rules Easy triaging on the console Use case Security analytics, monitoring, automation, auditing, and compliance Visibility options
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Dashboards for WAF SumoLogic
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Basic Bot Mitigation using AWS WAF Amazon Managed Rules for WAF • Amazon IP reputation list • Anonymous Proxy list Rate Based Rules • AWS WAF RBRs Advanced bot protection by AWS partner • F5 Shape Security
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS Firewall Manager
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Ensure compliance to mandatory rules across organization Central management of rules across accounts & applications Enable rapid response to attacks across all accounts AWS Firewall Manager Automatically discover new accounts and remediate non-compliant events AWS Firewall Manager
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Governance examples
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS WAF AWS Shield VPC Security Groups AWS Security Hub Findings in Security Hub
| ©2020 F530 Overview of F5 Managed Security Solutions Clive Chan Manager, Solutions Engineering, HK & Macau
| ©2020 F531 Average Total Cost of a Data Breach Percentage of traffic that is fake or Bot based Shortage of Cybersecurity Experts The Challenges Number of credentials stolen or leaked in 2018 4.07M$3.92M 3 Billion90% F5 LabsShape Security2019 (ISC)2 Cybersecurity Workforce Study IBM/Poneman - 2019 Cost of a Data Breach Report
| ©2020 F532 Your Options For customers that have a large poolof resources and expertise For customers that have DevOps environments or have apps that are constantly changing. For customers with sufficient engineering and SOC resources. For customers that prefer to have their SOC conduct real-time monitoring and incident response. Do It Yourself 3rd Party SecPaaS For customers able to leverage the resources to implement, manage and monitor advanced technical security services 24x7x365. For customers looking for multi-cloud and hybrid (on-premises and cloud) integrated security. Managed Security Service
| ©2020 F533 F5 Silverline Managed Security Services 100+ Security Experts 130+ Countries Serviced 15,000+ Websites Protected 48 Different Verticals 9.4/10 Customer Satisfaction Proven WAF,API, Fraud and Bot mitigation technology Protection of network and web/mobile applications 24x7 global SOC Flexible, reliable, secure and compliant FOR MODERN AND MULTI-CLOUD BUSINESSES
| ©2020 F534 F5 Silverline Managed Services Offerings Silverline Shape Defense Protection against Bots and sophisticated credential stuffing and account take over attacks, carding, and OWASP Automated Threats Patented telemetry and signal collection along with advanced AI/ML Silverline Threat Intelligence Restrict access to customer’s networks and infrastructure for known bad actors (botnets, scanners, spammers, anonymous proxies, etc.) Enable granular threat reporting and automated blocking Silverline Web Application Firewall Managed provisioning and service enablement Expert created WAF policies with specific customization with different customer
| ©2019 F5 NETWORKS35 F5 Silverline Managed Services Global SOC 24x7x365 Continuous Monitoring and Incident Response • Seattle, WA, United States • Warsaw, Poland • Guadalajara, Mexico Global Deployment Model Fully Redundant and Globally Distributed Data Centers • San Jose, CA, US • Ashburn, VA, US • Columbus, OH, US • Frankfurt, Germany • London, UK • Singapore, SG • Sydney, AU | ©2020 F5 NETWORKS35 Active Operations Centers Future Operations CentersSOC Locations • Hong Kong, HK • Mumbai, IN • Montreal, CA • São Paulo, BR • Manama, BH • Tokyo, JP
| ©2020 F536 How Silverline Works
| ©2020 F537 CONFIDENTIAL F5 Silverline Managed Services Value Proposition Enables business transformation Lowers investment risks Enables Business Supports multi-cloud strategy No infrastructure to buy and manage No capex. No lock-in. Lower TCO and IT risks Supports IT Improved threat detection and incident response Secure access to cloud and on-premises applications Flexible options to ‘right- size’ the services Improves Security Maintains PCI and HIPAA Supports customers’ SOX/GDPR/PCI/HIPAA Reduces time to achieve and the cost of managing compliance Maintains Compliance
Protect Your Applications from DDoS & Advanced Attacks (BOT & Credential Stuffing) Ryan Lo Regional Manager, Solutions Engineering F5 Shape Security August 2020
?
Confidential / / Part of F5 4 0 You probably have used Shape before and using Shape NOW. We’re the reason you login a lot less and see fewer CAPTCHAs ?
Confidential / / Part of F5 4 1 Ridiculous captchas 2FA by trying to remember your favorite pizza toppings Password resets Currently, the burden of proving known good is on human users Lots of repetitive logins
Confidential / / Part of F5 Security vs User Experience Confidential 42
Confidential / / Part of F5 Cybercriminals Bypass CAPTCHA Through Solver Service Confidential 43
Confidential / / Part of F5 CAPTCHA Cannot Stop Bad Actors Confidential 44
Confidential / / Part of F5 CAPTCHA Cannot Stop Bad Actors But Block the Real Users Confidential 45
Confidential / / Part of F5 Currently, the burden of proving known good is on human users Confidential Nintendo suggests users to secure their Nintendo Account by enabling 2-Step Verification 46
Confidential / / Part of F5 Fraud occurs when Criminals act like Legitimate Users ? ? ? ? Users (criminals mixed in with good users) Web, Mobile Apps and API Endpoint (serve good users & criminals alike) Criminals (not evident until it’s too late) Organisations must be open to anyone, anywhere, on any device
Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
Confidential / / Part of F5 Retail – Reward Program Aggregators How do fintechs and rewards program operators differentiate good from bad users?
Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
Confidential / / Part of F5 Retail - Inventory Lockout How many Bots are in front of you?
Confidential / / Part of F5 Retail - Sneaker Bots
Confidential / / Part of F5 Retail - Sneaker Bots
Confidential / / Part of F5 Retail - Sneaker Bots Shape signals can identify device farms
Confidential / / Part of F5 Travel - Inventory Scraping Scrapers are increasing the airline’s infrastructure costs and affecting the airline’s ability to manage revenue
Confidential / / Part of F5 Travel - Inventory Scraping How to simulate user behavior through Selenium Attackers started with developer libraries like Selenium and Puppeteer before creating custom tools.
Confidential / / Part of F5 Results - A Fortune Global 2000 Customer April May June 6M 5M 4M 3M 2M 1M 0 HUMAN DETECTED & BLOCKEDDETECTED & FLAGGEDPOSTS TO /LOGIN EVERY THREE HOURS Mitigation Mode (on attacker fingerprints) Mitigation Mode (on new fingerprint Attacker Gives Up Retool Detected in Stage II (update Stage I) Observation Mode (flagging only)
Confidential / / Part of F5 Multi-stage detection is paramount Shape provides multi-stage detection as a service WEB & MOBILE BROWSER INTERNET NATIVE MOBILE APPS Mobile SDK CUSTOMER ORIGIN SERVERS 24x7 STAGE IISTAGE I MACHINE LEARNING ARTIFICIAL INTELLIGENCE Good Traffic Bad Traffic AWS CloudFront JS
Confidential / / Part of F5 Reducing Friction, Fraud and Fiction 61 Identify and mitigate unwanted traffic Differentiate good customers from bad customers Create a friction free user experience and increase revenue
Confidential / / Part of F5 Multi-stage detection is paramount Shape provides multi-stage detection as a service WEB & MOBILE BROWSER INTERNET NATIVE MOBILE APPS Mobile SDK CUSTOMER ORIGIN SERVERS STAGE IISTAGE I LOAD BALANCER MACHINE LEARNING ARTIFICIAL INTELLIGENCE appliance Good Traffic Bad Traffic COMPANY COUNTRY SECTOR FUNDING ($ MIL.)
Confidential / / Part of F5 Multi-stage defense enables long term efficacy Actual Shape customer’s journey to less than 1% automation 2019 78 % Automated <1 % Automated 2018
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Q & A
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Thank you Please give us feedbacks!
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Private subnet Protecting web applications Amazon CloudFront Amazon Route 53 AWS WAF AWS Cloud Public subnet ALB AWS Edge Services Region AWS WAF Compute Capacity Amazon S3 Shield Advanced protected resource VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Public subnet Protecting latency sensitive applications AWS Global Accelerator Amazon Route 53 AWS Cloud Network Load Balancer AWS Edge Services TLS Region Private subnet Compute Capacity Shield Advanced protected resource EI P VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Costs Service Cost WAF Web ACL $5.00 per month (prorated hourly) Rule $1.00 per month (prorated hourly) Request $0.60 per 1 million requests Firewall Manager Charges incurred by AWS Firewall Manager are for the underlying services, such as AWS Config(additional charges may apply if not subscribed to Shield Advanced) Shield Advanced Subscription Commitment 1 Year* Monthly Fee per Organization $3,000.00 Data Transfer Out Usage Fees Apply

Recommandé

AWS Lambda
AWS LambdaAWS Lambda
AWS LambdaMuhammed YALÇIN
 
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud WatchzekeLabs Technologies
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 

Recommandé

AWS Lambda
AWS LambdaAWS Lambda
AWS LambdaMuhammed YALÇIN
 
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud WatchzekeLabs Technologies
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Aws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramAws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramVishnu Sure
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFrontAmazon Web Services
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...Amazon Web Services Korea
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...Amazon Web Services Korea
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...Amazon Web Services Korea
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation MasterclassAmazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Amazon Web Services
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyVladimir Simek
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 

Contenu connexe

Tendances

AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Aws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramAws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramVishnu Sure
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...Amazon Web Services Korea
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...Amazon Web Services Korea
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...Amazon Web Services Korea
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Amazon Web Services
 

Tendances (20)

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
Aws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramAws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cram
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFront
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
Internal Architecture of Amazon Aurora (Level 400) - 발표자: 정달영, APAC RDS Speci...
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
 

Similaire à Protect your applications from DDoS/BOT & Advanced Attacks

AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyVladimir Simek
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfAmazon Web Services
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...RoiElbaz1
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application securityRobSutter2
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAmazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptxTrack 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptxAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 

Similaire à Protect your applications from DDoS/BOT & Advanced Attacks (20)

AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdf
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF Response
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application security
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptxTrack 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & Remediation
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Protect your applications from DDoS/BOT & Advanced Attacks

  • 1. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Protect your Applications from DDoS / BOT & Advanced Attacks AWS x F5 Peter Chan Solutions Architect Amazon Web Services Ryan Lo Regional Manager Shape Security Solutions Engineering F5 Networks Clive Chan Manager Solutions Engineering F5 Networks
  • 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Common External Threats SQL Injection Cross-site Scripting (XSS) OWASP Top 10 Common Vulnerabilities and Exposures (CVE) SYN Floods Reflection/Amplification Web Request Floods Crawlers Content Scrapers Scanners & Probes Credential Stuffing Denial of Service App Vulnerabilities Bots
  • 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services ü Well Architected Application ü Traffic monitoring for detection and alerts ü Operations and Incident response Cloud native approach Mitigation approach
  • 4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS Shield Standard Protects AWS services against common DDoS attacks AWS WAF Protects web applications by allowing you to write custom rules or choose managed rules from AWS or the AWS Marketplace. AWS Shield Advanced Resource specific detections, advanced mitigation, access to SRT, enhanced visibility and economic protection AWS Firewall Manager Centrally configure and manage security rules across accounts and applications Protecting the Application Perimeter
  • 5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services ü Available at no additional charge ü Baselining and anomaly detection across all AWS ü Mitigation with proprietary packet filtering stacks using suspicion based scoring ü Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region ü Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 Built-in Protection With Shield Standard Automatic Layer 3/4 protection Recommended with CloudFront and Route 53
  • 6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Enhanced Protection 24x7 access to DDoS Response Team (DRT) CloudWatch Metrics Attack Diagnostics Global threat environment dashboard DDoS Expertise Visibility & Compliance Economic Benefits AWS WAF at no additional cost for protected resources AWS Firewall Manager at no additional cost Cost Protection for scaling AWS Shield Standard & Advanced Built-in DDoS Protection for Everyone
  • 7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS Shield Advanced
  • 8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Benefits of AWS Shield Standard and Shield Advanced Detection and Mitigation Faster Mitigation, Customized to Your Application 24x7 Shield Response Team (SRT) Pre-Configured Protection Point and Protect Wizard CloudWatch Metrics Attack Diagnostics Global Threat Environment Dashboard Quarterly Security Report AWS WAF at No Additional Cost For protected resources AWS Firewall Manager at No Additional Cost Cost Protection for Scaling AWS Shield Proactive Engagement
  • 9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Protect Resources with AWS Shield Amazon CloudFront AWS Shield Amazon Route 53 Elastic Load Balancing AWS Global Accelerator Elastic IP Address
  • 10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Easy to configure without changing your application architecture Comprehensive protection against DDoS attack vectors Near-real time event visibility Protection from economic attack vectors AWS Shield Advanced Managed Threat Protection
  • 11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services 24x7 access to Shield Response Team Before Attack Proactive consultation and best practice guidance During Attack Attack mitigation After Attack Post-mortem analysis
  • 12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS WAF
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Advanced automation: API driven architecture Frictionless set up: No changes required Low operation overhead: Ready to use rules Customizable security: Custom rule engine AWS WAF Web Application Protection
  • 14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Amazon CloudFront Application Load Balancer Amazon API Gateway AWS WAF Protect Resources With AWS WAF
  • 15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Option to use a rule building engine or JSON to create custom rules, and define: • Type of rule (regular, rate limit) • Different parts of the request to be inspected (IP, country, HTTP attributes..) • Transformations • Logical combination of statements • Action to take (block, allow, count) • Priority of execution Rule Groups
  • 16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Set of pre-configured rules that you can deploy on your application • Covers common attack vectors and threats • Curated and maintained by threat research team • Influenced by OWASP Top 10 Web Application Security Risks Available to all customers at no extra charge AWS Managed Rules
  • 17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services • Rules written, updated, and managed by security experts • Pay as you go: No lock-in or long-term commitment • Easy to deploy • Choice of protections • OWASP Top 10 & other web exploits • Common Vulnerabilities and Exposures (CVE) • Bot protection • IP reputation lists • CMS rules (WordPress, Joomla, and others) • Apache and NGINX vulnerabilities Marketplace Rules
  • 18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services CloudWatch metrics • Metrics on every rule • Allowed | Blocked | Counted | Passed Sampled web requests • Detailed logs of a sample of requests • Automatically available for every rule Full logs • Detailed logs of every request • Optionally enabled for your web ACL Use case Set alarms for notifications Use case Quickly test AWS WAF rules Easy triaging on the console Use case Security analytics, monitoring, automation, auditing, and compliance Visibility options
  • 19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Dashboards for WAF SumoLogic
  • 20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Basic Bot Mitigation using AWS WAF Amazon Managed Rules for WAF • Amazon IP reputation list • Anonymous Proxy list Rate Based Rules • AWS WAF RBRs Advanced bot protection by AWS partner • F5 Shape Security
  • 21. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS Firewall Manager
  • 22. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Ensure compliance to mandatory rules across organization Central management of rules across accounts & applications Enable rapid response to attacks across all accounts AWS Firewall Manager Automatically discover new accounts and remediate non-compliant events AWS Firewall Manager
  • 23. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Governance examples
  • 24. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services AWS WAF AWS Shield VPC Security Groups AWS Security Hub Findings in Security Hub
  • 25. | ©2020 F530 Overview of F5 Managed Security Solutions Clive Chan Manager, Solutions Engineering, HK & Macau
  • 26. | ©2020 F531 Average Total Cost of a Data Breach Percentage of traffic that is fake or Bot based Shortage of Cybersecurity Experts The Challenges Number of credentials stolen or leaked in 2018 4.07M$3.92M 3 Billion90% F5 LabsShape Security2019 (ISC)2 Cybersecurity Workforce Study IBM/Poneman - 2019 Cost of a Data Breach Report
  • 27. | ©2020 F532 Your Options For customers that have a large poolof resources and expertise For customers that have DevOps environments or have apps that are constantly changing. For customers with sufficient engineering and SOC resources. For customers that prefer to have their SOC conduct real-time monitoring and incident response. Do It Yourself 3rd Party SecPaaS For customers able to leverage the resources to implement, manage and monitor advanced technical security services 24x7x365. For customers looking for multi-cloud and hybrid (on-premises and cloud) integrated security. Managed Security Service
  • 28. | ©2020 F533 F5 Silverline Managed Security Services 100+ Security Experts 130+ Countries Serviced 15,000+ Websites Protected 48 Different Verticals 9.4/10 Customer Satisfaction Proven WAF,API, Fraud and Bot mitigation technology Protection of network and web/mobile applications 24x7 global SOC Flexible, reliable, secure and compliant FOR MODERN AND MULTI-CLOUD BUSINESSES
  • 29. | ©2020 F534 F5 Silverline Managed Services Offerings Silverline Shape Defense Protection against Bots and sophisticated credential stuffing and account take over attacks, carding, and OWASP Automated Threats Patented telemetry and signal collection along with advanced AI/ML Silverline Threat Intelligence Restrict access to customer’s networks and infrastructure for known bad actors (botnets, scanners, spammers, anonymous proxies, etc.) Enable granular threat reporting and automated blocking Silverline Web Application Firewall Managed provisioning and service enablement Expert created WAF policies with specific customization with different customer
  • 30. | ©2019 F5 NETWORKS35 F5 Silverline Managed Services Global SOC 24x7x365 Continuous Monitoring and Incident Response • Seattle, WA, United States • Warsaw, Poland • Guadalajara, Mexico Global Deployment Model Fully Redundant and Globally Distributed Data Centers • San Jose, CA, US • Ashburn, VA, US • Columbus, OH, US • Frankfurt, Germany • London, UK • Singapore, SG • Sydney, AU | ©2020 F5 NETWORKS35 Active Operations Centers Future Operations CentersSOC Locations • Hong Kong, HK • Mumbai, IN • Montreal, CA • São Paulo, BR • Manama, BH • Tokyo, JP
  • 31. | ©2020 F536 How Silverline Works
  • 32. | ©2020 F537 CONFIDENTIAL F5 Silverline Managed Services Value Proposition Enables business transformation Lowers investment risks Enables Business Supports multi-cloud strategy No infrastructure to buy and manage No capex. No lock-in. Lower TCO and IT risks Supports IT Improved threat detection and incident response Secure access to cloud and on-premises applications Flexible options to ‘right- size’ the services Improves Security Maintains PCI and HIPAA Supports customers’ SOX/GDPR/PCI/HIPAA Reduces time to achieve and the cost of managing compliance Maintains Compliance
  • 33. Protect Your Applications from DDoS & Advanced Attacks (BOT & Credential Stuffing) Ryan Lo Regional Manager, Solutions Engineering F5 Shape Security August 2020
  • 34. ?
  • 35. Confidential / / Part of F5 4 0 You probably have used Shape before and using Shape NOW. We’re the reason you login a lot less and see fewer CAPTCHAs ?
  • 36. Confidential / / Part of F5 4 1 Ridiculous captchas 2FA by trying to remember your favorite pizza toppings Password resets Currently, the burden of proving known good is on human users Lots of repetitive logins
  • 37. Confidential / / Part of F5 Security vs User Experience Confidential 42
  • 38. Confidential / / Part of F5 Cybercriminals Bypass CAPTCHA Through Solver Service Confidential 43
  • 39. Confidential / / Part of F5 CAPTCHA Cannot Stop Bad Actors Confidential 44
  • 40. Confidential / / Part of F5 CAPTCHA Cannot Stop Bad Actors But Block the Real Users Confidential 45
  • 41. Confidential / / Part of F5 Currently, the burden of proving known good is on human users Confidential Nintendo suggests users to secure their Nintendo Account by enabling 2-Step Verification 46
  • 42. Confidential / / Part of F5 Fraud occurs when Criminals act like Legitimate Users ? ? ? ? Users (criminals mixed in with good users) Web, Mobile Apps and API Endpoint (serve good users & criminals alike) Criminals (not evident until it’s too late) Organisations must be open to anyone, anywhere, on any device
  • 43. Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
  • 44. Confidential / / Part of F5 Retail – Reward Program Aggregators How do fintechs and rewards program operators differentiate good from bad users?
  • 45. Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
  • 46. Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
  • 47. Confidential / / Part of F5 Retail – Reward Program Aggregators They provide a valuable alternative
  • 48. Confidential / / Part of F5 Retail - Inventory Lockout How many Bots are in front of you?
  • 49. Confidential / / Part of F5 Retail - Sneaker Bots
  • 50. Confidential / / Part of F5 Retail - Sneaker Bots
  • 51. Confidential / / Part of F5 Retail - Sneaker Bots Shape signals can identify device farms
  • 52. Confidential / / Part of F5 Travel - Inventory Scraping Scrapers are increasing the airline’s infrastructure costs and affecting the airline’s ability to manage revenue
  • 53. Confidential / / Part of F5 Travel - Inventory Scraping How to simulate user behavior through Selenium Attackers started with developer libraries like Selenium and Puppeteer before creating custom tools.
  • 54. Confidential / / Part of F5 Results - A Fortune Global 2000 Customer April May June 6M 5M 4M 3M 2M 1M 0 HUMAN DETECTED & BLOCKEDDETECTED & FLAGGEDPOSTS TO /LOGIN EVERY THREE HOURS Mitigation Mode (on attacker fingerprints) Mitigation Mode (on new fingerprint Attacker Gives Up Retool Detected in Stage II (update Stage I) Observation Mode (flagging only)
  • 55. Confidential / / Part of F5 Multi-stage detection is paramount Shape provides multi-stage detection as a service WEB & MOBILE BROWSER INTERNET NATIVE MOBILE APPS Mobile SDK CUSTOMER ORIGIN SERVERS 24x7 STAGE IISTAGE I MACHINE LEARNING ARTIFICIAL INTELLIGENCE Good Traffic Bad Traffic AWS CloudFront JS
  • 56. Confidential / / Part of F5 Reducing Friction, Fraud and Fiction 61 Identify and mitigate unwanted traffic Differentiate good customers from bad customers Create a friction free user experience and increase revenue
  • 57. Confidential / / Part of F5 Multi-stage detection is paramount Shape provides multi-stage detection as a service WEB & MOBILE BROWSER INTERNET NATIVE MOBILE APPS Mobile SDK CUSTOMER ORIGIN SERVERS STAGE IISTAGE I LOAD BALANCER MACHINE LEARNING ARTIFICIAL INTELLIGENCE appliance Good Traffic Bad Traffic COMPANY COUNTRY SECTOR FUNDING ($ MIL.)
  • 58. Confidential / / Part of F5 Multi-stage defense enables long term efficacy Actual Shape customer’s journey to less than 1% automation 2019 78 % Automated <1 % Automated 2018
  • 59. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Q & A
  • 60. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Thank you Please give us feedbacks!
  • 61. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Private subnet Protecting web applications Amazon CloudFront Amazon Route 53 AWS WAF AWS Cloud Public subnet ALB AWS Edge Services Region AWS WAF Compute Capacity Amazon S3 Shield Advanced protected resource VPC
  • 62. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Public subnet Protecting latency sensitive applications AWS Global Accelerator Amazon Route 53 AWS Cloud Network Load Balancer AWS Edge Services TLS Region Private subnet Compute Capacity Shield Advanced protected resource EI P VPC
  • 63. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EDGE Services Costs Service Cost WAF Web ACL $5.00 per month (prorated hourly) Rule $1.00 per month (prorated hourly) Request $0.60 per 1 million requests Firewall Manager Charges incurred by AWS Firewall Manager are for the underlying services, such as AWS Config(additional charges may apply if not subscribed to Shield Advanced) Shield Advanced Subscription Commitment 1 Year* Monthly Fee per Organization $3,000.00 Data Transfer Out Usage Fees Apply