SlideShare a Scribd company logo

AWS Chicago user group meetup on June 24, 2014

CloudCamp Chicago
CloudCamp Chicago

All presentation slides for the Chicago AWS user group meetup held at Mediafly on June 24, 2014. Thanks to speakers: Ben Hagen, Senior Cloud Security Engineer at Netflix @benhagen Bryan Murphy, Technical Architect at Mediafly @bryanmurphy Aaron Botsis, Lead Product Manager at ThreatStack @aaronb Mattew Long, Founder and CEO at roZoom, Inc @mlong168 Thanks to sponsors: Hosts: Mediafly Beers and drinks: ThreatStack Pizza: el el see Organizers: CohesiveFT See you in July! RSVP here: http://www.meetup.com/Chicago-Amazon-Web-Services-Group/

Technology
1 of 54
Download to read offline
Organizer ! Margaret Walker
 CohesiveFT ! ! Tweet: @MargieWalker
 #AWSChicago Sponsored by Hosted by #AWSChicago
! AWS Chicago Meetup ! July?
6:00 pm Introductions 6:10 pm Lightning Talks ! Live from DC! - Ben Hagen, Senior Cloud Security Engineer at Netflix @benhagen "Securing your AWS installation" - Bryan Murphy,Technical Architect at Mediafly @bryanmurphy "Advanced Monitoring and Detection on Linux-based workloads in AWS" - Aaron Botsis, Lead Product Manager at ThreatStack @aaronb "AWS Security best practices" - Mattew Long, Founder and CEO at roZoom, Inc @mlong168 ! 6:30 pm Q & A 7:00 pm Networking, drinks and pizza Agenda Sponsored by Hosted by #AWSChicago
“Live from DC!” ! Ben Hagen Senior Cloud Security Engineer at Netflix ! Tweet: @benhagen
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
“Securing your AWS installation” ! Bryan Murphy Technical Architect at Mediafly ! Tweet: @bryanmurphy
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
Safe Harbor Statement: Our discussions may include predictions, estimates or other information that might be considered forward-looking. While these forward-looking statements represent our current judgment on what the future holds, they are subject to risks and uncertainties that could cause actual results to differ materially. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our opinions only as of the date of this presentation. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward- looking statements in light of new information or future events. Throughout today’s discussion, we will attempt to convey some important factors relating to our business that may affect our predictions. © 2006-2014 Mediafly, Inc. | Confidential Infrastructure Security Best Practices On Amazon Web Services Bryan Murphy
© 2006-2014 Mediafly, Inc. | Confidential Mediafly, Inc. Technical Architect Back-end services, video processing, scaling and architecture Mobitrac, Inc. Senior Developer Travelling salesman problem, routing algorithms, and mapping RBC/Centura Mortgage Lead Web Developer Online loan officer hosting platform and rate search engine Who am I?
© 2006-2014 Mediafly, Inc. | Confidential Who are we? “The Content Mobility Cloud” We process and store highly sensitive content for Fortune 500 customers, and deliver that content to white-labeled mobile apps and the web • Sales presentations and selling collateral • Pre-release/pre-air video Customers include: • Global banks • Leading consumer-packaged goods companies • TV and theatrical studios Small, passionate, growing team • We are hiring! Search mediafly careers
© 2006-2014 Mediafly, Inc. | Confidential Infrastructural Security Three major areas: Content Infrastructure Operations ● Keeping content encrypted from ingest through delivery ● E.g. key exchange, at-rest encryption, DRM, more ● Hardening server security while ensuring reliability, performance and low cost ● E.g. users and roles, VPC, server bootstrapping ● Ensuring procedures and personnel keep content secure ● E.g. managing account termination, principles of least privilege
© 2006-2014 Mediafly, Inc. | Confidential Secure All Communication The cloud is a hostile environment • Service limitations (no private load balancers, security group limits) • Network limitations (no multicast, no shared ip addresses, etc.) • Noisy neighbors • Malicious third parties What to do: • SSL/TLS everywhere • Encrypt: transports, configuration, data, binaries • Use standard tools (openssl/gnupg) • Implement authorization for internal services
© 2006-2014 Mediafly, Inc. | Confidential Authorization and Access Control Restricted Access • Many credentials, limited permissions • Restricted one-time-use accounts or accounts with expiration where possible Protecting Credentials • Use public key cryptography • Store encrypted credentials in source control IAM Accounts vs. Roles • Roles: good for isolated servers, boot • Accounts: good for services, users DENIED!
© 2006-2014 Mediafly, Inc. | Confidential Isolate Services and Customers Isolation • Isolate services and environments from each other using bulkheads • Examples: VPN, ssh proxy, REST API, message queues Stateless Servers • Deliver credentials as needed using public key cryptography • Execute in sandbox • Purge sandbox on completion
© 2006-2014 Mediafly, Inc. | Confidential Verification Automated Security Testing Regular Audits • Manual internal audits • Third party automated testing • Third party security audits Logging Monitoring
© 2006-2014 Mediafly, Inc. | Confidential Infrastructural Security is a Balancing Act Secure Flexible
© 2006-2014 Mediafly, Inc. | Confidential Thank you! Bryan Murphy twitter.com/bryanmurphy twitter.com/mediafly
“Advanced Monitoring and Detection on Linux-based workloads in AWS” ! Aaron Botsis Lead Product Manager at ThreatStack ! Tweet: @aaronb
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
ADVANCED SECURITY MONITORING FOR THE CLOUD Aaron Botsis @aaronb, @threatstack
who is logging into my (machines|applications|SaaS accounts) ! what are they are running ! of running apps, what are making network activity, and where ! every kernel module loaded every library every file created/modified/removed everything!!!! but why stop there?
but aaron, why?
! prevention fails
thanks, aaron
step 1: audit all of the things logins processes network activity file access kernel modules shared libraries
// `curl google.com` emits this: ! { id: 1018103008, start: 1399236274, end: 1399236275, duration: 1, protocol: 'tcp', byte_count: 1195, packet_count: 11, src_ip_numeric: 3232300674, dst_ip_numeric: 1127355157, src_ip: '192.168.254.130', dst_ip: '67.50.19.21', src_port: 37814, dst_port: 80 } by thinking inside the box
step 2: build behavior profiles does apache always spawn a shell? does that shell always switch privs to root? does root always make network connections to China?
..by thinking outside the box
step 3: anomalies help prevent devs know app best behavior deviations help identify attack new vectors create rules to looks for known misbehavior disable behavioral detection programmatically
Why DevOps.! (…a tangent)
bonus: detection
thank you.
“AWS Security best practices” ! Mattew Long Founder and CEO at roZoom, Inc ! Tweet: @mlong168
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
About Me President & CEO @roZoom Twitter @mlong168 Linkedin: http://linkd.in/T90u7l
AWS Security: Act One
To ensure a secure global infrastructure, AWS configures infrastructure components and provides services and features you can use to enhance security, such as the Identity and Access Management (IAM) service, which you can use to manage users and user permissions in a subset of AWS services. To ensure secure services, AWS offers shared responsibility models for each of the different type of service that we offer: ● Infrastructure services ● Container services ● Abstracted services
Infrastructure Services
Container Services
Abstracted Services
Security Best Practices AWS Management Console/IAM
Security Best Practices AWS Management Console: Enable Two Factor Authentication
Security Best Practices AWS OS-Level Access to EC2 ● Options for security of encryption keys: ○ Store of on encrypted media ○ CloudHSM ○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8 ○ Gazzang: http://bit.ly/1lNkO9m ● Options for Os-Level Authentication ○ LDAP/Active Directory/Kerbose, etc.. ○ Two-Factor auth: Google Authenticator (http: //bit.ly/1lNtwo5),Wikid, RSA ○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8
Security Best Practices Protecting Data at Rest For regulatory or business requirement reasons, you might want to further protect your data at rest stored in Amazon S3, on Amazon EBS, Amazon RDS, or other services from AWS. ● Accidental information disclosure ● Data integrity compromise ● Accidental deletion ● System, infrastructure, hardware or software availability
Security Best Practices Protecting Data at Rest: S3
Security Best Practices Protecting Data at Rest: EBS
Security Best Practices Protecting Data at Rest: RDS/Databases/EMR,etc ● Ensure you encrypt any sensitive information on disk or at the database level ● Always segment out data layer from application layer ● If access if require from outside of AWS regions or network, make sure you use SSL or VPC to encrypt data
Security Best Practices Protecting Data in Transit
Security Best Practices Network Layering
Security Best Practices Other Topics ● DDoS Protection: Black Swan, Cloudflare, Cloudfront ● Monitoring and Alerting: Garylog2, Fluentd, Splunk, Cloudtrail ● Unified Threat Management : AlienVault ● Vulnerability Scanning: MetaSploit, Nessus ● IDS: Snort, OSSEC ● Web Application Firewalls: Imperva, Modsecurity ● Data Loss Prevention ● AWS VPC or Direct connect for on-premise network access ● AWS Trusted Advisor Scanning or Nessus
Credits Credits go to the following: AWS Security Best Practices: http://bit. ly/T97y3I
Q & A ! ! Pizza’s almost here! ! ! Sponsored by Hosted by #AWSChicago

Recommended

CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
Amazon Web Services
 
Designing for API Doomsday
Designing for API DoomsdayDesigning for API Doomsday
Designing for API Doomsday
Elisabeth Bitsch-Christensen
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Evident.io
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
Lacework
 
Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!
Beau Bullock
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 

Recommended

CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
Amazon Web Services
 
Designing for API Doomsday
Designing for API DoomsdayDesigning for API Doomsday
Designing for API Doomsday
Elisabeth Bitsch-Christensen
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...
Evident.io
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
Lacework
 
Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!
Beau Bullock
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World
42Crunch
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
42Crunch
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs
42Crunch
 
Security vulnerabilities decomposition
Security vulnerabilities decompositionSecurity vulnerabilities decomposition
Security vulnerabilities decomposition
Katy Anton
 
Travelocalypse: It's Dangerous Business, Hacker, Going Out Your Front Door
Travelocalypse: It's Dangerous Business, Hacker, Going Out Your Front DoorTravelocalypse: It's Dangerous Business, Hacker, Going Out Your Front Door
Travelocalypse: It's Dangerous Business, Hacker, Going Out Your Front Door
Beau Bullock
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
Lacework
 
Cloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata Service
Puma Security, LLC
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
Nuno Godinho
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit Tests
Puma Security, LLC
 
MultPoint Ltd.company overview 2014 3214 short version
MultPoint Ltd.company overview 2014 3214 short version MultPoint Ltd.company overview 2014 3214 short version
MultPoint Ltd.company overview 2014 3214 short version
Ricardo Resnik
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
Beau Bullock
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
42Crunch
 
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
DevOps.com
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav Srivastav
 
Orchestrating Docker in production - TIAD Camp Docker
Orchestrating Docker in production - TIAD Camp DockerOrchestrating Docker in production - TIAD Camp Docker
Orchestrating Docker in production - TIAD Camp Docker
The Incredible Automation Day
 

More Related Content

What's hot

Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
42Crunch
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs
42Crunch
 
Security vulnerabilities decomposition
Security vulnerabilities decompositionSecurity vulnerabilities decomposition
Security vulnerabilities decomposition
Katy Anton
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
Lacework
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
Beau Bullock
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
42Crunch
 
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
DevOps.com
 

What's hot (20)

API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs
 
Security vulnerabilities decomposition
Security vulnerabilities decompositionSecurity vulnerabilities decomposition
Security vulnerabilities decomposition
 
Travelocalypse: It's Dangerous Business, Hacker, Going Out Your Front Door
Travelocalypse: It's Dangerous Business, Hacker, Going Out Your Front DoorTravelocalypse: It's Dangerous Business, Hacker, Going Out Your Front Door
Travelocalypse: It's Dangerous Business, Hacker, Going Out Your Front Door
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
 
Cloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata Service
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit Tests
 
MultPoint Ltd.company overview 2014 3214 short version
MultPoint Ltd.company overview 2014 3214 short version MultPoint Ltd.company overview 2014 3214 short version
MultPoint Ltd.company overview 2014 3214 short version
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
 
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 

Viewers also liked

Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav Srivastav
 
(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte Scale(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte Scale
Amazon Web Services
 

Viewers also liked (20)

Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
 
Orchestrating Docker in production - TIAD Camp Docker
Orchestrating Docker in production - TIAD Camp DockerOrchestrating Docker in production - TIAD Camp Docker
Orchestrating Docker in production - TIAD Camp Docker
 
Expect the unexpected: Anticipate and prepare for failures in microservices b...
Expect the unexpected: Anticipate and prepare for failures in microservices b...Expect the unexpected: Anticipate and prepare for failures in microservices b...
Expect the unexpected: Anticipate and prepare for failures in microservices b...
 
Introduction to smpc
Introduction to smpc Introduction to smpc
Introduction to smpc
 
Reversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsReversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasics
 
Neuigkeiten von DEPAROM & Co
Neuigkeiten von DEPAROM & CoNeuigkeiten von DEPAROM & Co
Neuigkeiten von DEPAROM & Co
 
Setting up a Digital Business on Cloud
Setting up a Digital Business on CloudSetting up a Digital Business on Cloud
Setting up a Digital Business on Cloud
 
You know, for search
You know, for searchYou know, for search
You know, for search
 
Apostila De Dispositivos EléTricos
Apostila De Dispositivos EléTricosApostila De Dispositivos EléTricos
Apostila De Dispositivos EléTricos
 
AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
 
(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte Scale(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte Scale
 
Evolution of OPNFV CI System: What already exists and what can be introduced
Evolution of OPNFV CI System: What already exists and what can be introduced Evolution of OPNFV CI System: What already exists and what can be introduced
Evolution of OPNFV CI System: What already exists and what can be introduced
 
NSM (Network Security Monitoring) - Tecland Chapeco
NSM (Network Security Monitoring) - Tecland ChapecoNSM (Network Security Monitoring) - Tecland Chapeco
NSM (Network Security Monitoring) - Tecland Chapeco
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at Cohesive
 
Cloud Foundry Logging and Metrics
Cloud Foundry Logging and MetricsCloud Foundry Logging and Metrics
Cloud Foundry Logging and Metrics
 
Yirgacheffe Chelelelktu Washed Coffee 2015
Yirgacheffe Chelelelktu Washed Coffee 2015Yirgacheffe Chelelelktu Washed Coffee 2015
Yirgacheffe Chelelelktu Washed Coffee 2015
 
Jake Fox Pd. 5
Jake Fox Pd. 5Jake Fox Pd. 5
Jake Fox Pd. 5
 
Python Pants Build System for Large Codebases
Python Pants Build System for Large CodebasesPython Pants Build System for Large Codebases
Python Pants Build System for Large Codebases
 
Platform - Technical architecture
Platform - Technical architecturePlatform - Technical architecture
Platform - Technical architecture
 
ITV& Bashton
ITV& Bashton ITV& Bashton
ITV& Bashton
 

Similar to AWS Chicago user group meetup on June 24, 2014

AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
Amazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
Amazon Web Services
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
Amazon Web Services
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
Amazon Web Services
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon Web Services
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
 
Jobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to SecurityJobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to Security
Theodore Kim
 

Similar to AWS Chicago user group meetup on June 24, 2014 (20)

AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
[AWS에서의 미디어 및 엔터테인먼트] 클라우드에서의 브로드캐스팅 서비스
[AWS에서의 미디어 및 엔터테인먼트] 클라우드에서의 브로드캐스팅 서비스[AWS에서의 미디어 및 엔터테인먼트] 클라우드에서의 브로드캐스팅 서비스
[AWS에서의 미디어 및 엔터테인먼트] 클라우드에서의 브로드캐스팅 서비스
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Cloud Innovation Tour - Design Track
Cloud Innovation Tour - Design TrackCloud Innovation Tour - Design Track
Cloud Innovation Tour - Design Track
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
FullDay Faeder on Friday
FullDay Faeder on Friday FullDay Faeder on Friday
FullDay Faeder on Friday
 
FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
Building Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWSBuilding Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWS
 
Jobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to SecurityJobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to Security
 

More from CloudCamp Chicago

CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of ThingsCloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago
 
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All SlidesCloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago
 
CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago
 
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago
 

More from CloudCamp Chicago (20)

CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
 
CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare
 
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
 
CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandl...
CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandl...CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandl...
CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandl...
 
CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of ThingsCloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of Things
 
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
 
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
 
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
 
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All SlidesCloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
 
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
 
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
 
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
 
CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"
 
CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security
 
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
 
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/OCloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
 
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ... Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

AWS Chicago user group meetup on June 24, 2014

  • 3. 6:00 pm Introductions 6:10 pm Lightning Talks ! Live from DC! - Ben Hagen, Senior Cloud Security Engineer at Netflix @benhagen "Securing your AWS installation" - Bryan Murphy,Technical Architect at Mediafly @bryanmurphy "Advanced Monitoring and Detection on Linux-based workloads in AWS" - Aaron Botsis, Lead Product Manager at ThreatStack @aaronb "AWS Security best practices" - Mattew Long, Founder and CEO at roZoom, Inc @mlong168 ! 6:30 pm Q & A 7:00 pm Networking, drinks and pizza Agenda Sponsored by Hosted by #AWSChicago
  • 4. “Live from DC!” ! Ben Hagen Senior Cloud Security Engineer at Netflix ! Tweet: @benhagen
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
  • 5. “Securing your AWS installation” ! Bryan Murphy Technical Architect at Mediafly ! Tweet: @bryanmurphy
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
  • 6. Safe Harbor Statement: Our discussions may include predictions, estimates or other information that might be considered forward-looking. While these forward-looking statements represent our current judgment on what the future holds, they are subject to risks and uncertainties that could cause actual results to differ materially. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our opinions only as of the date of this presentation. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward- looking statements in light of new information or future events. Throughout today’s discussion, we will attempt to convey some important factors relating to our business that may affect our predictions. © 2006-2014 Mediafly, Inc. | Confidential Infrastructure Security Best Practices On Amazon Web Services Bryan Murphy
  • 7. © 2006-2014 Mediafly, Inc. | Confidential Mediafly, Inc. Technical Architect Back-end services, video processing, scaling and architecture Mobitrac, Inc. Senior Developer Travelling salesman problem, routing algorithms, and mapping RBC/Centura Mortgage Lead Web Developer Online loan officer hosting platform and rate search engine Who am I?
  • 8. © 2006-2014 Mediafly, Inc. | Confidential Who are we? “The Content Mobility Cloud” We process and store highly sensitive content for Fortune 500 customers, and deliver that content to white-labeled mobile apps and the web • Sales presentations and selling collateral • Pre-release/pre-air video Customers include: • Global banks • Leading consumer-packaged goods companies • TV and theatrical studios Small, passionate, growing team • We are hiring! Search mediafly careers
  • 9. © 2006-2014 Mediafly, Inc. | Confidential Infrastructural Security Three major areas: Content Infrastructure Operations ● Keeping content encrypted from ingest through delivery ● E.g. key exchange, at-rest encryption, DRM, more ● Hardening server security while ensuring reliability, performance and low cost ● E.g. users and roles, VPC, server bootstrapping ● Ensuring procedures and personnel keep content secure ● E.g. managing account termination, principles of least privilege
  • 10. © 2006-2014 Mediafly, Inc. | Confidential Secure All Communication The cloud is a hostile environment • Service limitations (no private load balancers, security group limits) • Network limitations (no multicast, no shared ip addresses, etc.) • Noisy neighbors • Malicious third parties What to do: • SSL/TLS everywhere • Encrypt: transports, configuration, data, binaries • Use standard tools (openssl/gnupg) • Implement authorization for internal services
  • 11. © 2006-2014 Mediafly, Inc. | Confidential Authorization and Access Control Restricted Access • Many credentials, limited permissions • Restricted one-time-use accounts or accounts with expiration where possible Protecting Credentials • Use public key cryptography • Store encrypted credentials in source control IAM Accounts vs. Roles • Roles: good for isolated servers, boot • Accounts: good for services, users DENIED!
  • 12. © 2006-2014 Mediafly, Inc. | Confidential Isolate Services and Customers Isolation • Isolate services and environments from each other using bulkheads • Examples: VPN, ssh proxy, REST API, message queues Stateless Servers • Deliver credentials as needed using public key cryptography • Execute in sandbox • Purge sandbox on completion
  • 13. © 2006-2014 Mediafly, Inc. | Confidential Verification Automated Security Testing Regular Audits • Manual internal audits • Third party automated testing • Third party security audits Logging Monitoring
  • 14. © 2006-2014 Mediafly, Inc. | Confidential Infrastructural Security is a Balancing Act Secure Flexible
  • 15. © 2006-2014 Mediafly, Inc. | Confidential Thank you! Bryan Murphy twitter.com/bryanmurphy twitter.com/mediafly
  • 16. “Advanced Monitoring and Detection on Linux-based workloads in AWS” ! Aaron Botsis Lead Product Manager at ThreatStack ! Tweet: @aaronb
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
  • 17. ADVANCED SECURITY MONITORING FOR THE CLOUD Aaron Botsis @aaronb, @threatstack
  • 18.
  • 19. who is logging into my (machines|applications|SaaS accounts) ! what are they are running ! of running apps, what are making network activity, and where ! every kernel module loaded every library every file created/modified/removed everything!!!! but why stop there?
  • 21.
  • 24. step 1: audit all of the things logins processes network activity file access kernel modules shared libraries
  • 25. // `curl google.com` emits this: ! { id: 1018103008, start: 1399236274, end: 1399236275, duration: 1, protocol: 'tcp', byte_count: 1195, packet_count: 11, src_ip_numeric: 3232300674, dst_ip_numeric: 1127355157, src_ip: '192.168.254.130', dst_ip: '67.50.19.21', src_port: 37814, dst_port: 80 } by thinking inside the box
  • 26. step 2: build behavior profiles does apache always spawn a shell? does that shell always switch privs to root? does root always make network connections to China?
  • 28. step 3: anomalies help prevent devs know app best behavior deviations help identify attack new vectors create rules to looks for known misbehavior disable behavioral detection programmatically
  • 32. “AWS Security best practices” ! Mattew Long Founder and CEO at roZoom, Inc ! Tweet: @mlong168
 #AWSChicago ! Sponsored by Hosted by #AWSChicago
  • 33.
  • 34. About Me President & CEO @roZoom Twitter @mlong168 Linkedin: http://linkd.in/T90u7l
  • 36.
  • 37.
  • 38. To ensure a secure global infrastructure, AWS configures infrastructure components and provides services and features you can use to enhance security, such as the Identity and Access Management (IAM) service, which you can use to manage users and user permissions in a subset of AWS services. To ensure secure services, AWS offers shared responsibility models for each of the different type of service that we offer: ● Infrastructure services ● Container services ● Abstracted services
  • 42. Security Best Practices AWS Management Console/IAM
  • 43. Security Best Practices AWS Management Console: Enable Two Factor Authentication
  • 44. Security Best Practices AWS OS-Level Access to EC2 ● Options for security of encryption keys: ○ Store of on encrypted media ○ CloudHSM ○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8 ○ Gazzang: http://bit.ly/1lNkO9m ● Options for Os-Level Authentication ○ LDAP/Active Directory/Kerbose, etc.. ○ Two-Factor auth: Google Authenticator (http: //bit.ly/1lNtwo5),Wikid, RSA ○ LDAP/IAM Bridge: http://bit.ly/1lNlgV8
  • 45. Security Best Practices Protecting Data at Rest For regulatory or business requirement reasons, you might want to further protect your data at rest stored in Amazon S3, on Amazon EBS, Amazon RDS, or other services from AWS. ● Accidental information disclosure ● Data integrity compromise ● Accidental deletion ● System, infrastructure, hardware or software availability
  • 48. Security Best Practices Protecting Data at Rest: RDS/Databases/EMR,etc ● Ensure you encrypt any sensitive information on disk or at the database level ● Always segment out data layer from application layer ● If access if require from outside of AWS regions or network, make sure you use SSL or VPC to encrypt data
  • 51. Security Best Practices Other Topics ● DDoS Protection: Black Swan, Cloudflare, Cloudfront ● Monitoring and Alerting: Garylog2, Fluentd, Splunk, Cloudtrail ● Unified Threat Management : AlienVault ● Vulnerability Scanning: MetaSploit, Nessus ● IDS: Snort, OSSEC ● Web Application Firewalls: Imperva, Modsecurity ● Data Loss Prevention ● AWS VPC or Direct connect for on-premise network access ● AWS Trusted Advisor Scanning or Nessus
  • 52.
  • 53. Credits Credits go to the following: AWS Security Best Practices: http://bit. ly/T97y3I
  • 54. Q & A ! ! Pizza’s almost here! ! ! Sponsored by Hosted by #AWSChicago