Cloud-Native DDoS Attack Mitigation

•

0 j'aime•607 vues

This document discusses cloud-native DDoS attack mitigation and provides an overview of how AWS services can help. It describes the evolution from on-premise to cloud-routed to cloud-native DDoS mitigation strategies. It also outlines AWS Shield Standard and Advanced protections that provide automatic DDoS protection for AWS resources. The presentation aims to help users prepare resilient architectures, monitor applications for issues, and respond to DDoS events through demonstrations of AWS services like WAF, CloudFront, Route 53, and more.

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Pop-up Loft
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Cloud-Native DDoS Attack Mitigation
Shawn Marck
System Development Manager

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Today’s Objectives
• Overview of DDoS attacks and other threats
• Evolution of DDoS mitigation strategy
• PREPARE: Build a DDoS-resilient application on AWS
• MONITOR: Demonstration on application monitoring and alarms
• RESPOND: Demonstration on DDoS event response

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Types of Threats
Bad BotsDDoS Application Attacks
UDP floods
SYN floods
Slowloris
SSL abuse
HTTP floods
UDP reflection
Content scrapers
Scanners & probes
CrawlersApplication
Layer
Network /
Transport
Layer
SQL injection
Application exploits

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Evolution of DDoS Mitigation
On-Premise Cloud-Routed Cloud-Native

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
On-Premise
• Scale network and fixed
infrastructure to mitigate DDoS
attacks on-site
• Visibility and control
• Large capital expenditures,
maintenance costs, and in-house
expertise

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Cloud-Routed
• Route traffic to other networks for
better mitigation capacity, managed
services
• Mitigate larger DDoS attacks
without upfront investment or in-
house expertise
• Black box solution – can introduce
latency, additional points of failure,
increased operating costs

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Cloud-Native
• Automatic, always-on DDoS
protection for all applications on AWS
• Leverage 16 AWS Regions and 76
Edge Locations to mitigate large
attacks close to the source
• Simple, flexible, and affordable
• Robust capabilities without
undifferentiated heavy-lifting

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS Shield
Standard Protection Advanced Protection
Available to ALL AWS customers at
no additional cost
Paid service that provides additional
protections, features, and benefits

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Effective Against:
• SYN Floods
• Reflection Attacks
• Suspicious
Sources
Effective Against:
• SSL Attacks
• Slowloris
• Malformed HTTP
Effective Against:
• HTTP Floods
• Bad Bots
• Suspicious IPs
Defense In Depth
Border Network
Network Layer Mitigations
AWS Services
Web Layer Mitigations
Customer Infrastructure
DDoS
Detection
Internet
Internet-Layer
Mitigations
DDoS
Effective Against:
• Large-scale
attacks
Effective Against:
• Sophisticated
Layer 7 attacks
DDoS
Response
Team

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
PREPARE: DDoS-Resilient Architecture
Amazon
Route 53
ALB Security Group
Amazon
EC2
Instances
Application
Load Balancer
Amazon
CloudFront
Public Subnet
Web Application
Security Group
Private Subnet
AWS WAF
Amazon
API Gateway
DDoS
Attack
Users
Globally distributed attack
mitigation capability
SYN proxy feature that verifies
three-way handshake before
passing to the application
Slowloris mitigation that reaps
long-lived collections
Mitigates complex attacks by
allowing only the most reliable
DNS queries
Validates DNS
Provides flexible rule language
to block or rate-limit malicious
requests

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Demonstration

Contenu connexe

Tendances

Cloud with Cyber Security

Niki Upadhyay

Secure code practices

Hina Rawal

introduction to Azure Sentinel

Robert Crane

Wazuh Security Platform

Pituphong Yavirach

CLOUD NATIVE SECURITY

Maganathin Veeraragaloo

DDoS Protection

Amazon Web Services

Cyber Security Vulnerabilities

Siemplify

Understanding Your Attack Surface and Detecting & Mitigating External Threats Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how. Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How: What is a Digital Footprint? Breakdown of External Threats (Social, Mobile, Web) What are blended attacks? What is actually being targeting at your company? How are your brands, customers, and employees being attack outside of your company? How to become proactive in threat monitoring on the internet? Considerations in External Threat solutions Threat correspondence tracking considerations Is legal cease and desist letters adequate in stopping attacks? Examination of a phishing attack campaign How phishing kits work Analysis and lesson learned from recent published attacks What are the most important capability in a digital risk monitoring solution?

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Ulf Mattsson

Web application security

Kapil Sharma

Cybersecurity Training

WindstoneHealth

Cybersecurity Attack Vectors: How to Protect Your Organization

TriCorps Technologies

How To Learn The Network Security Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna. Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan. Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau. Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer. Terimakasih

Network Security Fundamentals

Rahmat Suhatman

IBM Security Software Solutions - Powerpoint

Thierry Matusiak

4_Session 1- Universal ZTNA.pptx

aungyekhant1

A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy. Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles. Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access. Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options. Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes. Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions. Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed. Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.

Microsoft Zero Trust

David J Rosenthal

VAPT - Vulnerability Assessment & Penetration Testing

Netpluz Asia Pte Ltd

Patch and Vulnerability Management

Marcelo Martins

Cyber security fundamentals

Cloudflare

The session focuses The session focuses how EDR detects suspicious or threatening activity on endpoints. EDR constantly monitors endpoints allowing for immediate response. The information collected from the monitoring process is recorded to be analysed and investigated to enable response. The session is handled by Mr.Ranjit Sawant, Regional Security Architect (APAC), FireEye Inc. With over 16 years’ experience in Information Security, he has been working with various verticals such as BFSI, IT Services and Manufacturing.Being a technocrat, Ranjit worked on technologies pertaining to Endpoint, Network, Application Security and since last 8+ years his focus & investment is on Advance Threat Protection Solutions.

Endpoint Detection & Response - FireEye

Prime Infoserv

Endpoint Security

Ahmed Hashem El Fiky

Tendances (20)

Cloud with Cyber Security

Secure code practices

introduction to Azure Sentinel

Wazuh Security Platform

CLOUD NATIVE SECURITY

DDoS Protection

Cyber Security Vulnerabilities

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Web application security

Cybersecurity Training

Cybersecurity Attack Vectors: How to Protect Your Organization

Network Security Fundamentals

IBM Security Software Solutions - Powerpoint

4_Session 1- Universal ZTNA.pptx

Microsoft Zero Trust

VAPT - Vulnerability Assessment & Penetration Testing

Patch and Vulnerability Management

Cyber security fundamentals

Endpoint Detection & Response - FireEye

Endpoint Security

Similaire à Cloud-Native DDoS Attack Mitigation

Cloud Native DDoS Attack Mitigation

Amazon Web Services

DDoS Resiliency

Amazon Web Services

雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)

Amazon Web Services

Cloud-Native DDoS Mitigation - AWS Online Tech Talks

Amazon Web Services

Automating DDoS and WAF Response

Amazon Web Services

In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments. Level 200

Intro to Threat Detection and Remediation on AWS

Amazon Web Services

Intro to threat_detection_and_remediation on aws

Bela Sojina MBA, PMP

Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch.

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

Amazon Web Services

Speaker: Andrew Kane, AWS Level: 300/400 Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as AWS Web Application Firewall, AWS Shield, AWS CloudWatch, and more. You will also learn how to use Lambda functions to automate event response and integrate with your security operations tools.

Automating DDos and WAF responses - AWS Summit Cape Town 2018

Amazon Web Services

by Cameron Worrell, Sr. Solutions Architect, AWS In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.

Introduction to Threat Detection and Remediation on AWS

Amazon Web Services

by Cameron Worrell, Solutions Architect, AWS In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.

Introduction to Threat Detection and Remediation

Amazon Web Services

In this session, you learn how to adapt application defenses and operational responses based on your unique requirements. You also hear directly from customers about how they architected their applications on AWS to protect their applications. There are many ways to build secure, high-availability applications in the cloud. Services such as API Gateway, Amazon VPC, ALB, ELB, and Amazon EC2 are the basic building blocks that enable you to address a wide range of use cases. Best practices for defending your applications against Distributed Denial of Service (DDoS) attacks, exploitation attempts, and bad bots can vary with your choices in architecture.

Cloud-Native App Protection: Web Application Security at Pearson and other cu...

Amazon Web Services

Intro to Threat Detection and Remediation on AWS

Amazon Web Services

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

Amazon Web Services

Intro to Threat Detection and Remediation on AWS

Amazon Web Services

AWS Security Week: Intro To Threat Detection & Remediation

Amazon Web Services

AWS Web Application Firewall and AWS Shield - Webinar

Amazon Web Services

Advanced Techniques for DDOS Mitigation and Web Application Defense

Amazon Web Services

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

Amazon Web Services

At re:Invent 2016, we are launching AWS Shield, a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.

NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service

Amazon Web Services

Similaire à Cloud-Native DDoS Attack Mitigation (20)

Cloud Native DDoS Attack Mitigation

DDoS Resiliency

雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)

Cloud-Native DDoS Mitigation - AWS Online Tech Talks

Automating DDoS and WAF Response

Intro to Threat Detection and Remediation on AWS

Intro to threat_detection_and_remediation on aws

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

Automating DDos and WAF responses - AWS Summit Cape Town 2018

Introduction to Threat Detection and Remediation on AWS

Introduction to Threat Detection and Remediation

Cloud-Native App Protection: Web Application Security at Pearson and other cu...

Intro to Threat Detection and Remediation on AWS

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

Intro to Threat Detection and Remediation on AWS

AWS Security Week: Intro To Threat Detection & Remediation

AWS Web Application Firewall and AWS Shield - Webinar

Advanced Techniques for DDOS Mitigation and Web Application Defense

SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense

NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service

Plus de Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Cloud-Native DDoS Attack Mitigation

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Pop-up Loft © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Cloud-Native DDoS Attack Mitigation Shawn Marck System Development Manager

2. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Today’s Objectives • Overview of DDoS attacks and other threats • Evolution of DDoS mitigation strategy • PREPARE: Build a DDoS-resilient application on AWS • MONITOR: Demonstration on application monitoring and alarms • RESPOND: Demonstration on DDoS event response

3. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Types of Threats Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network / Transport Layer SQL injection Application exploits

4. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Evolution of DDoS Mitigation On-Premise Cloud-Routed Cloud-Native

5. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved On-Premise • Scale network and fixed infrastructure to mitigate DDoS attacks on-site • Visibility and control • Large capital expenditures, maintenance costs, and in-house expertise

6. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Cloud-Routed • Route traffic to other networks for better mitigation capacity, managed services • Mitigate larger DDoS attacks without upfront investment or in- house expertise • Black box solution – can introduce latency, additional points of failure, increased operating costs

7. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Cloud-Native • Automatic, always-on DDoS protection for all applications on AWS • Leverage 16 AWS Regions and 76 Edge Locations to mitigate large attacks close to the source • Simple, flexible, and affordable • Robust capabilities without undifferentiated heavy-lifting

8. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at no additional cost Paid service that provides additional protections, features, and benefits

9. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Shield Standard Protection Available to ALL AWS customers at no additional cost • Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region • Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 • Application layer defense available when using AWS WAF

10. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Shield Advanced Protection Paid service that provides additional protections, features, and benefits • Fast escalation to the AWS DDoS Response Team (DRT) to assist with complex edge cases • Attack visibility and enhanced detection • Cost Protection to mitigate economic attack vectors • AWS WAF for application-layer defense, at no additional cost

11. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Effective Against: • SYN Floods • Reflection Attacks • Suspicious Sources Effective Against: • SSL Attacks • Slowloris • Malformed HTTP Effective Against: • HTTP Floods • Bad Bots • Suspicious IPs Defense In Depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet-Layer Mitigations DDoS Effective Against: • Large-scale attacks Effective Against: • Sophisticated Layer 7 attacks DDoS Response Team

12. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved PREPARE: DDoS-Resilient Architecture Amazon Route 53 ALB Security Group Amazon EC2 Instances Application Load Balancer Amazon CloudFront Public Subnet Web Application Security Group Private Subnet AWS WAF Amazon API Gateway DDoS Attack Users Globally distributed attack mitigation capability SYN proxy feature that verifies three-way handshake before passing to the application Slowloris mitigation that reaps long-lived collections Mitigates complex attacks by allowing only the most reliable DNS queries Validates DNS Provides flexible rule language to block or rate-limit malicious requests

14. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Pop-up Loft © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS

Cloud-Native DDoS Attack Mitigation

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Cloud-Native DDoS Attack Mitigation

Similaire à Cloud-Native DDoS Attack Mitigation (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Cloud-Native DDoS Attack Mitigation