SlideShare une entreprise Scribd logo

Compliance and Security Mitigation Techniques

Amazon Web Services
Amazon Web Services

In these slides, you’ll learn to use AWS tools to secure your environment and maintain a high bar in cloud security. We'll deep dive into the features of AWS CloudTrail, AWS Guard Duty, AWS Inspector, AWS WAF and Shield, and more. We'll also cover how to keep your credentials safe in the cloud using AWS Secrets Manager.

1  sur  39
Télécharger pour lire hors ligne
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compliance and Security Mitigation Techniques on AWS Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Back to Basics
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting AWS credentials • Establish less-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and Subnetting
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure protection Protect network and host level boundaries System security config and management Enforce service-level protection
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect network and host level boundaries VPC considerations: • Subnets to separate workloads • Use NACL’s to prevent access between subnets • Use route tables to deny internet access from protected subnets • Use Security groups to grant access to and from other security groups Limit what you run in public subnets: • ELB/ALB and NLB’s • Bastion hosts • Try and avoid where possible having a system directly accessible from the internet External connectivity for management: • Use VPN gateways to your on premise systems • Direct Connect
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enabled by default
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GuardDuty
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Ge ne ra lly a va ila ble toda y
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance reconisance • Port probe / accepted comm • Port scan (intra-VPC) • Bruteforce attack (IP) • Tor communications Account compromise • Malicious API call (bad IP) • Tor API call (accepted) • CloudTrail disabled • Password policy change • Instance launch unusual • Region activity unusual • Suspicious console login • Unusual ISP caller • Mutating API calls (create, update, delete) • High volume of describe calls • Unusual IAM user added
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance compromise • C&C activity • Malicious domain request • EC2 on threat list • Drop point IP • Malicious comms (ASIS) • Bitcoin mining • Spambot activity • Outbound SSH bruteforce • EC2 Credential Exfiltration • Unusual network port • Unusual traffic volume/direction • Unusual DNS requests • Domain generated algorithms Account reconisance • Tor API call (failed)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response HTTPS CLI CloudWatch Events
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console Detailed response • Time • IP Location • Type of action
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Pricing Pricing examples (monthly) US-East (N. VA) / Example 1 GuardDuty processes •40,000,000 events •2,000 GB of VPC Flow logs •1,000 GB of DNS Query Logs Charges = 40 x $4.00 (per 1,000,000 events) + 500 x $1.00 (first 500 GB) + 2,000 x $0.50 (next 2,000 GB) + 500 x $0.25 (over 2,500 GB) = $1,785 per month
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response https://github.com/aws-samples/amazon-guardduty-hands-on
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s WAF? Web Application Firewall Choose WAF behaviors: • Allow all requests except the ones that you specify • Block all requests except the ones that you specify • Count the requests that match the properties that you specify
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Rules • Protect your API’s and web applications • Preconfigured RuleGroups • OWASP Top 10 mitigations • Bad-bot defenses • Virtual patching against latest CVE’s
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Examples https://github.com/aws-samples/aws-waf-sample
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Goal Suggested services Protect a web application and RESTful APIs against a DDoS attack Shield Advanced protecting an Amazon CloudFront distribution and an Application Load Balancer Protect a TCP-based application against a DDoS attack Shield Advanced protecting a Network Load Balancer attached to an Elastic IP address Protect a UDP-based game server against a DDoS attack Shield Advanced protecting an Amazon EC2 instance attached to an Elastic IP address
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Active monitoring • Network flow monitoring • Automated application (layer 7) traffic monitoring DDoS mitigations • Helps protect from common DDoS attacks, such as SYN floods and UDP reflection attacks • Access to additional DDoS mitigation capacity Standard and Advanced Standard and Advanced Advanced Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Visibility and reporting • Layer 3/4 attack notification and attack forensic reports • Layer 3/4/7 attack historical report DDoS response team support • Incident management during high severity events • Custom mitigations during attacks • Post-attack analysis Advanced Advanced Advanced Advanced Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Cost protection • Reimburse related Route 53, CloudFront, and ELB DDoS charges Price No additional cost for all AWS customers $3,000/month plus additional data transfer fees AWS WAF included at no additional cost Standard Advanced Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threat assessment tooling at scale Automate security assessments First reports in minutes Install agent on Linux Install agent on windows https://aws.amazon.com/inspector/getting-started/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector findings
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle • Secure secrets storage • Automatic secrets rotation without disrupting applications • Programmatic retrieval of secrets • Audit and monitor secrets usage https://aws.amazon.com/secrets-manager/getting-started/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey

Recommandé

Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...
Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...
Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...Amazon Web Services
 
AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...
AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...
AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...Amazon Web Services
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
 
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...
Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...
Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...Amazon Web Services
 
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018Amazon Web Services
 
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018Amazon Web Services
 

Recommandé

Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...
Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...
Amazon Prime Video: Delivering the Amazing Video Experience (CTD203-R1) - AWS...Amazon Web Services
 
AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...
AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...
AWS re:Invent 2018: Deep Dive: Hybrid Cloud Storage Arch. w/Storage Gateway, ...Amazon Web Services
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
 
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...
Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...
Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...Amazon Web Services
 
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018Amazon Web Services
 
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018Amazon Web Services
 
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...Amazon Web Services
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018Amazon Web Services
 
Container Scheduling
Container SchedulingContainer Scheduling
Container SchedulingAmazon Web Services
 
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...Amazon Web Services
 
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...Amazon Web Services
 
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)Amazon Web Services
 
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018Amazon Web Services
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
 
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Amazon Web Services
 
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Amazon Web Services
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Amazon Web Services
 
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...Amazon Web Services
 
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...Amazon Web Services
 
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...Amazon Web Services
 
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...Amazon Web Services
 
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...Amazon Web Services
 
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...Amazon Web Services
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Amazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 

Contenu connexe

Tendances

Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...Amazon Web Services
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018Amazon Web Services
 
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...Amazon Web Services
 
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...Amazon Web Services
 
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)Amazon Web Services
 
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018Amazon Web Services
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
 
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Amazon Web Services
 
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Amazon Web Services
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Amazon Web Services
 
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...Amazon Web Services
 
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...Amazon Web Services
 
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...Amazon Web Services
 
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...Amazon Web Services
 
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...Amazon Web Services
 
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...Amazon Web Services
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Amazon Web Services
 

Tendances (20)

Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
Industrialize Machine Learning Using CI/CD Techniques (FSV304-i) - AWS re:Inv...
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
 
Container Scheduling
Container SchedulingContainer Scheduling
Container Scheduling
 
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
Announcing AWS RoboMaker: A New Cloud Robotics Service (ROB201-R) - AWS re:In...
 
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
Migrating Real-Time Sports Scores to the Cloud via Low-Latency Messaging (API...
 
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)
 
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
Post-Production Media Delivery at Scale with AWS (STG391) - AWS re:Invent 2018
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
 
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
 
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
 
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
 
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
Another Week, Another Million Containers on Amazon EC2 (CMP376) - AWS re:Inve...
 
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
Wellington Management: The Journey to All-In, One Data Center at a Time (FSV2...
 
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
The New Normal for Mission-Critical SAP Workloads (ENT219-R1) - AWS re:Invent...
 
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
Top Strategic Priorities You Can Tackle with VMware Cloud on AWS (ENT215-R1) ...
 
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
From Russia with Love: Fox Sports World Cup Production (ARC333) - AWS re:Inve...
 
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
Advanced Deployment Best Practices with AWS CodeDeploy (DEV404-R2) - AWS re:I...
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
 

Similaire à Compliance and Security Mitigation Techniques

Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAmazon Web Services
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day OneAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDayAmazon Web Services
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Amazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Similaire à Compliance and Security Mitigation Techniques (20)

Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
How AI is disrupting the world
How AI is disrupting the world How AI is disrupting the world
How AI is disrupting the world
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDay
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & Remediation
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Compliance and Security Mitigation Techniques

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compliance and Security Mitigation Techniques on AWS Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Back to Basics
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting AWS credentials • Establish less-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and Subnetting
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure protection Protect network and host level boundaries System security config and management Enforce service-level protection
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect network and host level boundaries VPC considerations: • Subnets to separate workloads • Use NACL’s to prevent access between subnets • Use route tables to deny internet access from protected subnets • Use Security groups to grant access to and from other security groups Limit what you run in public subnets: • ELB/ALB and NLB’s • Bastion hosts • Try and avoid where possible having a system directly accessible from the internet External connectivity for management: • Use VPN gateways to your on premise systems • Direct Connect
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enabled by default
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GuardDuty
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Ge ne ra lly a va ila ble toda y
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance reconisance • Port probe / accepted comm • Port scan (intra-VPC) • Bruteforce attack (IP) • Tor communications Account compromise • Malicious API call (bad IP) • Tor API call (accepted) • CloudTrail disabled • Password policy change • Instance launch unusual • Region activity unusual • Suspicious console login • Unusual ISP caller • Mutating API calls (create, update, delete) • High volume of describe calls • Unusual IAM user added
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Instance compromise • C&C activity • Malicious domain request • EC2 on threat list • Drop point IP • Malicious comms (ASIS) • Bitcoin mining • Spambot activity • Outbound SSH bruteforce • EC2 Credential Exfiltration • Unusual network port • Unusual traffic volume/direction • Unusual DNS requests • Domain generated algorithms Account reconisance • Tor API call (failed)
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response HTTPS CLI CloudWatch Events
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Console Detailed response • Time • IP Location • Type of action
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Pricing Pricing examples (monthly) US-East (N. VA) / Example 1 GuardDuty processes •40,000,000 events •2,000 GB of VPC Flow logs •1,000 GB of DNS Query Logs Charges = 40 x $4.00 (per 1,000,000 events) + 500 x $1.00 (first 500 GB) + 2,000 x $0.50 (next 2,000 GB) + 500 x $0.25 (over 2,500 GB) = $1,785 per month
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty Automated response https://github.com/aws-samples/amazon-guardduty-hands-on
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s WAF? Web Application Firewall Choose WAF behaviors: • Allow all requests except the ones that you specify • Block all requests except the ones that you specify • Count the requests that match the properties that you specify
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Rules • Protect your API’s and web applications • Preconfigured RuleGroups • OWASP Top 10 mitigations • Bad-bot defenses • Virtual patching against latest CVE’s
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF Examples https://github.com/aws-samples/aws-waf-sample
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Goal Suggested services Protect a web application and RESTful APIs against a DDoS attack Shield Advanced protecting an Amazon CloudFront distribution and an Application Load Balancer Protect a TCP-based application against a DDoS attack Shield Advanced protecting a Network Load Balancer attached to an Elastic IP address Protect a UDP-based game server against a DDoS attack Shield Advanced protecting an Amazon EC2 instance attached to an Elastic IP address
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Active monitoring • Network flow monitoring • Automated application (layer 7) traffic monitoring DDoS mitigations • Helps protect from common DDoS attacks, such as SYN floods and UDP reflection attacks • Access to additional DDoS mitigation capacity Standard and Advanced Standard and Advanced Advanced Advanced
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Visibility and reporting • Layer 3/4 attack notification and attack forensic reports • Layer 3/4/7 attack historical report DDoS response team support • Incident management during high severity events • Custom mitigations during attacks • Post-attack analysis Advanced Advanced Advanced Advanced Advanced
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield Features Cost protection • Reimburse related Route 53, CloudFront, and ELB DDoS charges Price No additional cost for all AWS customers $3,000/month plus additional data transfer fees AWS WAF included at no additional cost Standard Advanced Advanced
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threat assessment tooling at scale Automate security assessments First reports in minutes Install agent on Linux Install agent on windows https://aws.amazon.com/inspector/getting-started/
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector findings
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle • Secure secrets storage • Automatic secrets rotation without disrupting applications • Programmatic retrieval of secrets • Audit and monitor secrets usage https://aws.amazon.com/secrets-manager/getting-started/
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Ric Harvey, Technical Developer Evangelist @ric__harvey https://gitlab.com/ric_harvey