When serious vulnerabilities like Shellshock or Heartbleed are found, you know you should respond quickly. But when you’re juggling many priorities, and are more comfortable developing apps than security policies, emergency updates may fall to the bottom of the list. Is there a better way to protect your workloads, without a lot of work? In AWS, you approach everything in your infrastructure as an API. If you take the same approach to security, you can automate protection for zero-day vulnerabilities, without impacting agility or architecture flexibility. In this session, we’ll show you how to use AWS security groups, virtual private networks, and security capabilities like intrusion detection and prevention to defend what you put in the cloud. We will use the recent Shellshock vulnerability as a real-world threat scenario and walk you through how to combine AWS features and workload-aware security controls to prevent hackers from exploiting similar zero-day threats. Learn simple, easy to deploy security tools and techniques to protect workloads – that don't require a PhD in cyber security.
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Defending Your Workloads Against the Next Zero-Day Vulnerability
1. Defending your workloads against
the next zero-day vulnerability
Justin Foster
@justin_foster
Trend Micro - Director of Product Management | Cloud & Data Center Security
2. The Story
More at aws.trendmicro.com
2012 re:Invent
SPR203 : Cloud Security is a Shared Responsibility
http://bit.ly/2012-spr203
2013 re:Invent
SEC208: How to Meet Strict Security & Compliance Requirements in the Cloud
http://bit.ly/2013-sec208
SEC307: How Trend Micro Build their Enterprise Security Offering on AWS
http://bit.ly/2013-sec307
2014 re:Invent
SEC313: Updating Security Operations for the Cloud
http://bit.ly/2014-sec313
SEC314: Customer Perspectives on Implementing Security Controls with AWS
http://bit.ly/2014-sec314
34. AWS VPC Checklist
Review
IAM roles
Security groups
Network segmentation
Network access control lists (NACL)
More in the Auditing Security Checklist for Use of AWS, media.amazonwebservices.com/AWS_Auditing_Security_Checklist.pdf