SlideShare una empresa de Scribd logo

AWS Security State of the Union - SID326 - re:Invent 2017

Amazon Web Services
Amazon Web Services

Steve Schmidt, chief information security officer of AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.

1 de 54
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Security State of the Union S t e v e S c h m i d t , V i c e P r e s i d e n t a n d C h i e f I n f o r m a t i o n S e c u r i t y O f f i c e r S I D 3 2 6 November 29, 2017
3,950 AWS Direct Connect AWS Elastic Beanstalk Schema Conversion Tool AWS Shield Amazon EFS Amazon WorkSpaces Amazon Lumberyard Amazon Pinpoint AWS IoT AWS Managed Services Amazon Route 53 AWS Import/Export AWS OpsWorks for Chef Automate Amazon Redshift Dynamo DB Amazon Polly AWS Snowball AWS Organizations Device Farm Amazon Config Amazon RDS for Aurora WorkDocs AWS Snowball Edge CodeCommit AWS CodePipeline AWS Service Catalog CloudWatch Logs Amazon Lex AWS Greengrass Amazon EC2 Systems ManagerAWS WAF Amazon Appstream 2.0 Amazon Athena AWS Glue Amazon Lightsail Amazon Rekognition AWS Step Functions AWS Discovery Services AWS Certificate Manager Amazon ElastiCache Mobile Analytics AWS Mobile Hub AWS Storage Gateway AWS OpsWorks AWS Batch Amazon Inspector EC2 Container Service Amazon Cognito AWS CodeDeploy AWS Personal Health Dashboard AWS Snowmobile AWS Lambda * As of 1 November 2017 AWS Codebuild AWS X-Ray Amazon QuickSight Amazon Kinesis Firehose Amazon Workmail Amazon Inspector Amazon Machine Learning 3,950
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2 3 3 3 2 2 3 6 N. Virginia 3 Ohio N. California Oregon Sydney Seoul Tokyo 2 Singapore 2 Canada Beijing 3 Sao Paulo 2 Mumbai 2 London 3 Ireland 3 Frankfurt # REGION & AVAILABILITY ZONES NEW REGION COMING SOON Cloud security at massive scale… © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. …and growing 17more Availability Zones and 6more Regions have been announced in Bahrain, China, France, Hong Kong, Sweden, and a second AWS GovCloud Region in the U.S. The AWS Cloud operates 44Availability Zones within 16Geographic Regions.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS ecosystem AWS Snowball has moved over 5 billion objects into Amazon S3. AWS Snowball appliances have traveled a distance equal to circling the world more than 100 times.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The scale of the AWS Cloud Amazon DynamoDB handles well over a trillion requests per day and served over 56 billion extra requests worldwide on PRIME Day compared to the same day the previous week.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. =At our scale, .00001% faults
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Global trust in the AWS Cloud
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Global trust in the AWS Cloud “[AWS allows us] to scale up our experiments and try out our new software on realistic configurations of hundreds or even thousands of computers.” “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.”
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mechanisms to drive security Buy-in from Leadership! Radically restrict and monitor human access to data Source code security Patching Log retention duration Credential blast radius reduction Credentials lifespan reduction TLS implementation AWS encryption everywhere Canaries and invariants for security functionality
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Most importantly… humans and data don’t mix!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing: Amazon GuardDuty • Turned on with one click in the AWS console • Integrated threat intelligence from AWS & leading third-party providers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing: Amazon GuardDuty 165,000,000 flow log events 68,000,000 IP reputation lookups Per second
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can Amazon GuardDuty detect? Unusual Ports DNS ExfiltrationRDP Brute Force Temp credentials used off-instance Unusual Instance Launch Malicious or Suspicious IP Unusual Traffic Volume Connect to Blacklisted SiteRecon Anonymizing Proxy Unusual ISP Caller Bitcoin Activity Attempt to compromise account Probe API with temp creds RDP Brute Force Exfiltrate temp IAM creds over DNS RAT installed
Introducing: Amazon GuardDuty
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing: Amazon GuardDuty “With Amazon GuardDuty, we can view and investigate alerts across AWS accounts and regions. GuardDuty provides detection and correlation for us without all the complexity that it previously entailed.” —Ben Waugh, Security Architect at Twilio
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Warner Bros. Vahram Sukyas V i c e P r e s i d e n t A p p l i c a t i o n I n f r a s t r u c t u r e & O p e r a t i o n s
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENTERTAINING THE WORLD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENTERTAINING THE WORLD at the Box Office #1 increase in consumer products profit of film, TV and video game titles • Domestic box office in 2017, as of October 25, 2017 • Injustice 2 was the highest grossing game of Q2 2017 • Consumer products growth YoY 2015-2016 85+ 47% in Interactive Entertainment Leader TV series across all platforms Thousands digital networks footprint Growing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MANAGING MASSIVE MEDIA INFRASTRUCTURE APPLICATION ISOLATION SECURITY AGILITY BILLING CLARITY Accounts 225+
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOW WE SLEEP AT NIGHT Supporting a philosophy of independence with isolation and security Amazon Inspector Amazon GuardDuty AWS WAF & AWS Shield AWS CloudTrail Amazon VPC Flow Logs Distributing, enforcing, and auditing security controls in a multi-account model is key to what we do
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VULNERABILITY MANAGEMENT WITH AMAZON INSPECTOR EASIER SET-UP IMPROVED CONTROL BETTER DISTRIBUTION OF FINDINGS ADVANCED ANALYTICS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VULNERABILITY MANAGEMENT WITH AMAZON INSPECTOR Analytics Open source code available here: https://github.com/warnerbros/inspector-pipeline AccountID XXXXXXXX AccountID XXXXXXXX AccountID XXXXXXXXAccountID XXXXXXXXAccountID XXXXXXXX AccountID XXXXXXXX AccountID XXXXXXXX Ticketing System
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you Vahram Sukyas V i c e P r e s i d e n t A p p l i c a t i o n I n f r a s t r u c t u r e & O p e r a t i o n s
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation for Amazon Inspector Amazon Inspector AWS CloudFormation Coming next week 1. Create a template 2. Target 3. Run from AWS CloudFormation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Cognito security Risk-based multi-factor authentication
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New Amazon S3 security tooling AWS KMS Amazon S3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New Amazon S3 security tooling
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Codename: Zelkova (currently in use Amazon S3 & Amazon Macie) Zelkova Lambda Engine
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Codename: Zelkova
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Financial services & AWS The largest exchange company in the world and currently owns and operates 24 markets, three clearing houses and five central securities spanning six continents. Some of the most highly-regulated financial services companies in the world trust AWS. One of the largest U.S. banks, offering credit cards, checking and savings accounts, auto loans, rewards, and online banking services. One of the largest investment firms operating around the globe. The country’s only internet bank with a focus on developing and delivering settlement services to its customers. A global provider of independent investment research, products, and services. Regulates brokerage firms doing business with the public in the United States; a critical part of the securities industry. A leading Canadian financial services organization. Provides financial services and products to individuals, businesses, and pension plans. An online bank that offers its customers tools to better understand and manage their finances. A leading Australian financial services company.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Investor Protection – Market Integrity • Write and enforce rules governing the activities of 3,800 brokerages with 634,000 brokers • Examine for compliance with those rules • Foster market transparency • Educate investors • FINRA uses Big Data and data science technologies to detect and analyze fraud, market manipulation, and insider trading across US capital markets
UP TO 75 BILLION EVENTS PER DAY Over 25 PETABYTES of Storage Market Reconstruction Containing TRILLIONS of Nodes & Edges FINRA Technology INNOVATING TO PROTECT INVESTORS AND ENSURE MARKET INTEGRITY
Need for Nimbleness Legacy approach not meeting needs Market volumes are volatile and steadily increasing Exchanges are dynamically evolving Regulatory landscape is changing Market manipulators innovate
Cloud Architecture Solved Our Problems Huge capacity Decouple storage and processing Consume processing when needed Manual processes replaced by code
Cloud Risk Management Private data centers have risk Cloud has equivalent security controls In fact, for most organizations Cloud can be more secure But… you must do it right
• Easy micro-segmentation • Fine-grained entitlements • Strict separation of duties (SoD) • Automation = consistent compliance • Rich audit trail • Best-of-breed security services (AWS KMS) • Cloud and DevOps = more rapid patching • Resilience and multiple recovery options • Assurance through third-party assessments • Cloud provider must be secure to survive Cloud Security – Do It RIGHT
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! John Brady V i c e P r e s i d e n t , C h i e f I n f o r m a t i o n S e c u r i t y O f f i c e r
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security ecosystem 17,000+ video cameras running 24/7 15,000,000,000+ program executions processed by internal tooling per day
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS security + open source Bulk encryption with anonymity Authenticated Encryption and Additional Data (AEAD) Formally verified random number generators Formally verified constant-time properties of our code More Fuzz tests!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security features (in last 90 days) 5 new Amazon S3 encryption and security features • Use Amazon ElastiCache for Redis with in-transit and at-rest encryption • Amazon Cognito now integrates with Amazon Pinpoint to add analytics AWS CodeBuild now provides ability to manage secrets • Amazon EC2 Systems Manager adds compliance reporting and auto-remediation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS and Machine Learning— Amazon Macie Understand your data • Natural language • Processing (NLP) Understand data access • Machine Learning
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. When access to data changes, Amazon Macie tells you
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS and Machine Learning— Amazon Macie Processing 10,000,000,000+ activity records per day
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Macie Now approved for HIPAA Workloads
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS wants to maximize your most valuable resource… Your Security Engineers that understand the vast gray area that is security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Today SID218: Introducing Amazon GuardDuty • 1:45pm (next session up in this room!) SID314: IAM Policy Ninja • 3:15pm @ MGM Premier Ballroom 316 SID330: Best Practices for Implementing Encryption Strategy Using AWS Key Management Service • 4:45pm @ MGM Grand Ballroom 122 Other security sessions Note: All Sessions allow for 25% walkups (non-reserved) seating!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other security sessions Thursday SID 322: The Philosophy of Amazon Security • 1:00pm @ MGM Grand Ballroom 117 SID405: Security Automation Improvements with Amazon CloudWatch and AWS Config • 5:30pm @ MGM Premier Ballroom 312 Note: All Sessions allow for 25% walkups (non-reserved) seating!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Notable events We are Giants: Diversity and Inclusion in Tech Wednesday at The Encore (Beethoven 1&2): 4:30pm–7:30pm
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! C L I C K T O A D D T E X T C L I C K T O A D D T E X T

Recomendados

The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 

Recomendados

The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on LabAmazon Web Services
 
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryAmazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryAmazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...Amazon Web Services
 

La actualidad más candente (20)

Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through Failure
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on Lab
 
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
 
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
 

Similar a AWS Security State of the Union - SID326 - re:Invent 2017

Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
AWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computinguAWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computinguVladimir Simek
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS StorageAmazon Web Services
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveKristana Kane
 
AWS Edge Media Services
AWS Edge Media ServicesAWS Edge Media Services
AWS Edge Media ServicesM5sime
 
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017Amazon Web Services
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert LogicAmazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
 
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...Amazon Web Services
 

Similar a AWS Security State of the Union - SID326 - re:Invent 2017 (20)

Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
AWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computinguAWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computingu
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 
Keynote
KeynoteKeynote
Keynote
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
AWS Edge Media Services
AWS Edge Media ServicesAWS Edge Media Services
AWS Edge Media Services
 
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
 
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Security State of the Union - SID326 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Security State of the Union S t e v e S c h m i d t , V i c e P r e s i d e n t a n d C h i e f I n f o r m a t i o n S e c u r i t y O f f i c e r S I D 3 2 6 November 29, 2017
  • 2. 3,950 AWS Direct Connect AWS Elastic Beanstalk Schema Conversion Tool AWS Shield Amazon EFS Amazon WorkSpaces Amazon Lumberyard Amazon Pinpoint AWS IoT AWS Managed Services Amazon Route 53 AWS Import/Export AWS OpsWorks for Chef Automate Amazon Redshift Dynamo DB Amazon Polly AWS Snowball AWS Organizations Device Farm Amazon Config Amazon RDS for Aurora WorkDocs AWS Snowball Edge CodeCommit AWS CodePipeline AWS Service Catalog CloudWatch Logs Amazon Lex AWS Greengrass Amazon EC2 Systems ManagerAWS WAF Amazon Appstream 2.0 Amazon Athena AWS Glue Amazon Lightsail Amazon Rekognition AWS Step Functions AWS Discovery Services AWS Certificate Manager Amazon ElastiCache Mobile Analytics AWS Mobile Hub AWS Storage Gateway AWS OpsWorks AWS Batch Amazon Inspector EC2 Container Service Amazon Cognito AWS CodeDeploy AWS Personal Health Dashboard AWS Snowmobile AWS Lambda * As of 1 November 2017 AWS Codebuild AWS X-Ray Amazon QuickSight Amazon Kinesis Firehose Amazon Workmail Amazon Inspector Amazon Machine Learning 3,950
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2 3 3 3 2 2 3 6 N. Virginia 3 Ohio N. California Oregon Sydney Seoul Tokyo 2 Singapore 2 Canada Beijing 3 Sao Paulo 2 Mumbai 2 London 3 Ireland 3 Frankfurt # REGION & AVAILABILITY ZONES NEW REGION COMING SOON Cloud security at massive scale… © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. …and growing 17more Availability Zones and 6more Regions have been announced in Bahrain, China, France, Hong Kong, Sweden, and a second AWS GovCloud Region in the U.S. The AWS Cloud operates 44Availability Zones within 16Geographic Regions.
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS ecosystem AWS Snowball has moved over 5 billion objects into Amazon S3. AWS Snowball appliances have traveled a distance equal to circling the world more than 100 times.
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The scale of the AWS Cloud Amazon DynamoDB handles well over a trillion requests per day and served over 56 billion extra requests worldwide on PRIME Day compared to the same day the previous week.
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. =At our scale, .00001% faults
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Global trust in the AWS Cloud
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Global trust in the AWS Cloud “[AWS allows us] to scale up our experiments and try out our new software on realistic configurations of hundreds or even thousands of computers.” “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.”
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mechanisms to drive security Buy-in from Leadership! Radically restrict and monitor human access to data Source code security Patching Log retention duration Credential blast radius reduction Credentials lifespan reduction TLS implementation AWS encryption everywhere Canaries and invariants for security functionality
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Most importantly… humans and data don’t mix!
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing: Amazon GuardDuty • Turned on with one click in the AWS console • Integrated threat intelligence from AWS & leading third-party providers
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing: Amazon GuardDuty 165,000,000 flow log events 68,000,000 IP reputation lookups Per second
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can Amazon GuardDuty detect? Unusual Ports DNS ExfiltrationRDP Brute Force Temp credentials used off-instance Unusual Instance Launch Malicious or Suspicious IP Unusual Traffic Volume Connect to Blacklisted SiteRecon Anonymizing Proxy Unusual ISP Caller Bitcoin Activity Attempt to compromise account Probe API with temp creds RDP Brute Force Exfiltrate temp IAM creds over DNS RAT installed
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing: Amazon GuardDuty “With Amazon GuardDuty, we can view and investigate alerts across AWS accounts and regions. GuardDuty provides detection and correlation for us without all the complexity that it previously entailed.” —Ben Waugh, Security Architect at Twilio
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Warner Bros. Vahram Sukyas V i c e P r e s i d e n t A p p l i c a t i o n I n f r a s t r u c t u r e & O p e r a t i o n s
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENTERTAINING THE WORLD
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENTERTAINING THE WORLD at the Box Office #1 increase in consumer products profit of film, TV and video game titles • Domestic box office in 2017, as of October 25, 2017 • Injustice 2 was the highest grossing game of Q2 2017 • Consumer products growth YoY 2015-2016 85+ 47% in Interactive Entertainment Leader TV series across all platforms Thousands digital networks footprint Growing
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MANAGING MASSIVE MEDIA INFRASTRUCTURE APPLICATION ISOLATION SECURITY AGILITY BILLING CLARITY Accounts 225+
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOW WE SLEEP AT NIGHT Supporting a philosophy of independence with isolation and security Amazon Inspector Amazon GuardDuty AWS WAF & AWS Shield AWS CloudTrail Amazon VPC Flow Logs Distributing, enforcing, and auditing security controls in a multi-account model is key to what we do
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VULNERABILITY MANAGEMENT WITH AMAZON INSPECTOR EASIER SET-UP IMPROVED CONTROL BETTER DISTRIBUTION OF FINDINGS ADVANCED ANALYTICS
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VULNERABILITY MANAGEMENT WITH AMAZON INSPECTOR Analytics Open source code available here: https://github.com/warnerbros/inspector-pipeline AccountID XXXXXXXX AccountID XXXXXXXX AccountID XXXXXXXXAccountID XXXXXXXXAccountID XXXXXXXX AccountID XXXXXXXX AccountID XXXXXXXX Ticketing System
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon GuardDuty
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you Vahram Sukyas V i c e P r e s i d e n t A p p l i c a t i o n I n f r a s t r u c t u r e & O p e r a t i o n s
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation for Amazon Inspector Amazon Inspector AWS CloudFormation Coming next week 1. Create a template 2. Target 3. Run from AWS CloudFormation
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Cognito security Risk-based multi-factor authentication
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New Amazon S3 security tooling AWS KMS Amazon S3
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New Amazon S3 security tooling
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Codename: Zelkova (currently in use Amazon S3 & Amazon Macie) Zelkova Lambda Engine
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Codename: Zelkova
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Financial services & AWS The largest exchange company in the world and currently owns and operates 24 markets, three clearing houses and five central securities spanning six continents. Some of the most highly-regulated financial services companies in the world trust AWS. One of the largest U.S. banks, offering credit cards, checking and savings accounts, auto loans, rewards, and online banking services. One of the largest investment firms operating around the globe. The country’s only internet bank with a focus on developing and delivering settlement services to its customers. A global provider of independent investment research, products, and services. Regulates brokerage firms doing business with the public in the United States; a critical part of the securities industry. A leading Canadian financial services organization. Provides financial services and products to individuals, businesses, and pension plans. An online bank that offers its customers tools to better understand and manage their finances. A leading Australian financial services company.
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 35. Investor Protection – Market Integrity • Write and enforce rules governing the activities of 3,800 brokerages with 634,000 brokers • Examine for compliance with those rules • Foster market transparency • Educate investors • FINRA uses Big Data and data science technologies to detect and analyze fraud, market manipulation, and insider trading across US capital markets
  • 36. UP TO 75 BILLION EVENTS PER DAY Over 25 PETABYTES of Storage Market Reconstruction Containing TRILLIONS of Nodes & Edges FINRA Technology INNOVATING TO PROTECT INVESTORS AND ENSURE MARKET INTEGRITY
  • 37. Need for Nimbleness Legacy approach not meeting needs Market volumes are volatile and steadily increasing Exchanges are dynamically evolving Regulatory landscape is changing Market manipulators innovate
  • 38. Cloud Architecture Solved Our Problems Huge capacity Decouple storage and processing Consume processing when needed Manual processes replaced by code
  • 39. Cloud Risk Management Private data centers have risk Cloud has equivalent security controls In fact, for most organizations Cloud can be more secure But… you must do it right
  • 40. • Easy micro-segmentation • Fine-grained entitlements • Strict separation of duties (SoD) • Automation = consistent compliance • Rich audit trail • Best-of-breed security services (AWS KMS) • Cloud and DevOps = more rapid patching • Resilience and multiple recovery options • Assurance through third-party assessments • Cloud provider must be secure to survive Cloud Security – Do It RIGHT
  • 41.
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! John Brady V i c e P r e s i d e n t , C h i e f I n f o r m a t i o n S e c u r i t y O f f i c e r
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security ecosystem 17,000+ video cameras running 24/7 15,000,000,000+ program executions processed by internal tooling per day
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS security + open source Bulk encryption with anonymity Authenticated Encryption and Additional Data (AEAD) Formally verified random number generators Formally verified constant-time properties of our code More Fuzz tests!
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security features (in last 90 days) 5 new Amazon S3 encryption and security features • Use Amazon ElastiCache for Redis with in-transit and at-rest encryption • Amazon Cognito now integrates with Amazon Pinpoint to add analytics AWS CodeBuild now provides ability to manage secrets • Amazon EC2 Systems Manager adds compliance reporting and auto-remediation
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS and Machine Learning— Amazon Macie Understand your data • Natural language • Processing (NLP) Understand data access • Machine Learning
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. When access to data changes, Amazon Macie tells you
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS and Machine Learning— Amazon Macie Processing 10,000,000,000+ activity records per day
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Macie Now approved for HIPAA Workloads
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS wants to maximize your most valuable resource… Your Security Engineers that understand the vast gray area that is security
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Today SID218: Introducing Amazon GuardDuty • 1:45pm (next session up in this room!) SID314: IAM Policy Ninja • 3:15pm @ MGM Premier Ballroom 316 SID330: Best Practices for Implementing Encryption Strategy Using AWS Key Management Service • 4:45pm @ MGM Grand Ballroom 122 Other security sessions Note: All Sessions allow for 25% walkups (non-reserved) seating!
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other security sessions Thursday SID 322: The Philosophy of Amazon Security • 1:00pm @ MGM Grand Ballroom 117 SID405: Security Automation Improvements with Amazon CloudWatch and AWS Config • 5:30pm @ MGM Premier Ballroom 312 Note: All Sessions allow for 25% walkups (non-reserved) seating!
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Notable events We are Giants: Diversity and Inclusion in Tech Wednesday at The Encore (Beethoven 1&2): 4:30pm–7:30pm
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! C L I C K T O A D D T E X T C L I C K T O A D D T E X T