SlideShare una empresa de Scribd logo

Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019

Amazon Web Services
Amazon Web Services

How does the cloud foster innovation? Join Vice President and Distinguished Engineer Eric Brandwine as he details why there is no better time than now to be a pioneer in the AWS Cloud, discussing the changes that next-gen technologies such as quantum computing, machine learning, serverless, and IoT are expected to make to the digital and physical spaces over the next decade. Organizations within the large AWS customer base can take advantage of security features that would have been inaccessible even five years ago; Eric discusses customer use cases along with simple ways in which customers can realize tangible benefits around topics previously considered mere buzzwords. 

1 de 52
Descargar para leer sin conexión
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Leadership session: Aspirational security Pioneering on the Security Trail Eric Brandwine Vice President and Distinguished Engineer Amazon Web Services S E P 3 1 8 - L
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. The Living Computer Museum LIVING COMPUTERS museum + labs | SODO 2245 First Avenue South Seattle, WA 98134
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Macintosh SE/30
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. The Oregon Trail
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A spectrum
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A spectrum
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “What are cloud?” “Should we cloud?” “Windows Millennial Edition Will Change Everything.”“Y2K will end us all anyway. Good luck without a power grid!” “This 14.4k modem cooks.” “Are Cloud Dangerous?” “No, you just download any song.” “Tell me you didn’t click that link.” “I gotta tell ya, I don’t think there was a prince behind this email at all.” “Because Moore’s Law, friend. That’s why.” “There’s no way I’m giving the Internet my credit card number. Thanks anyway.” “No, I said ‘cat memes’. Well, why would there be cat mimes?” “You might wanna give that the ol’ rebootskie”
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Though taking risks did have some benefits…
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Expedia has become more agile by going all in on AWS Ellie Mae, Inc. is going all-in on the world’s leading cloud Lyft goes all-in on AWS Time Inc. goes all in on AWS Barclays 'all-in' move to AWS cloud Shutterfly goes all-in on AWS Use cases inform our road map
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Learning from the explorers
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Learning from the explorers
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Learning from the explorers
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “We need this.” “How can we cloud more?” “Faster, cheaper, more secure. And you can be home for supper.”“How are others tackling this?” “Do you even quantum?” “Let’s secure the cloud.” “Have you seen the latest feature release?” “It’s more secure than on-prem.” “Just set up a Lambda function.” “Everyone else is doing it, why can’t we?” “I don’t know, I just know it’s automagic.” “Welcome to the age of cloud.”
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Nitro card Nitro security chip Nitro hypervisor Local NVMe storage Elastic Block Storage Networking, monitoring, and security Integrated into motherboard Protects hardware resources Lightweight hypervisor Memory and CPU allocation Bare metal-like performance Innovation enabled by AWS Nitro System Modular building blocks for rapid design and delivery of Amazon EC2 instances
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty getting started
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty active finding types Backdoor Behavior CryptoCurrency PenTest Persistence Policy PrivilegeEscalation Recon ResourceConsumption Stealth Trojan Unauthorized
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Partners
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access IAM Manage user access and encryption keys Single Sign-On Cloud single sign-on for AWS accounts and business apps Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Resource Access Manager Share resources across multiple accounts Secrets Manager Rotate, manage, and retrieve secrets Cognito Identity management for your apps Detective controls and management Security Hub Centrally view/manage security alerts & automate compliance checks GuardDuty Continuous threat detection & monitoring Service Catalog Create and use standardized products Launch Templates Standardize deployments across resources Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS compliance reports Data protection Key Management Service Manage creation and control of encryption keys Certificate Manager Provision, manage, and deploy SSL/TSL certificates ACM Private CA Private certificate authority CloudHSM Hardware-based key storage Macie Discover, classify,and protect data Server-side encryption Flexible data encryption options Encrypted Boot & EBS volumes Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC flow logs Web Application Firewall Filter malicious web traffic Shield DDoS protection Firewall Manager Manage WAF rules across accounts PrivateLink Securely access services hosted on AWS Best security building blocks in the cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access IAM Manage user access and encryption keys Single Sign-On Cloud single sign-on for AWS accounts and business apps Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Resource Access Manager Share resources across multiple accounts Secrets Manager Rotate, manage, and retrieve secrets Cognito Identity management for your apps Detective controls and management Security Hub Centrally view/manage security alerts & automate compliance checks GuardDuty Continuous threat detection & monitoring Service Catalog Create and use standardized products Launch Templates Standardize deployments across resources Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS compliance reports Data protection Key Management Service Manage creation and control of encryption keys Certificate Manager Provision, manage, and deploy SSL/TSL certificates ACM Private CA Private certificate authority CloudHSM Hardware-based key storage Macie Discover, classify,and protect data Server-side encryption Flexible data encryption options Encrypted Boot & EBS volumes Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC flow logs Web Application Firewall Filter malicious web traffic Shield DDoS protection Firewall Manager Manage WAF rules across accounts PrivateLink Securely access services hosted on AWS Best security building blocks in the cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security blocks
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. In real life…
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty active finding types Persistence: IAMUser/NetworkPermissions IAMUser/ResourcePermissions IAMUser/UserPermissions Persistence:IAMUser/NetworkPermissions = A principal invoked an API commonly used to change the network access permissions for security groups, routes, and ACLs in your AWS account. This finding informs you that a specific principal in your AWS environment is exhibiting behavior that is different from the established baseline. This principal has no prior history of invoking this API.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty active finding types Stealth: IAMUser/PasswordPolicyChange IAMUser/CloudTrailLoggingDisabled IAMUser/LoggingConfigurationModified Stealth: IAMUser/PasswordPolicyChange = Your AWS account password policy was weakened. For example, it was deleted or updated to require fewer characters, not require symbols and numbers, or required to extend the password expiration period. This finding can also be triggered by an attempt to update or delete your AWS account password policy. The AWS account password policy defines the rules that govern what kinds of passwords can be set for your IAM users.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firewalls Vulnerability management Soar Siem Endpoint Compliance MSSP Other Security Hub partner integrations
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Machine learning
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Using Amazon SageMaker, GE Healthcare developed an ML model that can learn from thousands of medical scans to detect anomalies more accurately and efficiently. Convoy builds and trains ML models to optimize driver schedules and to ensure load balancing, capacity planning, pricing, and payments.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Mining Deep Learning Python Analytics Data Lakes Optical Character Reader Yottabyte Artificial Neural Networks Predictive Analysis Chatbots Data Modeling Natural Language Processing
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Use case: Amazon.com Lithium-ion battery explosion is an industry-wide challenge. US CPSC (Consumer Product Safety Commission) receives hundreds of lithium-ion battery explosion reports from multiple retailers every year. Built and engineered by: Wei Xiang Global Product Safety and Compliance Fedor Zhdanov Amazon Research Chance Kelch Global Product Safety and Compliance
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 8.6% 86.7% Improved suppression rate from 8.6% to 86.7% How?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Feedback Classification through keyword-based text mining Human validation Human investigation Input Validation Engineering Third-party information SMEs Customer surveys Data scrubbing Testing Data to create data elements used by the ML model to calculate predictions
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Algorithmselection Decision tree Random forest XGBoost Logistic regression Measurement The purpose of feature analysis is to understand which attribute or combination of attributes has the most impact on the model precision and recall. Dropping engineered attributes one by one Re-training the model Re-calculate precision and recall
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ML frameworks & infrastructure AI services Rekognition image Polly Transcribe Translate Comprehend LexRekognition video Vision Speech Language Chatbots Amazon SageMaker Build Train Forecast Forecasting Textract Personalize Recommendations Deploy Pre-built algorithms & notebooks Data labeling (ground truth) One-click model training & tuning Optimization (NEO) One-click deployment & hosting ML services Frameworks Interfaces Infrastructure EC2 P3 & P3N EC2 C5 FPGAs Greengrass Elastic inference Reinforcement learningAlgorithms & models (AWS Marketplace for machine learning) The Amazon ML stack: Broadest & deepest set of capabilities
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. The AWS range of ML options
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Using Amazon SageMaker, a tool to easily build, train, and deploy machine learning models, engineers at Coinbase developed a machine learning-driven system that recognizes mismatches and anomalies in sources of user identification, allowing them to quickly take action against potential sources of fraud.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. When quantum happens…
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. …even well-meaning gatekeepers slow innovation. When a platform is self-service, even the improbable ideas can get tried, because there’s no expert gatekeeper ready to say “that will never work!” And guess what— many of those improbable ideas do work, and society is the beneficiary of that diversity.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fitting the business curve
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fitting the business curve
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Pioneers with comfy pillows
Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recomendados

Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Amazon Web Services
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
 
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Amazon Web Services
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 

Recomendados

Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Amazon Web Services
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
 
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Amazon Web Services
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Amazon Web Services
 
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Amazon Web Services
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
 
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Amazon Web Services
 
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019 How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019 Amazon Web Services
 
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 

Más contenido relacionado

La actualidad más candente

Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Amazon Web Services
 
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Amazon Web Services
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
 
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Amazon Web Services
 
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019 How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019 Amazon Web Services
 
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Amazon Web Services
 

La actualidad más candente (20)

Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...
 
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...
 
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...
 
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019
 
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019 How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
How Pokémon’s SecOps team enables its business - SDD328 - AWS re:Inforce 2019
 
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
 

Similar a Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019

AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & LearnAmazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesAmazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
Humans and Data Don't Mix- Best Practices to Secure Your Cloud
Humans and Data Don't Mix- Best Practices to Secure Your CloudHumans and Data Don't Mix- Best Practices to Secure Your Cloud
Humans and Data Don't Mix- Best Practices to Secure Your CloudAmazon Web Services
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS StorageAmazon Web Services
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...Amazon Web Services
 

Similar a Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
Humans and Data Don't Mix- Best Practices to Secure Your Cloud
Humans and Data Don't Mix- Best Practices to Secure Your CloudHumans and Data Don't Mix- Best Practices to Secure Your Cloud
Humans and Data Don't Mix- Best Practices to Secure Your Cloud
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Leadership session: Aspirational security Pioneering on the Security Trail Eric Brandwine Vice President and Distinguished Engineer Amazon Web Services S E P 3 1 8 - L
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. The Living Computer Museum LIVING COMPUTERS museum + labs | SODO 2245 First Avenue South Seattle, WA 98134
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Macintosh SE/30
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. The Oregon Trail
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A spectrum
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A spectrum
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “What are cloud?” “Should we cloud?” “Windows Millennial Edition Will Change Everything.”“Y2K will end us all anyway. Good luck without a power grid!” “This 14.4k modem cooks.” “Are Cloud Dangerous?” “No, you just download any song.” “Tell me you didn’t click that link.” “I gotta tell ya, I don’t think there was a prince behind this email at all.” “Because Moore’s Law, friend. That’s why.” “There’s no way I’m giving the Internet my credit card number. Thanks anyway.” “No, I said ‘cat memes’. Well, why would there be cat mimes?” “You might wanna give that the ol’ rebootskie”
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Though taking risks did have some benefits…
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Expedia has become more agile by going all in on AWS Ellie Mae, Inc. is going all-in on the world’s leading cloud Lyft goes all-in on AWS Time Inc. goes all in on AWS Barclays 'all-in' move to AWS cloud Shutterfly goes all-in on AWS Use cases inform our road map
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Learning from the explorers
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Learning from the explorers
  • 13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Learning from the explorers
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “We need this.” “How can we cloud more?” “Faster, cheaper, more secure. And you can be home for supper.”“How are others tackling this?” “Do you even quantum?” “Let’s secure the cloud.” “Have you seen the latest feature release?” “It’s more secure than on-prem.” “Just set up a Lambda function.” “Everyone else is doing it, why can’t we?” “I don’t know, I just know it’s automagic.” “Welcome to the age of cloud.”
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Nitro card Nitro security chip Nitro hypervisor Local NVMe storage Elastic Block Storage Networking, monitoring, and security Integrated into motherboard Protects hardware resources Lightweight hypervisor Memory and CPU allocation Bare metal-like performance Innovation enabled by AWS Nitro System Modular building blocks for rapid design and delivery of Amazon EC2 instances
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty
  • 19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty getting started
  • 20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty active finding types Backdoor Behavior CryptoCurrency PenTest Persistence Policy PrivilegeEscalation Recon ResourceConsumption Stealth Trojan Unauthorized
  • 21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Partners
  • 23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access IAM Manage user access and encryption keys Single Sign-On Cloud single sign-on for AWS accounts and business apps Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Resource Access Manager Share resources across multiple accounts Secrets Manager Rotate, manage, and retrieve secrets Cognito Identity management for your apps Detective controls and management Security Hub Centrally view/manage security alerts & automate compliance checks GuardDuty Continuous threat detection & monitoring Service Catalog Create and use standardized products Launch Templates Standardize deployments across resources Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS compliance reports Data protection Key Management Service Manage creation and control of encryption keys Certificate Manager Provision, manage, and deploy SSL/TSL certificates ACM Private CA Private certificate authority CloudHSM Hardware-based key storage Macie Discover, classify,and protect data Server-side encryption Flexible data encryption options Encrypted Boot & EBS volumes Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC flow logs Web Application Firewall Filter malicious web traffic Shield DDoS protection Firewall Manager Manage WAF rules across accounts PrivateLink Securely access services hosted on AWS Best security building blocks in the cloud
  • 24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access IAM Manage user access and encryption keys Single Sign-On Cloud single sign-on for AWS accounts and business apps Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Resource Access Manager Share resources across multiple accounts Secrets Manager Rotate, manage, and retrieve secrets Cognito Identity management for your apps Detective controls and management Security Hub Centrally view/manage security alerts & automate compliance checks GuardDuty Continuous threat detection & monitoring Service Catalog Create and use standardized products Launch Templates Standardize deployments across resources Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS compliance reports Data protection Key Management Service Manage creation and control of encryption keys Certificate Manager Provision, manage, and deploy SSL/TSL certificates ACM Private CA Private certificate authority CloudHSM Hardware-based key storage Macie Discover, classify,and protect data Server-side encryption Flexible data encryption options Encrypted Boot & EBS volumes Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC flow logs Web Application Firewall Filter malicious web traffic Shield DDoS protection Firewall Manager Manage WAF rules across accounts PrivateLink Securely access services hosted on AWS Best security building blocks in the cloud
  • 25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security blocks
  • 26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. In real life…
  • 27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty active finding types Persistence: IAMUser/NetworkPermissions IAMUser/ResourcePermissions IAMUser/UserPermissions Persistence:IAMUser/NetworkPermissions = A principal invoked an API commonly used to change the network access permissions for security groups, routes, and ACLs in your AWS account. This finding informs you that a specific principal in your AWS environment is exhibiting behavior that is different from the established baseline. This principal has no prior history of invoking this API.
  • 28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty active finding types Stealth: IAMUser/PasswordPolicyChange IAMUser/CloudTrailLoggingDisabled IAMUser/LoggingConfigurationModified Stealth: IAMUser/PasswordPolicyChange = Your AWS account password policy was weakened. For example, it was deleted or updated to require fewer characters, not require symbols and numbers, or required to extend the password expiration period. This finding can also be triggered by an attempt to update or delete your AWS account password policy. The AWS account password policy defines the rules that govern what kinds of passwords can be set for your IAM users.
  • 29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Firewalls Vulnerability management Soar Siem Endpoint Compliance MSSP Other Security Hub partner integrations
  • 30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem
  • 32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem
  • 33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem
  • 34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Machine learning
  • 35. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Using Amazon SageMaker, GE Healthcare developed an ML model that can learn from thousands of medical scans to detect anomalies more accurately and efficiently. Convoy builds and trains ML models to optimize driver schedules and to ensure load balancing, capacity planning, pricing, and payments.
  • 36. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Mining Deep Learning Python Analytics Data Lakes Optical Character Reader Yottabyte Artificial Neural Networks Predictive Analysis Chatbots Data Modeling Natural Language Processing
  • 37. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Use case: Amazon.com Lithium-ion battery explosion is an industry-wide challenge. US CPSC (Consumer Product Safety Commission) receives hundreds of lithium-ion battery explosion reports from multiple retailers every year. Built and engineered by: Wei Xiang Global Product Safety and Compliance Fedor Zhdanov Amazon Research Chance Kelch Global Product Safety and Compliance
  • 38. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 8.6% 86.7% Improved suppression rate from 8.6% to 86.7% How?
  • 39. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Feedback Classification through keyword-based text mining Human validation Human investigation Input Validation Engineering Third-party information SMEs Customer surveys Data scrubbing Testing Data to create data elements used by the ML model to calculate predictions
  • 40. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Algorithmselection Decision tree Random forest XGBoost Logistic regression Measurement The purpose of feature analysis is to understand which attribute or combination of attributes has the most impact on the model precision and recall. Dropping engineered attributes one by one Re-training the model Re-calculate precision and recall
  • 41. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ML frameworks & infrastructure AI services Rekognition image Polly Transcribe Translate Comprehend LexRekognition video Vision Speech Language Chatbots Amazon SageMaker Build Train Forecast Forecasting Textract Personalize Recommendations Deploy Pre-built algorithms & notebooks Data labeling (ground truth) One-click model training & tuning Optimization (NEO) One-click deployment & hosting ML services Frameworks Interfaces Infrastructure EC2 P3 & P3N EC2 C5 FPGAs Greengrass Elastic inference Reinforcement learningAlgorithms & models (AWS Marketplace for machine learning) The Amazon ML stack: Broadest & deepest set of capabilities
  • 42. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. The AWS range of ML options
  • 43. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Using Amazon SageMaker, a tool to easily build, train, and deploy machine learning models, engineers at Coinbase developed a machine learning-driven system that recognizes mismatches and anomalies in sources of user identification, allowing them to quickly take action against potential sources of fraud.
  • 44. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 45. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. When quantum happens…
  • 46. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 47. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 48. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. …even well-meaning gatekeepers slow innovation. When a platform is self-service, even the improbable ideas can get tried, because there’s no expert gatekeeper ready to say “that will never work!” And guess what— many of those improbable ideas do work, and society is the beneficiary of that diversity.
  • 49. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fitting the business curve
  • 50. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fitting the business curve
  • 51. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Pioneers with comfy pillows
  • 52. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.