SlideShare una empresa de Scribd logo

Leverage the security & resiliency of the cloud & IoT for industry use cases - SEP203 - AWS re:Inforce 2019

Amazon Web Services
Amazon Web Services

This non-technical two-hour Internet of Things (IoT) tabletop exercise benefits business and technology leaders and regulators in the Energy, Oil and Gas, Transportation, Healthcare, Financial, and Manufacturing sectors. Through discussion of a simulated cyber IoT incident, you explore required capabilities and processes. You learn how to leverage AWS for security, high availability, incident response, and continuity of operations for systems that include IoT. You also discuss the advantages of cloud security and resiliency over traditional on-premises environments to understand your opportunities. Finally, the effectiveness of international cybersecurity frameworks in improving an organization’s posture is highlighted. No laptops required.

1 de 34
Descargar para leer sin conexión
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Leverage the security & resiliency of the cloud & IoT for industry use cases Jana Kay Cloud Security Strategist AWS S E P 2 0 3 Michael South Americas Regional Leader, Public Sector Security & Compliance AWS Anton Shmagin Partner Solutions Architect AWS
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Agenda 11:30 AM – Noon • TTX guidelines and objectives • Assumptions & constraints • Incident response process • Scenario overview Noon – 12:15 PM: Event – on-premises incident response (IR) walkthrough 12:15 PM – 12:45 PM: Secure IoT architecture capabilities 12:45 PM – 1:15 PM: Event – AWS IR exercise 1:15 PM – 1:30 PM • “Hot wash” • Q&A
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Related breakouts Tuesday, June 25 SDD307: Protecting your IoT fleet | Level 1, Room 151B, Table 3 11:30 AM – 12:30 PM 2:30 PM – 3:30 PM 5:30 PM – 6:30 PM SEP208: Designing for data privacy on AWS 1:00 PM – 2:00 PM | Level 2, Room 207 DEV04: IoT security: Prevent your devices from becoming attack vectors 1:00 PM – 2:00 PM | Level 0, Dev Lounge Hall A + B1 SEP206: Securing Internet of Things (IoT) deployment with AWS 4:00 PM – 5:00 PM | Level 2, Room 212
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Related breakouts Wednesday, June 26 SDD307: Protecting your IoT fleet | Level 1, Room 151B, Table 3 8:00 AM – 9:00 AM 11:00 AM – 12:00 PM 5:00 PM – 6:00 PM SEP318-L: Leadership session: Aspirational security 11:45 AM – 12:45 PM | Level 2, Room 253B SDD325: Bose uses AWS IoT to securely connect millions of devices and improve IT agility 1:15 PM – 2:15 PM | Level 2, Room 205B FND321: Keeping edge computing secure 3:30 PM – 4:30 PM | Level 1, Room 151B, Table 8
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. TTX guidelines Goals • Stimulate thought and discussion • Identify opportunities • Have fun! Don’t • Fight the game • Keep your knowledge to yourself • Go too deep down the rabbit hole Do • Consider people, processes, and technology • Link the threat and remediation to the business • Have fun!
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Assumptions & constraints Assumptions • You have an SOC in place • Incident response plan may exist, but it may need to be updated based on adoption of cloud and IoT devices • Incidents are confirmed • Incidents have potential real impact to reputation, financial health, legal liability, and possibly safety • Potential broader impact to national economy and security • No privacy implications, only business impact Constraints • Must take ownership; can’t offload to contractor • Focus on business and security objectives related to capabilities • Must comply with all applicable regulations and adhere to mandated reporting
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. TTX objectives • Highlight challenges in securing and responding to incidents for IoT in regulated industries • Demonstrate security and resiliency of the cloud over traditional on-premises systems in support of IoT • Discuss effectiveness of internationally accepted frameworks, such as the NIST Cybersecurity Framework (NIST CSF), in improving cybersecurity and resiliency
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response (IR) process Prepare Identify AssessRespond Learn Steady State Steady State Declare an Incident Start Cleanup Finish Cleanup Back in Production Done On occasion, we might be forced to jump back
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response process: Preparation Establish an incident response capability so that the organization is ready to respond to incidents and to prevent incidents by ensuring that systems, networks, and applications are sufficiently secure ❑ Communications & facilities ❑ Analyst hardware & software ❑ Staffing & training ❑ Environment documentation ❑ Protection implementation (system owners)
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response process: Detect & analyze Ability to detect and analyze events via the technologies and procedures established in the prepare phase ❑ Generally prepare for all, but focus on common attack vectors ❑ Recognize signs of potential events, assess, and know what to do next ❑ Be aware of current threat intelligence ❑ Have knowledge of baseline configurations and behaviors (what does normal look like?) ❑ Incident documentation ❑ Incident prioritization ❑ Incident notification
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response process: Contain, eradicate, and recover Ability to stop the spread and impact of the incident, completely remove the threat from the environment, implement protections to prevent it from happening again, and return all system and business processes to the normal operating state ❑ Choosing a containment strategy (e.g., need for evidence, service availability, dependencies, solution duration, intel collection, etc.) ❑ Procedures for gathering and handling evidence ❑ Procedures to remove threat (e.g., compromised accounts, malware, patch vulnerabilities, etc.) ❑ Procedures to restore systems to normal operations (e.g., restore from backups, bring online in dependency and business priority order, etc.)
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The IR process: Post-incident activity It is imperative that organizations learn from incidents and improve their abilities to protect, respond, recover, and survive The scope should include not just the technical controls and improvements, but also staff considerations like training and updating policies, processes, and procedures ❑ Develop and use a lessons learned process to capture relevant data, analyze the incident and response, and implement recommendations ❑ Collect and analyze data across multiple incidents to assess performance improvement and identify trends (great use of machine learning in AWS) ❑ Follow procedures to retain and protect evidence
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Overarching scenario You are the Chief Information Security Officer (CISO) for a highly regulated company that provides services that are designated as mission-critical The company has not adopted the cloud, although it is under consideration based on past resiliency issues from on-premises data centers and aging technical debt The company has adopted Internet of Things (IoT) devices and technology as part of a larger operational technology (OT) ecosystem that is connected to corporate data centers and applications to provide critical business services
Workloads Processors Servers Event 1 on-premises architecture Network & data center security boundary Customer-facing application Enterprise suite IoT management workloadEmail
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Event: Incident response for on-premises managed IoT A phishing email with ransomware was sent to a distribution list that consisted of about 30% of the company’s employees; early analysis shows that about 8% opened the malicious attachment, which has started to affect corporate workstations and servers About 2 hours later, you receive reports from your security operations team that there are confirmed indications that your deployed IoT technologies have also been affected in some way Review your table’s industry-specific indications
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
Workloads Processors Servers Typical customer on-premises data center Open trust model with a single security boundary Customer-facing application Enterprise suite IoT management workloadEmail
Workloads Processors Servers Workload isolation for enterprise cloud adoption Zero trust model with multiple security boundaries Customer-facing application Email Enterprise suite IoT management workload
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Robust suite of governance and security services Intelligent threat detection using machine learning AWS Cloud Third-party endpoint protection, NGFW, IPS, other security solutions Security & compliance assessment Event management and alerting API logging Operational view & control of resources Region VPC Private subnet Application servers Private subnet Database servers Public subnet Web servers Stateful firewall between each application tier Web security group Does NOT allow peer-to- peer communications by default Application security group Database security group DDoS protectionWeb application firewall ACLs provide stateless firewall capability Flow Logs Network traffic in/out of VPC Discover, classify, and protect sensitive data AWS Security Hub Centrally view and manage security alerts and automate compliance checks AWS KMS Encryption key management service Provision, manage, and deploy SSL/TLS certificates Securely manage access to AWS services and resources AWS Certificate Manager AWS IAM
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Directory Service AWS Single Sign-On Amazon Cognito AWS Secrets Manager AWS Resource Access Manager AWS Config AWS Security Hub Amazon GuardDuty Amazon CloudWatch AWS CloudTrail VPC flow logs AWS Shield AWS Firewall Manager AWS Web Application Firewall (WAF) AWS Firewall Manager Amazon Virtual Private Cloud (Amazon VPC) Amazon EC2 Systems Manager Amazon Inspector AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie AWS Certificate Manager (ACM) Server-side encryption AWS Config rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Common threats to IoT Information theft Surveillance Malicious access point RansomwareLateral threat escalation Cryptocurrency mining Sabotage attacks Denial of service Cloud infrastructure abuse
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Audit Alert MitigateDetect Validate that IoT configuration is secure Detect anomalies in device behavior Know when & what to investigate Remediate potential issues Secure your fleet of connected devices, their connection, and their data from the edge to the cloud Awarded Best IoT Security Solution at IoT World 2019 AwardsAWS IoT
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. AWS IoT Device Defender AWS IoT Analytics AWS IoT SiteWise AWS IoT Events AWS IoT Things Graph AWS IoT Greengrass AWS IoT Core AWS IoT Device Management Amazon FreeRTOS
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IoT Architecture Endpoints Fleet onboarding, management, and SW updates Fleet audit and protection IoT data analytics and intelligence Gateway Things Sense & Act Cloud Storage & Compute Secure local triggers, actions, and data sync Intelligence Insights & Logic → Action Secure device connectivity and messaging AWS IoT Core AWS IoT Device Management AWS IoT Device Defender a:FreeRTOS a:FreeRTOS AWS Greengrass AWS IoT Data Services
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Problem Enel was looking to manage network distribution at the edge. They were seeking to collect sensor and meter data from over 500,000 cabins distributed across the territory to measure energy consumption, monitor network behavior in real time, and track the effects of seismic waves and earthquakes. Solution Enel implemented AWS IoT Greengrass to collect, convey, and process the largest amount of data to trigger actions, govern activities, respond to anomalies, and promote new services. Impact The project is the widest so far in Europe, and it provides Enel an opportunity to leverage data to design a better future.
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Event: Incident response for cloud-managed IoT You believe that you have contained the ransomware throughout your corporate and IoT environments Based on mission-owner requirements and your security lessons learned, the company migrates to AWS for your infrastructure and IoT platform About a week after the migration, a corporate workstation is turned on that has been offline since the first event Having been previously infected but off during the incident process, it kicks off another round of ransomware spreading throughout the network
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. What changes? Starting with the prepare phase of the incident response process (or the protect function from the NIST CSF) • What changes with a cloud-based IoT platform? • Are there now protections in place to prevent/mitigate the spread of malware from your corporate network to your deployed IoT? • What is the impact to your deployed IoT? Less, the same, or more? • Do the other incident response phases change? Is this better, the same, or worse? • Are you more secure and resilient with a cloud-based IoT platform?
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Hot wash • Do you see a difference in IoT security capabilities between the cloud and on premises? If so, what are the differences, and which platform offers more opportunities? • What security capabilities would you want to see from a cloud-based IoT platform that you didn’t see today? • What value do you see in using a framework to help you prepare for and respond to threats for your operating environment (on-premises, cloud, IoT)?
© 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. What’s next? ❑ Read the whitepapers ❑ Schedule training for AWS Cloud, AWS IoT, and security operations ❑ Look into AWS and security certifications ❑ Schedule an AWS Executive Briefing Center (EBC) day ❑ Look into the Zipline offering from AWS Professional Services for incident response support ❑ Look into AWS Partners for IoT and security offerings
Thank you! © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Jana Kay kajana@amazon.com Michael South mlsouth@amazon.com Anton Shmagin antonsh@amazon.com

Recomendados

cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
Amazon Web Services
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 

Recomendados

cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
Amazon Web Services
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...
Amazon Web Services
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
Priyanka Aash
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
Amazon Web Services
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Amazon Web Services
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Cloud Assessment and Readiness Tool (CART)
Cloud Assessment and Readiness Tool (CART)Cloud Assessment and Readiness Tool (CART)
Cloud Assessment and Readiness Tool (CART)
HCL Technologies
 
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Amazon Web Services
 
Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for Enterprise
Mohit Chhabra
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model Design
Joseph Schwartz
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
DoD Cloud Computing Strategy
DoD Cloud Computing StrategyDoD Cloud Computing Strategy
DoD Cloud Computing Strategy
GovCloud Network
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Cloud Assessment and Readiness Tool (CART)
Cloud Assessment and Readiness Tool (CART)Cloud Assessment and Readiness Tool (CART)
Cloud Assessment and Readiness Tool (CART)
HCL Technologies
 
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Amazon Web Services
 

La actualidad más candente (20)

Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC201 - Mexi...
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Cloud Assessment and Readiness Tool (CART)
Cloud Assessment and Readiness Tool (CART)Cloud Assessment and Readiness Tool (CART)
Cloud Assessment and Readiness Tool (CART)
 
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
Best Practices in Planning a Large-Scale Migration to AWS - AWS Online Tech T...
 
Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for Enterprise
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model Design
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
DoD Cloud Computing Strategy
DoD Cloud Computing StrategyDoD Cloud Computing Strategy
DoD Cloud Computing Strategy
 

Similar a Leverage the security & resiliency of the cloud & IoT for industry use cases - SEP203 - AWS re:Inforce 2019

Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To Insure
Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Amazon Web Services
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Amazon Web Services
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Amazon Web Services
 

Similar a Leverage the security & resiliency of the cloud & IoT for industry use cases - SEP203 - AWS re:Inforce 2019 (20)

Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To Insure
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up Loft
 
Beating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSBeating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWS
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
 
Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...
Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...
Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Leverage the security & resiliency of the cloud & IoT for industry use cases - SEP203 - AWS re:Inforce 2019

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Leverage the security & resiliency of the cloud & IoT for industry use cases Jana Kay Cloud Security Strategist AWS S E P 2 0 3 Michael South Americas Regional Leader, Public Sector Security & Compliance AWS Anton Shmagin Partner Solutions Architect AWS
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Agenda 11:30 AM – Noon • TTX guidelines and objectives • Assumptions & constraints • Incident response process • Scenario overview Noon – 12:15 PM: Event – on-premises incident response (IR) walkthrough 12:15 PM – 12:45 PM: Secure IoT architecture capabilities 12:45 PM – 1:15 PM: Event – AWS IR exercise 1:15 PM – 1:30 PM • “Hot wash” • Q&A
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Related breakouts Tuesday, June 25 SDD307: Protecting your IoT fleet | Level 1, Room 151B, Table 3 11:30 AM – 12:30 PM 2:30 PM – 3:30 PM 5:30 PM – 6:30 PM SEP208: Designing for data privacy on AWS 1:00 PM – 2:00 PM | Level 2, Room 207 DEV04: IoT security: Prevent your devices from becoming attack vectors 1:00 PM – 2:00 PM | Level 0, Dev Lounge Hall A + B1 SEP206: Securing Internet of Things (IoT) deployment with AWS 4:00 PM – 5:00 PM | Level 2, Room 212
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Related breakouts Wednesday, June 26 SDD307: Protecting your IoT fleet | Level 1, Room 151B, Table 3 8:00 AM – 9:00 AM 11:00 AM – 12:00 PM 5:00 PM – 6:00 PM SEP318-L: Leadership session: Aspirational security 11:45 AM – 12:45 PM | Level 2, Room 253B SDD325: Bose uses AWS IoT to securely connect millions of devices and improve IT agility 1:15 PM – 2:15 PM | Level 2, Room 205B FND321: Keeping edge computing secure 3:30 PM – 4:30 PM | Level 1, Room 151B, Table 8
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. TTX guidelines Goals • Stimulate thought and discussion • Identify opportunities • Have fun! Don’t • Fight the game • Keep your knowledge to yourself • Go too deep down the rabbit hole Do • Consider people, processes, and technology • Link the threat and remediation to the business • Have fun!
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Assumptions & constraints Assumptions • You have an SOC in place • Incident response plan may exist, but it may need to be updated based on adoption of cloud and IoT devices • Incidents are confirmed • Incidents have potential real impact to reputation, financial health, legal liability, and possibly safety • Potential broader impact to national economy and security • No privacy implications, only business impact Constraints • Must take ownership; can’t offload to contractor • Focus on business and security objectives related to capabilities • Must comply with all applicable regulations and adhere to mandated reporting
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. TTX objectives • Highlight challenges in securing and responding to incidents for IoT in regulated industries • Demonstrate security and resiliency of the cloud over traditional on-premises systems in support of IoT • Discuss effectiveness of internationally accepted frameworks, such as the NIST Cybersecurity Framework (NIST CSF), in improving cybersecurity and resiliency
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response (IR) process Prepare Identify AssessRespond Learn Steady State Steady State Declare an Incident Start Cleanup Finish Cleanup Back in Production Done On occasion, we might be forced to jump back
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response process: Preparation Establish an incident response capability so that the organization is ready to respond to incidents and to prevent incidents by ensuring that systems, networks, and applications are sufficiently secure ❑ Communications & facilities ❑ Analyst hardware & software ❑ Staffing & training ❑ Environment documentation ❑ Protection implementation (system owners)
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response process: Detect & analyze Ability to detect and analyze events via the technologies and procedures established in the prepare phase ❑ Generally prepare for all, but focus on common attack vectors ❑ Recognize signs of potential events, assess, and know what to do next ❑ Be aware of current threat intelligence ❑ Have knowledge of baseline configurations and behaviors (what does normal look like?) ❑ Incident documentation ❑ Incident prioritization ❑ Incident notification
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The incident response process: Contain, eradicate, and recover Ability to stop the spread and impact of the incident, completely remove the threat from the environment, implement protections to prevent it from happening again, and return all system and business processes to the normal operating state ❑ Choosing a containment strategy (e.g., need for evidence, service availability, dependencies, solution duration, intel collection, etc.) ❑ Procedures for gathering and handling evidence ❑ Procedures to remove threat (e.g., compromised accounts, malware, patch vulnerabilities, etc.) ❑ Procedures to restore systems to normal operations (e.g., restore from backups, bring online in dependency and business priority order, etc.)
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. The IR process: Post-incident activity It is imperative that organizations learn from incidents and improve their abilities to protect, respond, recover, and survive The scope should include not just the technical controls and improvements, but also staff considerations like training and updating policies, processes, and procedures ❑ Develop and use a lessons learned process to capture relevant data, analyze the incident and response, and implement recommendations ❑ Collect and analyze data across multiple incidents to assess performance improvement and identify trends (great use of machine learning in AWS) ❑ Follow procedures to retain and protect evidence
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Overarching scenario You are the Chief Information Security Officer (CISO) for a highly regulated company that provides services that are designated as mission-critical The company has not adopted the cloud, although it is under consideration based on past resiliency issues from on-premises data centers and aging technical debt The company has adopted Internet of Things (IoT) devices and technology as part of a larger operational technology (OT) ecosystem that is connected to corporate data centers and applications to provide critical business services
  • 16. Workloads Processors Servers Event 1 on-premises architecture Network & data center security boundary Customer-facing application Enterprise suite IoT management workloadEmail
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Event: Incident response for on-premises managed IoT A phishing email with ransomware was sent to a distribution list that consisted of about 30% of the company’s employees; early analysis shows that about 8% opened the malicious attachment, which has started to affect corporate workstations and servers About 2 hours later, you receive reports from your security operations team that there are confirmed indications that your deployed IoT technologies have also been affected in some way Review your table’s industry-specific indications
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
  • 19. Workloads Processors Servers Typical customer on-premises data center Open trust model with a single security boundary Customer-facing application Enterprise suite IoT management workloadEmail
  • 20. Workloads Processors Servers Workload isolation for enterprise cloud adoption Zero trust model with multiple security boundaries Customer-facing application Email Enterprise suite IoT management workload
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Robust suite of governance and security services Intelligent threat detection using machine learning AWS Cloud Third-party endpoint protection, NGFW, IPS, other security solutions Security & compliance assessment Event management and alerting API logging Operational view & control of resources Region VPC Private subnet Application servers Private subnet Database servers Public subnet Web servers Stateful firewall between each application tier Web security group Does NOT allow peer-to- peer communications by default Application security group Database security group DDoS protectionWeb application firewall ACLs provide stateless firewall capability Flow Logs Network traffic in/out of VPC Discover, classify, and protect sensitive data AWS Security Hub Centrally view and manage security alerts and automate compliance checks AWS KMS Encryption key management service Provision, manage, and deploy SSL/TLS certificates Securely manage access to AWS services and resources AWS Certificate Manager AWS IAM
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Directory Service AWS Single Sign-On Amazon Cognito AWS Secrets Manager AWS Resource Access Manager AWS Config AWS Security Hub Amazon GuardDuty Amazon CloudWatch AWS CloudTrail VPC flow logs AWS Shield AWS Firewall Manager AWS Web Application Firewall (WAF) AWS Firewall Manager Amazon Virtual Private Cloud (Amazon VPC) Amazon EC2 Systems Manager Amazon Inspector AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie AWS Certificate Manager (ACM) Server-side encryption AWS Config rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Common threats to IoT Information theft Surveillance Malicious access point RansomwareLateral threat escalation Cryptocurrency mining Sabotage attacks Denial of service Cloud infrastructure abuse
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Audit Alert MitigateDetect Validate that IoT configuration is secure Detect anomalies in device behavior Know when & what to investigate Remediate potential issues Secure your fleet of connected devices, their connection, and their data from the edge to the cloud Awarded Best IoT Security Solution at IoT World 2019 AwardsAWS IoT
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. AWS IoT Device Defender AWS IoT Analytics AWS IoT SiteWise AWS IoT Events AWS IoT Things Graph AWS IoT Greengrass AWS IoT Core AWS IoT Device Management Amazon FreeRTOS
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IoT Architecture Endpoints Fleet onboarding, management, and SW updates Fleet audit and protection IoT data analytics and intelligence Gateway Things Sense & Act Cloud Storage & Compute Secure local triggers, actions, and data sync Intelligence Insights & Logic → Action Secure device connectivity and messaging AWS IoT Core AWS IoT Device Management AWS IoT Device Defender a:FreeRTOS a:FreeRTOS AWS Greengrass AWS IoT Data Services
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Problem Enel was looking to manage network distribution at the edge. They were seeking to collect sensor and meter data from over 500,000 cabins distributed across the territory to measure energy consumption, monitor network behavior in real time, and track the effects of seismic waves and earthquakes. Solution Enel implemented AWS IoT Greengrass to collect, convey, and process the largest amount of data to trigger actions, govern activities, respond to anomalies, and promote new services. Impact The project is the widest so far in Europe, and it provides Enel an opportunity to leverage data to design a better future.
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Event: Incident response for cloud-managed IoT You believe that you have contained the ransomware throughout your corporate and IoT environments Based on mission-owner requirements and your security lessons learned, the company migrates to AWS for your infrastructure and IoT platform About a week after the migration, a corporate workstation is turned on that has been offline since the first event Having been previously infected but off during the incident process, it kicks off another round of ransomware spreading throughout the network
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. What changes? Starting with the prepare phase of the incident response process (or the protect function from the NIST CSF) • What changes with a cloud-based IoT platform? • Are there now protections in place to prevent/mitigate the spread of malware from your corporate network to your deployed IoT? • What is the impact to your deployed IoT? Less, the same, or more? • Do the other incident response phases change? Is this better, the same, or worse? • Are you more secure and resilient with a cloud-based IoT platform?
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved.
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Hot wash • Do you see a difference in IoT security capabilities between the cloud and on premises? If so, what are the differences, and which platform offers more opportunities? • What security capabilities would you want to see from a cloud-based IoT platform that you didn’t see today? • What value do you see in using a framework to help you prepare for and respond to threats for your operating environment (on-premises, cloud, IoT)?
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. What’s next? ❑ Read the whitepapers ❑ Schedule training for AWS Cloud, AWS IoT, and security operations ❑ Look into AWS and security certifications ❑ Schedule an AWS Executive Briefing Center (EBC) day ❑ Look into the Zipline offering from AWS Professional Services for incident response support ❑ Look into AWS Partners for IoT and security offerings
  • 34. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates.All rights reserved. Jana Kay kajana@amazon.com Michael South mlsouth@amazon.com Anton Shmagin antonsh@amazon.com