SlideShare una empresa de Scribd logo

Towards Full Stack Security

Amazon Web Services
Amazon Web Services

Look at the various services and the features that you can employee, such as AWS Inspector, AWS Trusted Advisor, AWS Config and Config Rules and CloudTrail).

Presentaciones y charlas públicas
1 de 38
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Towards Full Stack Security Don Edwards Solutions Architect, Security Specialist
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector • Vulnerability Assessment Service • Built from the ground up to support DevSecOps • Automatable via APIs • Integrates with CI/CD tools • On-Demand Pricing model • Static & Dynamic Rules Packages • Generates Findings
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Traditional Security Processes Asset Owner Security Team AppSec EngAsset Scan for Vulnerabilities
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • It’s not about DevOps + Security • Not enough security professionals on the planet to do this • Security teams need their own automation to keep up with automated deployments! • Security as code • Seamless integration with CI/CD pipelines • Ability to scan and run test suites in parallel • Ability to automate remediation • Consumable by APN technology partners as microservices • www.devsecops.org
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inspector Architecture • Assessment coordination • Evaluation engine • Agent installed on EC2 Instances
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.  Red Hat Enterprise Linux (6.5 or later)  CentOS (6.5 or later)  Ubuntu (12.04 LTS, 14.04 LTS or later)  Amazon Linux (2015.03 or later)  Microsoft Windows (2012 R2, 2008 R2) - Preview Linux Kernel Support  We get kernels at the same time you get them  It currently takes us 1-2 weeks for build, test & validation  We’re aiming for 1 day New Distributions  Takes a long time Supported Agent Operating Systems
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector • Rules Packages • Common Vulnerabilities & Exposures • CIS Operating System Security Configuration Benchmarks • Security Best Practices • Runtime Behavior Analysis
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Vulnerabilities & Exposures • Tagged list of publicly known info security issues • Vulnerabilities • A mistake in software that can be used to gain unauthorized system access • Execute commands as another user • Pose as another entity • Conduct a denial of service • Exposures • A mistake in software that allows access to information that can lead to unauthorized system access • Allows an attacker to hide activities • Enables information gathering activities
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CIS Security Configuration Benchmarks What are they?  Security configuration guide  Consensus-based development process  PDF versions are free via CIS website Inspector automates scanning instances against the latest benchmark for that OS
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s inside a Benchmark? What you should do… Why you should do it… How to do it… How to know if you did it… This is what Inspector does for you now (more in future)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Runtime Behavior Analysis • Package analyzes machine behavior during an assessment • Unused listening ports • Insecure client protocols • Root processed with insecure permissions • Insecure server protocols • Impacts the severity of static findings
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing • Free Trial • 250 agent-assessments for first 90 days using the service • Based on Agent-Assessments • 1 assessment with 10 agents = 10 agent-assessments • 5 assessments with 2 agents = 10 agent-assessments • 10 assessments with 1 agent = 10 agent-assessments • 10 agent-assessments = $3.00 First 250 agent-assessments: Next 750 agent-assessments: Next 4000 agent-assessments: Next 45,000 agent-assessments: All other agent-assessments: $0.30 $0.25 $0.15 $0.10 $0.05
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Regions Supported  GA  US West (Oregon)  EU (Ireland)  US East (Virginia)  Asia Pacific (Tokyo)  July 2016 (deployed)  Asia Pacific (Sydney)  Asia Pacific (Seoul)  Fall 2016  Asia Pacific (India)  Europe (London)  Europe (Frankfurt)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Launch Partners
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config • Get inventory of AWS resources • Discover new and deleted resources • Record configuration changes continuously • Get notified when configurations change
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NormalizeRecordChanging Resources AWS Config Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config – VPC Example
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config – VPC Example
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules – Tenancy Enforcement Example
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules – Tenancy Enforcement Example
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules – Tenancy Enforcement Example
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Config Rules • Set up rules to check configuration changes recorded • Use pre-built rules provided by AWS • Author custom rules using AWS Lambda • Invoked automatically for continuous assessment • Use dashboard for visualizing compliance and identifying offending changes
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NormalizeRecordChanging Resources AWS Config & Config Rules Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History Rules
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Config Rule • AWS managed rules Defined by AWS Require minimal (or no) configuration Rules are managed by AWS • Customer managed rules Authored by you using AWS Lambda Rules execute in your account You maintain the rule A rule that checks the validity of configurations recorded
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Config Rules - Triggers • Triggered by changes: Rules invoked when relevant resources change Scoped by changes to: • Tag key/value • Resource types • Specific resource ID e.g. EBS volumes tagged “Production” should be attached to EC2 instances • Triggered periodically: Rules invoked at specified frequency e.g. Account should have no more than 3 “PCI v3” EC2 instances; every 3 hrs
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evaluations The result of evaluating a Config rule against a resource • Report evaluation of {Rule, ResourceType, ResourceID} directly from the rule itself
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS managed rules 1. All EC2 instances must be inside a VPC. 2. All attached EBS volumes must be encrypted, with KMS ID. 3. CloudTrail must be enabled, optionally with S3 bucket, SNS topic and CloudWatch Logs. 4. All security groups in attached state should not have unrestricted access to port 22. 5. All EIPs allocated for use in the VPC are attached to instances. 6. All resources being monitored must be tagged with specified tag keys:values. 7. All security groups in attached state should not have unrestricted access to these specific ports.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom rules • Codify and automate your own practices • Get started with samples in AWS Lambda • Implement guidelines for security best practices and compliance • Use rules from different AWS Partners • View compliance in one dashboard
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evidence for compliance Many compliance audits require access to the state of your systems at arbitrary times (i.e., PCI, HIPAA). A complete inventory of all resources and their configuration attributes is available for any point in time.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What resources exist? Discover resources that exist in your account Discover resources that no longer exist in your account A complete inventory of all resources and their configuration attributes available via API and console
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What changed? It is critical to be able to quickly answer, “What has changed?” You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Supported resource types Resource Type Resource Amazon EC2 EC2 Instance EC2 Elastic IP (VPC only) EC2 Security Group EC2 Network Interface Amazon EBS EBS Volume Amazon VPC VPCs Network ACLs Route Table Subnet VPN Connection Internet Gateway Customer Gateway VPN Gateway AWS CloudTrail Trail
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor AWS Trusted Advisor
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor • Trusted Advisor is a system that: • monitors AWS infrastructure services • identifies customer configurations • compares them to known best practices • opportunities exist to save money • improve system performance • close security gaps AWS Trusted Advisor
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor • Over 2.6 Million recommendations • More than $350M in estimated cost savings • Over 40 checks in 4 categories • Includes a Free Tier
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Trusted Advisor Leverage Trusted Advisor to analyze your AWS resources for best practices for availability, cost, performance and security.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS security tools: What to use? AWS Security and Compliance Security of the cloud Services and tools to aid security in the cloud Service Type Use cases On-demand evaluations Security insights into your application deployments running inside your EC2 instance Continuous evaluations Codified internal best practices, misconfigurations, security vulnerabilities, or actions on changes Periodic evaluations Cost, performance, reliability, and security checks that apply broadly Inspector Config Rules Trusted Advisor

Recomendados

AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)
AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)
AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)
Amazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T... Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Amazon Web Services
 
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
Amazon Web Services
 
AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...
AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...
AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...
Amazon Web Services
 
Deep Dive on MySQL Databases on AWS - AWS Online Tech Talks
Deep Dive on MySQL Databases on AWS - AWS Online Tech TalksDeep Dive on MySQL Databases on AWS - AWS Online Tech Talks
Deep Dive on MySQL Databases on AWS - AWS Online Tech Talks
Amazon Web Services
 
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
Amazon Web Services
 
Serverless Realtime Backup
Serverless Realtime BackupServerless Realtime Backup
Serverless Realtime Backup
Amazon Web Services
 
AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...
AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...
AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...
Amazon Web Services
 

Recomendados

AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)
AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)
AWS re:Invent 2016: Scaling Up to Your First 10 Million Users (ARC201)
Amazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T... Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Amazon Web Services
 
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
Amazon Web Services
 
AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...
AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...
AWS re:Invent 2016: Turbocharge Your Microsoft .NET Developments with AWS (DE...
Amazon Web Services
 
Deep Dive on MySQL Databases on AWS - AWS Online Tech Talks
Deep Dive on MySQL Databases on AWS - AWS Online Tech TalksDeep Dive on MySQL Databases on AWS - AWS Online Tech Talks
Deep Dive on MySQL Databases on AWS - AWS Online Tech Talks
Amazon Web Services
 
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
Amazon Web Services
 
Serverless Realtime Backup
Serverless Realtime BackupServerless Realtime Backup
Serverless Realtime Backup
Amazon Web Services
 
AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...
AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...
AWS re:Invent 2016: Get Technically Inspired by Container-Powered Migrations ...
Amazon Web Services
 
How to Migrate your Startup to AWS
How to Migrate your Startup to AWSHow to Migrate your Startup to AWS
How to Migrate your Startup to AWS
Amazon Web Services
 
Introduction to AWS X-Ray
Introduction to AWS X-RayIntroduction to AWS X-Ray
Introduction to AWS X-Ray
Amazon Web Services
 
Ceate a Scalable Cloud Architecture
Ceate a Scalable Cloud ArchitectureCeate a Scalable Cloud Architecture
Ceate a Scalable Cloud Architecture
Amazon Web Services
 
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
Amazon Web Services
 
Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
Deep Dive on Object Storage: Amazon S3 and Amazon GlacierDeep Dive on Object Storage: Amazon S3 and Amazon Glacier
Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
Adrian Hornsby
 
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
Amazon Web Services
 
SEC303 Automating Security in Cloud Workloads with DevSecOps
SEC303 Automating Security in Cloud Workloads with DevSecOpsSEC303 Automating Security in Cloud Workloads with DevSecOps
SEC303 Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
 
Amazon Redshift
Amazon Redshift Amazon Redshift
Amazon Redshift
Amazon Web Services
 
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
Amazon Web Services
 
Big Data Architectural Patterns
Big Data Architectural PatternsBig Data Architectural Patterns
Big Data Architectural Patterns
Amazon Web Services
 
Building and scaling your containerized microservices on Amazon ECS
Building and scaling your containerized microservices on Amazon ECSBuilding and scaling your containerized microservices on Amazon ECS
Building and scaling your containerized microservices on Amazon ECS
Amazon Web Services
 
Selecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Selecting the Right AWS Database Solution - AWS 2017 Online Tech TalksSelecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Selecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Amazon Web Services
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
Amazon Web Services
 
AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)
AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)
AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)
Amazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and Archive
Amazon Web Services
 
Rackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSRackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWS
Amazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Amazon Web Services
 
The Best of re:invent 2016
The Best of re:invent 2016The Best of re:invent 2016
The Best of re:invent 2016
Amazon Web Services
 
AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)
AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)
AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)
Amazon Web Services
 
AWS Data Transfer Services: Data Ingest Strategies Into the AWS Cloud
AWS Data Transfer Services: Data Ingest Strategies Into the AWS CloudAWS Data Transfer Services: Data Ingest Strategies Into the AWS Cloud
AWS Data Transfer Services: Data Ingest Strategies Into the AWS Cloud
Amazon Web Services
 
Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
Amazon Web Services
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
Amazon Web Services
 
SEC303 Automating Security in Cloud Workloads with DevSecOps
SEC303 Automating Security in Cloud Workloads with DevSecOpsSEC303 Automating Security in Cloud Workloads with DevSecOps
SEC303 Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
 
Selecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Selecting the Right AWS Database Solution - AWS 2017 Online Tech TalksSelecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Selecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Amazon Web Services
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
Amazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Amazon Web Services
 

La actualidad más candente (20)

How to Migrate your Startup to AWS
How to Migrate your Startup to AWSHow to Migrate your Startup to AWS
How to Migrate your Startup to AWS
 
Introduction to AWS X-Ray
Introduction to AWS X-RayIntroduction to AWS X-Ray
Introduction to AWS X-Ray
 
Ceate a Scalable Cloud Architecture
Ceate a Scalable Cloud ArchitectureCeate a Scalable Cloud Architecture
Ceate a Scalable Cloud Architecture
 
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
 
Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
Deep Dive on Object Storage: Amazon S3 and Amazon GlacierDeep Dive on Object Storage: Amazon S3 and Amazon Glacier
Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
 
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
(BDT307) Zero Infrastructure, Real-Time Data Collection, and Analytics
 
SEC303 Automating Security in Cloud Workloads with DevSecOps
SEC303 Automating Security in Cloud Workloads with DevSecOpsSEC303 Automating Security in Cloud Workloads with DevSecOps
SEC303 Automating Security in Cloud Workloads with DevSecOps
 
Amazon Redshift
Amazon Redshift Amazon Redshift
Amazon Redshift
 
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
 
Big Data Architectural Patterns
Big Data Architectural PatternsBig Data Architectural Patterns
Big Data Architectural Patterns
 
Building and scaling your containerized microservices on Amazon ECS
Building and scaling your containerized microservices on Amazon ECSBuilding and scaling your containerized microservices on Amazon ECS
Building and scaling your containerized microservices on Amazon ECS
 
Selecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Selecting the Right AWS Database Solution - AWS 2017 Online Tech TalksSelecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
Selecting the Right AWS Database Solution - AWS 2017 Online Tech Talks
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
 
AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)
AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)
AWS re:Invent 2016: Born in the Cloud; Built Like a Startup (ARC205)
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and Archive
 
Rackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSRackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWS
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
 
The Best of re:invent 2016
The Best of re:invent 2016The Best of re:invent 2016
The Best of re:invent 2016
 
AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)
AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)
AWS re:Invent 2016: Workshop: Migrating Microsoft Applications to AWS (ENT216)
 
AWS Data Transfer Services: Data Ingest Strategies Into the AWS Cloud
AWS Data Transfer Services: Data Ingest Strategies Into the AWS CloudAWS Data Transfer Services: Data Ingest Strategies Into the AWS Cloud
AWS Data Transfer Services: Data Ingest Strategies Into the AWS Cloud
 

Similar a Towards Full Stack Security

NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
Amazon Web Services
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Amazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
Amazon Web Services
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Amazon Web Services
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
Amazon Web Services
 

Similar a Towards Full Stack Security (20)

Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
 
Going Serverless at AWS Startup Day Bangalore
Going Serverless at AWS Startup Day Bangalore Going Serverless at AWS Startup Day Bangalore
Going Serverless at AWS Startup Day Bangalore
 
Deep Dive on the IoT at AWS
Deep Dive on the IoT at AWSDeep Dive on the IoT at AWS
Deep Dive on the IoT at AWS
 
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
 
Automating Operations Workload
Automating Operations WorkloadAutomating Operations Workload
Automating Operations Workload
 
Application Resiliency
Application ResiliencyApplication Resiliency
Application Resiliency
 
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Sheetaleventcompany
 

Último (20)

Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 

Towards Full Stack Security

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Towards Full Stack Security Don Edwards Solutions Architect, Security Specialist
  • 2. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector • Vulnerability Assessment Service • Built from the ground up to support DevSecOps • Automatable via APIs • Integrates with CI/CD tools • On-Demand Pricing model • Static & Dynamic Rules Packages • Generates Findings
  • 3. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Traditional Security Processes Asset Owner Security Team AppSec EngAsset Scan for Vulnerabilities
  • 4. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • It’s not about DevOps + Security • Not enough security professionals on the planet to do this • Security teams need their own automation to keep up with automated deployments! • Security as code • Seamless integration with CI/CD pipelines • Ability to scan and run test suites in parallel • Ability to automate remediation • Consumable by APN technology partners as microservices • www.devsecops.org
  • 5. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inspector Architecture • Assessment coordination • Evaluation engine • Agent installed on EC2 Instances
  • 6. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.  Red Hat Enterprise Linux (6.5 or later)  CentOS (6.5 or later)  Ubuntu (12.04 LTS, 14.04 LTS or later)  Amazon Linux (2015.03 or later)  Microsoft Windows (2012 R2, 2008 R2) - Preview Linux Kernel Support  We get kernels at the same time you get them  It currently takes us 1-2 weeks for build, test & validation  We’re aiming for 1 day New Distributions  Takes a long time Supported Agent Operating Systems
  • 7. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Inspector • Rules Packages • Common Vulnerabilities & Exposures • CIS Operating System Security Configuration Benchmarks • Security Best Practices • Runtime Behavior Analysis
  • 8. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Vulnerabilities & Exposures • Tagged list of publicly known info security issues • Vulnerabilities • A mistake in software that can be used to gain unauthorized system access • Execute commands as another user • Pose as another entity • Conduct a denial of service • Exposures • A mistake in software that allows access to information that can lead to unauthorized system access • Allows an attacker to hide activities • Enables information gathering activities
  • 9. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CIS Security Configuration Benchmarks What are they?  Security configuration guide  Consensus-based development process  PDF versions are free via CIS website Inspector automates scanning instances against the latest benchmark for that OS
  • 10. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s inside a Benchmark? What you should do… Why you should do it… How to do it… How to know if you did it… This is what Inspector does for you now (more in future)
  • 11. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Runtime Behavior Analysis • Package analyzes machine behavior during an assessment • Unused listening ports • Insecure client protocols • Root processed with insecure permissions • Insecure server protocols • Impacts the severity of static findings
  • 12. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing • Free Trial • 250 agent-assessments for first 90 days using the service • Based on Agent-Assessments • 1 assessment with 10 agents = 10 agent-assessments • 5 assessments with 2 agents = 10 agent-assessments • 10 assessments with 1 agent = 10 agent-assessments • 10 agent-assessments = $3.00 First 250 agent-assessments: Next 750 agent-assessments: Next 4000 agent-assessments: Next 45,000 agent-assessments: All other agent-assessments: $0.30 $0.25 $0.15 $0.10 $0.05
  • 13. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Regions Supported  GA  US West (Oregon)  EU (Ireland)  US East (Virginia)  Asia Pacific (Tokyo)  July 2016 (deployed)  Asia Pacific (Sydney)  Asia Pacific (Seoul)  Fall 2016  Asia Pacific (India)  Europe (London)  Europe (Frankfurt)
  • 14. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 15. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Launch Partners
  • 16. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config • Get inventory of AWS resources • Discover new and deleted resources • Record configuration changes continuously • Get notified when configurations change
  • 17. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NormalizeRecordChanging Resources AWS Config Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History
  • 18. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config – VPC Example
  • 19. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config – VPC Example
  • 20. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules – Tenancy Enforcement Example
  • 21. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules – Tenancy Enforcement Example
  • 22. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules – Tenancy Enforcement Example
  • 23. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Config Rules • Set up rules to check configuration changes recorded • Use pre-built rules provided by AWS • Author custom rules using AWS Lambda • Invoked automatically for continuous assessment • Use dashboard for visualizing compliance and identifying offending changes
  • 24. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NormalizeRecordChanging Resources AWS Config & Config Rules Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History Rules
  • 25. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Config Rule • AWS managed rules Defined by AWS Require minimal (or no) configuration Rules are managed by AWS • Customer managed rules Authored by you using AWS Lambda Rules execute in your account You maintain the rule A rule that checks the validity of configurations recorded
  • 26. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Config Rules - Triggers • Triggered by changes: Rules invoked when relevant resources change Scoped by changes to: • Tag key/value • Resource types • Specific resource ID e.g. EBS volumes tagged “Production” should be attached to EC2 instances • Triggered periodically: Rules invoked at specified frequency e.g. Account should have no more than 3 “PCI v3” EC2 instances; every 3 hrs
  • 27. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evaluations The result of evaluating a Config rule against a resource • Report evaluation of {Rule, ResourceType, ResourceID} directly from the rule itself
  • 28. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS managed rules 1. All EC2 instances must be inside a VPC. 2. All attached EBS volumes must be encrypted, with KMS ID. 3. CloudTrail must be enabled, optionally with S3 bucket, SNS topic and CloudWatch Logs. 4. All security groups in attached state should not have unrestricted access to port 22. 5. All EIPs allocated for use in the VPC are attached to instances. 6. All resources being monitored must be tagged with specified tag keys:values. 7. All security groups in attached state should not have unrestricted access to these specific ports.
  • 29. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom rules • Codify and automate your own practices • Get started with samples in AWS Lambda • Implement guidelines for security best practices and compliance • Use rules from different AWS Partners • View compliance in one dashboard
  • 30. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evidence for compliance Many compliance audits require access to the state of your systems at arbitrary times (i.e., PCI, HIPAA). A complete inventory of all resources and their configuration attributes is available for any point in time.
  • 31. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What resources exist? Discover resources that exist in your account Discover resources that no longer exist in your account A complete inventory of all resources and their configuration attributes available via API and console
  • 32. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What changed? It is critical to be able to quickly answer, “What has changed?” You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files.
  • 33. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Supported resource types Resource Type Resource Amazon EC2 EC2 Instance EC2 Elastic IP (VPC only) EC2 Security Group EC2 Network Interface Amazon EBS EBS Volume Amazon VPC VPCs Network ACLs Route Table Subnet VPN Connection Internet Gateway Customer Gateway VPN Gateway AWS CloudTrail Trail
  • 34. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor AWS Trusted Advisor
  • 35. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor • Trusted Advisor is a system that: • monitors AWS infrastructure services • identifies customer configurations • compares them to known best practices • opportunities exist to save money • improve system performance • close security gaps AWS Trusted Advisor
  • 36. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor • Over 2.6 Million recommendations • More than $350M in estimated cost savings • Over 40 checks in 4 categories • Includes a Free Tier
  • 37. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Trusted Advisor Leverage Trusted Advisor to analyze your AWS resources for best practices for availability, cost, performance and security.
  • 38. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS security tools: What to use? AWS Security and Compliance Security of the cloud Services and tools to aid security in the cloud Service Type Use cases On-demand evaluations Security insights into your application deployments running inside your EC2 instance Continuous evaluations Codified internal best practices, misconfigurations, security vulnerabilities, or actions on changes Periodic evaluations Cost, performance, reliability, and security checks that apply broadly Inspector Config Rules Trusted Advisor