In this session you will learn how to improve your development of security tools and functions to allow you to create functions that create other functions -- based on the data in the environment. Merging security automation, CI/CD, and serverless infrastructure, you can create functions that act semi-autonomously with permission boundaries and step function logic.
23. Public subnet
Example:
Look for normal traffic
patterns
VPC
AWS Cloud
Virtual private cloud
10.1.0.0/16
Public subnet
10.1.0.0/19
Internet gateway
Web Instance-1 Web Instance-2
Attempted probe
TCP-3389
Elastic Load Balancing (ELB)
Flow logs
24. Public subnet
Example:
Look for normal traffic
patterns
VPC
AWS Cloud
Virtual private cloud
10.1.0.0/16
Public subnet
10.1.0.0/19
Internet gateway
Web Instance-1 Web Instance-2
Attempted probe
TCP-3389
Elastic Load Balancing (ELB)
Flow logs
AWS Systems Manager
Amazon CloudWatch
AWS Lambda
28. Amazon SageMaker: IP Insights
Capture associations between IPv4 addresses and various entities
(user IDs, account numbers, etc..).
Identify a user attempting to log into a web service from an
anomalous IP address
Identify an account that is attempting to create computing resources
from an unusual IP address.
Amazon SageMaker IP
Insights model gives much
higher scores to malicious
events, and there is a clear
separation between the two
distributions.