How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019

•

1 like•431 views

Dow Jones, a world-leading data, media, and intelligence solutions provider with brands like the Wall Street Journal and MarketWatch, has numerous applications that need protection. The company was seeking a protection solution and a way to gain more control over security, and it looked to AWS to secure the cloud right at the edge. This session explores how Dow Jones implemented innovative architecture to meet its software security framework using CloudFront, AWS Shield, AWS WAF, Lambda, and more. Learn how to use AWS services to architect software environments for securing applications. Join Kamal Verma, senior principal engineer at Dow Jones, for a deep dive into their implementation and learnings.

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
How Dow Jones uses AWS to create a
secure perimeter
Kamal Verma
Sr. Principal
Dow Jones and Company
S D D 3 1 6

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dow Jones brings together world-leading data, media, membership and
intelligence solutions to power the most ambitious companies and professionals.
https://www.dowjones.com
https://dowjones.jobs

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why ?
1. Forming a protective ring around our applications, like saturn
2. Being nimble - alternative to current edge provider
3. Application security
4. Operational security
5. Certificate management and automation
6. Inclement state alarms
7. Advanced SIEM
8. Monitoring and operations
9. Error pages - standard error pages for 50x errors
10. Performance

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
1. Layer 4 – Shield Advanced
2. Layer 7 – AWS WAF OWASP top 10
3. Monitoring – Error rates and web-attack alarms
4. Logging – Using Amazon Athena to search cloud-front logs
5. Performance – out of band abuse processing and reporting
6. AWS Lambda @Edge – JWT validation
7. Simplified SPA patterns – Simplification of an app

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Icon by Freepik from www.flaticon.com

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Edge computing

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Edge computing layers

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS WAF: application security

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
High rate abuse case and rate control
● IP based rate controls fail
○ NAT IPs – One abuser punishes all the users
○ Rerouted traffic is not controlled
● Unauthenticated session
○ If you don’t have one – you get one
○ Rate control apply on this session
● Tie unauthenticated session to authenticated one

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bots protection
● Bots’ signature is identified
● Adjust the AWS WAF to keep the bots’ out

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
SQL query
select * from example.cf
where time_taken > 4
limit 5

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
SQL query
WITH ds AS
(SELECT *,
parse_datetime( concat( concat( format_datetime(date,
'yyyy-MM-dd'), '-' ), time ),'yyyy-MM-dd-HH:mm:ss') AS datetime
FROM ”table1"."cf"
WHERE src=’example.com'
and uri = ’/content/search'
and date = date('2019-04-12')
and method = 'GET')
SELECT *
FROM ds
WHERE datetime
BETWEEN timestamp '2019-04-12 18:00:00'
AND timestamp '2019-04-12 18:05:00'
order by time

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Alarms and integration with Slack

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Application pattern evolution

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Poor communication hygiene
Chrome
browser
tls
1
tls
2
tls
3
tls
4

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Serverless SPA
tls
1
tls
2
Chrome
browser

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Serverless SPA – Amazon Simple Service (Amazon S3)

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Performance

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Performance of HTTPS/TCP

© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
High availability

Thank you!
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Kamal Verma
Twitter: @kxrx

What's hot

Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.

Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...

Amazon Web Services

In this session, Bill Reid, Senior Manager of Security Solutions Architects, and Bill Shinn, Senior Principal in the Office of the CISO, walk attendees through the ways in which security leadership and security best practices have evolved, with an emphasis on advanced tooling and features. Both speakers have provided frontline support on complex security and compliance questions posed by AWS customers; join them in this master class in cloud strategy and tactics.

Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019

Amazon Web Services

Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...

Amazon Web Services

Senior Principal Security Engineer Don "Beetle" Bailey and Corey Quinn from the highly acclaimed "Last Week in AWS" newsletter present best practices, features, and security updates you may have missed in the AWS Cloud. With more than 1,000 service updates per year being released, having expert distillation of what's relevant to your environment can accelerate your adoption of the cloud. As techniques for operationalizing cloud security, compliance, and identity remain a critical business need, this leadership session considers a strategic path forward for all levels of enterprises and users, from beginner to advanced.

Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019

Amazon Web Services

How to act on your security and compliance alerts with AWS Security Hub - FND...

Amazon Web Services

This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.

Privacy by design on AWS - FND202-R - AWS re:Inforce 2019

Amazon Web Services

Distributed Denial of Service (DDoS) attacks seek to affect the availability of applications through network congestion, connection state exhaustion, and application stress. AWS distills exabytes of NetFlow data, application logs, and service health metrics to inform DDoS attack detection, reporting, and mitigation systems. In this session, learn how to access insights about the DDoS threat environment and attacks against your specific AWS resources through the AWS Management Console, API, and Amazon CloudWatch. Finally, learn how to use this information to automate notification and response.

DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019

Amazon Web Services

"Do you want client-side encryption for your software but don’t know where to start? In this hands-on workshop, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS Key Management Service (KMS) and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your software. This workshop covers the basic challenges of this domain; a best practice for protecting data end-to-end with client-side encryption; KMS-style services and their uses, including AWS KMS; the open-source, open-format AWS Encryption SDK; and considerations for advanced integrations, such as performance tradeoffs and high-availability strategies.

Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...

Amazon Web Services

In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend.

AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019

Amazon Web Services

Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. In this session, we describe the opportunities and challenges of bringing FIPS 140 to the cloud. We review the current state and new, automated approaches that are under evaluation at the National Institute of Standards and Technology (NIST).

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

Amazon Web Services

Do you ever feel like your efforts with security are futile? Change can lead to new, never-before-recognized opportunities to innovate. Security is no exception. Using measurements to drive us, we have found innovations in security that have led to greater collaboration and carefully curated security outcomes. The cloud has made never-before-seen security capabilities possible. Have you ever imagined talking about the five nines of security? We are! Come join the debate about how to make cloud workloads safer by adopting securability and a bounded measurable means of increasing the safety of software.

In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...

Amazon Web Services

Serverless is one of the most popular innovations in the cloud today. Join this session to learn how to secure enterprise-grade serverless applications. We cover the strategies you can use to build secure applications running on AWS Lambda and Amazon API Gateway. Then we review how you can audit and monitor your applications using tools like AWS Config and AWS X-Ray. Join us to see examples and learn best practices from AWS serverless experts.

Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...

Amazon Web Services

One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.

Implementing your landing zone - FND210 - AWS re:Inforce 2019

Amazon Web Services

Auditing in the cloud is different from auditing in on-premises environments. In this workshop, we discuss those differences and share best practices for auditing in the cloud. We provide a cloud- and customer-agnostic foundation for cloud security auditing. In addition to covering necessary building blocks of cloud security, we cover cloud-specific considerations and guidelines that auditors should keep in mind when verifying security controls. Join us, and learn the cloud considerations for auditing from the experts.

Cloud auditing workshop - GRC323 - AWS re:Inforce 2019

Amazon Web Services

"Are you interested in how AWS provides network infrastructure and IT security at global events? In this session, learn about the network and security challenges encountered when running events for 2,000 to 60,000 attendees. We describe the architecture used to deliver high-quality connectivity, considerations for large-scale attendee Wi-Fi, integration with other AWS services using AWS Direct Connect, and examples of incidents and events that we’ve managed over the years. Join the AWS event engineering team to see what it takes to deploy a huge temporary network for one week, provide secure and reliable service, and then remove it, leaving no trace!

AWS event engineering at scale - SEP329 - AWS re:Inforce 2019

Amazon Web Services

Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019

Amazon Web Services

How does the cloud foster innovation? Join Vice President and Distinguished Engineer Eric Brandwine as he details why there is no better time than now to be a pioneer in the AWS Cloud, discussing the changes that next-gen technologies such as quantum computing, machine learning, serverless, and IoT are expected to make to the digital and physical spaces over the next decade. Organizations within the large AWS customer base can take advantage of security features that would have been inaccessible even five years ago; Eric discusses customer use cases along with simple ways in which customers can realize tangible benefits around topics previously considered mere buzzwords.

Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019

Amazon Web Services

In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy.

How FINRA achieves DevOps agility while securing its AWS environments - GRC33...

Amazon Web Services

McGraw-Hill discusses how to effectively manage cloud operations for over 80 different agile DevOps teams by leveraging automated guardrails. In this talk, you learn about the challenges of running cloud operations at scale. Join us to learn what guardrails are, how you implement them at scale, and how they work across the entire cloud stack: networking, security, IAM, service whitelisting, OS hardening, and patching.

Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...

Amazon Web Services

In this session, you learn from real-world scenarios related to privileged access security in cloud environments. Experts from TOTVS and CyberArk provide insights from lessons learned while securing commercial SaaS applications, cloud infrastructure, and internal applications deployed in the cloud. Topics covered include privilege and cloud scenarios (e.g., human access models, support for automation, proactive controls, and programmatic deployment), as well as best practices and augmentation of existing security controls for privilege and secrets management on the AWS Cloud. We also cover limited use of root accounts, considerations for human administrator access in the cloud, and success with hybrid cloud environments.

Best practices for privileged access & secrets management in the cloud - DEM0...

Amazon Web Services

What's hot (20)

Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...

Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019

Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...

Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019

How to act on your security and compliance alerts with AWS Security Hub - FND...

Privacy by design on AWS - FND202-R - AWS re:Inforce 2019

DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019

Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...

AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...

Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...

Implementing your landing zone - FND210 - AWS re:Inforce 2019

Cloud auditing workshop - GRC323 - AWS re:Inforce 2019

AWS event engineering at scale - SEP329 - AWS re:Inforce 2019

Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019

Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019

How FINRA achieves DevOps agility while securing its AWS environments - GRC33...

Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...

Best practices for privileged access & secrets management in the cloud - DEM0...

Similar to How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019

Automate Security Event Management Using Trust-Based Decision Models - AWS Su...

Amazon Web Services

NIST Compliance, AWS Federal Pop-Up Loft

Amazon Web Services

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...

Amazon Web Services LATAM

Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS

Amazon Web Services LATAM

2. migration, disaster recovery and business continuity in the cloud

Reham Maher El-Safarini

Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019

Amazon Web Services

Amazon SageMaker is a fully managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. In this session, we dive deep into the security configurations of Amazon SageMaker components, including notebooks, distributed and batch training, and hosting endpoints. We also review Vanguard’s implementation of key controls in a highly regulated environment. These include fine-grained access control, end-to-end encryption in transit, encryption at rest with AWS KMS customer-managed customer master keys (CMKs), private connectivity to all Amazon SageMaker APIs, and comprehensive audit trails for resource and data access.

Securing your Amazon SageMaker model development in a highly regulated enviro...

Amazon Web Services

Most businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know if you and your team are following best practice, or what the risks in your architectures might be? This session will show how the AWS Well-Architected framework provides prescriptive architectural advice, and how the AWS Well-Architected Tool allows you to measure and improve your technology portfolio. We will explain how other customers are using AWS Well-Architected in their business, and we’ll share insights into what we have learned from reviewing tens of thousands of architectures across Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.

Are you Well Architected?

Amazon Web Services

The Executive Security Simulation takes senior security management and IT/business executive teams through an experiential exercise that illuminates key decision points for a successful and secure cloud journey. During this team-based, game-like competitive simulation, participants leverage an industry case study to make strategic security, risk, and compliance time-based decisions and investments. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. Join this workshop to gain an understanding of the major success factors to lead security, risk, and compliance in the cloud, and learn applicable decision and investment approaches to specific secure cloud adoption journeys. AWS facilitators translate lessons learned in the simulation into real-life examples and practical advice for your team.

Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018

Amazon Web Services

Analyzing your web and application logs on AWS. Utrecht AWS Dev Day

javier ramirez

This year, the focus goes beyond technology to mining business insights around how cloud enables strategic industry trends such as Open and Virtual Banking and Insurance, Security and Compliance, Data Analytics and AI/ ML, FinTech and RegTech, Surveillance and more through sharing of best practices and use cases. In sessions led by customers, partners, industry leaders and AWS subject matter experts, you’ll learn how AWS helps financial institutions to focus on the innovation and outcomes that truly drive business forward. Business stakeholders, market makers, and technology owners will all learn something new, valuable and actionable.

Generational shiftsRedefining Customer Experience And The Way To Insure

Amazon Web Services

AWS Dev Day Kyiv 2019 Track: Analytics & Machine Learning Session: "Analyzing your web and application logs" Speaker: Javier Ramirez, AWS Technical Evangelist Level: 300 AWS Dev Day is a free, full-day technical event where new developers will learn about some of the hottest topics in cloud computing, and experienced developers can dive deep on newer AWS services. Provectus has organized AWS Dev Day Kyiv in close collaboration with Amazon Web Services: 800+ participants, 18 sessions, 3 tracks, a really AWSome Day!  Now, together with Zeo Alliance, we're building and nurturing AWS User Group Ukraine — join us on Facebook to stay updated about cloud technologies and AWS services: https://www.facebook.com/groups/AWSUserGroupUkraine Video: https://youtu.be/IpEhEs1sXeg

"Analyzing your web and application logs", Javier Ramirez, AWS Dev Day Kyiv 2...

Provectus

Security Framework Shakedown

Amazon Web Services

Security in the cloud

Reham Maher El-Safarini

Inovação Rápida: O caso de negócio para desenvolvimento de aplicações modernas.

Amazon Web Services LATAM

Building a Better Business Case for Migrating to Cloud

Amazon Web Services

As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days.

Security Framework Shakedown: Chart Your Journey with AWS Best Practices

Amazon Web Services

Developing an effective cloud migration strategy and making data-driven decisions rely heavily on understanding and extracting insights from analyzing migration portfolio. Discovering workloads complexity and dependency, understanding financial implications and developing a realistic migration wave plan are critical to the success of a mass migration. This session introduces AWS migration discovery and planning process, its inputs and consequential insights, and how they enable developing effective mass migration strategies. We will showcase the use of AWS migration portfolio analysis (MPA) tool that consumes discovered information and produces important information for planning an enterprise migration journey.

Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...

Amazon Web Services

Take action on your security & compliance alerts with AWS Security Hub - SEC2...

Amazon Web Services

AWS Dev Day Kyiv 2019 Track: Modern Application Development Session: "How to build a global serverless service" Speaker: Alex Casalboni, AWS Technical Evangelist Level: 400 AWS Dev Day is a free, full-day technical event where new developers will learn about some of the hottest topics in cloud computing, and experienced developers can dive deep on newer AWS services. Provectus has organized AWS Dev Day Kyiv in close collaboration with Amazon Web Services: 800+ participants, 18 sessions, 3 tracks, a really AWSome Day!  Now, together with Zeo Alliance, we're building and nurturing AWS User Group Ukraine — join us on Facebook to stay updated about cloud technologies and AWS services: https://www.facebook.com/groups/AWSUserGroupUkraine Video: https://youtu.be/Q19B-NTkMfk

"How to build a global serverless service", Alex Casalboni, AWS Dev Day Kyiv ...

Provectus

Similar to How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019 (20)

Automate Security Event Management Using Trust-Based Decision Models - AWS Su...

NIST Compliance, AWS Federal Pop-Up Loft

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...

Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS

2. migration, disaster recovery and business continuity in the cloud

Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019

Securing your Amazon SageMaker model development in a highly regulated enviro...

Are you Well Architected?

Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018

Analyzing your web and application logs on AWS. Utrecht AWS Dev Day

Generational shiftsRedefining Customer Experience And The Way To Insure

"Analyzing your web and application logs", Javier Ramirez, AWS Dev Day Kyiv 2...

Security Framework Shakedown

Security in the cloud

Inovação Rápida: O caso de negócio para desenvolvimento de aplicações modernas.

Building a Better Business Case for Migrating to Cloud

Security Framework Shakedown: Chart Your Journey with AWS Best Practices

Developing-Effective-Mass-Migration-Strategy-out-of-a-Tool-based-Portfolio-As...

Take action on your security & compliance alerts with AWS Security Hub - SEC2...

"How to build a global serverless service", Alex Casalboni, AWS Dev Day Kyiv ...

More from Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019

2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Dow Jones brings together world-leading data, media, membership and intelligence solutions to power the most ambitious companies and professionals. https://www.dowjones.com https://dowjones.jobs

3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Why ? 1. Forming a protective ring around our applications, like saturn 2. Being nimble - alternative to current edge provider 3. Application security 4. Operational security 5. Certificate management and automation 6. Inclement state alarms 7. Advanced SIEM 8. Monitoring and operations 9. Error pages - standard error pages for 50x errors 10. Performance

4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Layer 4 – Shield Advanced 2. Layer 7 – AWS WAF OWASP top 10 3. Monitoring – Error rates and web-attack alarms 4. Logging – Using Amazon Athena to search cloud-front logs 5. Performance – out of band abuse processing and reporting 6. AWS Lambda @Edge – JWT validation 7. Simplified SPA patterns – Simplification of an app

16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. High rate abuse case and rate control ● IP based rate controls fail ○ NAT IPs – One abuser punishes all the users ○ Rerouted traffic is not controlled ● Unauthenticated session ○ If you don’t have one – you get one ○ Rate control apply on this session ● Tie unauthenticated session to authenticated one

20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. SQL query WITH ds AS (SELECT *, parse_datetime( concat( concat( format_datetime(date, 'yyyy-MM-dd'), '-' ), time ),'yyyy-MM-dd-HH:mm:ss') AS datetime FROM ”table1"."cf" WHERE src=’example.com' and uri = ’/content/search' and date = date('2019-04-12') and method = 'GET') SELECT * FROM ds WHERE datetime BETWEEN timestamp '2019-04-12 18:00:00' AND timestamp '2019-04-12 18:05:00' order by time

How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019

Similar to How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

How Dow Jones uses AWS to create a secure perimeter around its web properties - SDD316 - AWS re:Inforce 2019