SlideShare a Scribd company logo

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

Stephen Schmidt, Chief Information Security Officer at AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.

1 of 88
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leadership Session: AWS Security Steve Schmidt Vice President and Chief Information Security Officer Amazon Web Services Twitter: @StephenSchmidt S E C 3 0 5 - L
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“The truth must be quite plain, if one could just clear away the litter.” Agatha Christie, A Caribbean Mystery
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Behind the scenes - SecOps on-call AWS Security Ticket - Port Scanning abuse case created …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Ticket – LogScan errors detected … Behind the scenes - SecOps on-call
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Ticket – Experiencing 500s in … Behind the scenes - SecOps on-call
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Behind the scenes - SecOps on-call AWS Security Ticket – Proxy high latency in XXX region …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Expectations Buy-in from leadership Radically restrict and monitor Human Access to data / Patching / Log retention duration / Credentials lifespan + blast radius reduction / AWS Encryption everywhere / Canaries and invariants for security functionality Key performance indicators AppSec reviews / Automated Security checks / Third-party Audits / Internal Time Spent metrics / Conformity with SLAs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Correction of Errors (COE) • Compile detailed timeline to systematically understand the incident. • Analyze impact on business and customers • Find root cause of issue by diving deep into sequence of events • Address root cause via trackable and deliverable action items • Eliminate opportunity for reoccurrence by analyzing and sharing lessons learned This is NOT a process to place blame, nor is it a punitive tool
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Correction of Errors (COE) – The five “why”s •Ask questions until you have actionable root causes •Address root causes with actions/deadline/owner •Your analysis may branch into multiple root causes
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Suspicious page from a obfuscated phishing domain (no whois record) … Behind the scenes - SecOps on-call
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The power of the AWS Cloud – Our customers
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 239 new security features
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Management, security, and monitoring Storage Customer instances Network Hypervisor Original Amazon EC2 host architecture SERVER
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Improved performance by isolating functions within the hypervisor; moving them away from hardware • Offloaded network processing to dedicated hardware within the system, decoupling from hardware that managed the hypervisor, saving significant CPU time through more efficient network packet processing • Offloaded storage, requiring Amazon EC2 host software to validate, encrypt and route storage requests Amazon EC2 - C3 & C4 instances launched
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Management, security, and monitoring Storage Customer instances Network Nitro hypervisor 2017: Amazon EC2 C5 instances launched SERVER NITRO SYSTEM
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resource-based policies
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPN Connection Network Load Balancer Inter-Region VPC Peering Bring Your Own IP Address
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous changeRecordingChanging resources AWS Config - Overview History Stream Snapshot (ex. 2018-06-05)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Store the compliance history of AWS resources evaluated by Config rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Now offers agentless network assessments
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty adds three new threat detections UnauthorizedAccess:EC2/TorClient UnauthorizedAccess:EC2/TorRelay CryptoCurrency:EC2/BitcoinTool.B.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Processes an average 92.7million/sec flow log records
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty = automatic cost savings • Travel company | 44% reduction in GuardDuty spend • Financial services company | 82% reduction • Automotive company | 79% reduction • Social media company | 86% reduction
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing: Amazon S3 block public access
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 block public access
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Ticket - DDoS abuse case created … Behind the scenes - SecOps on-call
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“The time to repair the roof is when the sun is shining.” John F. Kennedy, State of the Union, 1962
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24 48 61 82 159 280 516 722 1017 1430 1,800+ 0 300 600 900 1200 1500 1800 2100 1 2 3 4 5 6 7 8 9 10 11 Pace of innovation | Launches
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. From reactive to proactive Pace of innovation: 1800+ updates Meets pace of protection: 239 security updates … through automation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pattern for automated remediation Detection Alerting Remediation Countermeasures Forensics VPC Flow logs APIs Team collaboration
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudWatch + AWS Lambda + AWS Systems Manager Amazon EC2 instance contents Amazon EC2 instance: ec2-user$ top ec2-user$ pcap Event Documents Amazon EBS Volume Amazon EBS snapshot
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example response timeline Time Analyze Trace origin Remediate Event Rule matched Alert sent Correlate Check baseline Remediate Incidentdetected Traditional Response Response Locate Get logs Correlate
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Kinesis • Capture, store, and analyze streaming data • Quickly load TBs per hour of streaming data into the cloud for applications such as social media analysis or IoT • Build custom applications that process or analyze streaming data such as real-time content recommendations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Physical Security – Kinesis Video Have cameras for physical security? Leverage Kinesis Video New Glacier Deep Archive storage at $0.00099 GB a month
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our mission Powering prosperity around the world
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Who we are: Founded 8,900 Employees 50M Customers 1993 IPO $6B FY18 Revenue 21 Locations 1983
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where are we in our journey?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why AWS? Cost efficiencies for highly elastic business model Speed and ease for our engineers and operations teams Strategic enterprise partnership and cultural fit
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. …and we discovered more Recruitment AWS is a magnet Global reach Servers where we need them Security innovation Security as code
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security services circa 2012
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Intuit’s security hierarchy of needs 4Authentication Access and privileges Asset management Metadata and attribution 2 Encryption Protection of data in transit and at rest 5 Zoning and containment Govern the boundaries 1 Logging Collecting metadata 3
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Meeting security requirements in the cloud in 2012 Asset management 2 Authentication 4 Logging 3 Encryption 5 Zoning & containment 1
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Zoning and containment 1 KEY BENEFITS • Reduced network attack surface • Retired 1000+ EC2 software VPNs with significant operational savings VPN Connection
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Asset management 2 KEY BENEFITS • Accurate and up to date inventory of AWS accounts, resources and systems • Faster response and remediation due to clear attribution to resource owners • Lower operational costs, fewer headaches Orgs.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logging 3 KEY BENEFITS • Better detection through audit trails of control/data plane events and network logs • Find the signals from the noise in petabytes of logs Flow logs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Authentication 4 KEY BENEFITS • Single sign-on to AWS tied to Intuit identity • Meet compliance requirements at scale • Policy management across Intuit’s AWS fleet of accounts Orgs. Fine Grained Access
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Encryption 5 KEY BENEFITS • Checkbox transparent data encryption standard for all Intuit’s data at rest • Encryption of data at rest across AWS services • Audit trail of access to all keys App Level Encryption
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Meeting security requirements in the cloud today Asset management Authentication Encryption Logging Zoning & containment
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • 70+ Intuit patents and collaborated with AWS on dozens of services • Pioneered DevSecOps model for public cloud • Accelerated delivery of new security and platform capabilities InnovationCost • Lower TCO by eliminating clones and converging on AWS services • Increased investments to combat rapidly evolving threat landscape • Faster detection and response • Lowering security risks faster • More scalable controls across the enterprise • Leveraging the power of all Intuit engineers through DevSecOps Speed and ease Security benefits
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Looking ahead
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Michele Iacovone SVP, Chief Information Security & Fraud Officer
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
”As long as the world is turning and spinning, we’re gonna be dizzy and we’re gonna make mistakes.” Mel Brooks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security incidents in the news inappropriate access to personal information … Financial Services: unauthorized third parties used employee information to gain access to company websites, possibly accessing personal information … Retail: investigating an incident where a contract worker improperly handled employee data … Financial Services: may have occurred through a technique called "credential stuffing," in which hackers who have stolen passwords for other websites try them out under the assumption that people use the same passwords everywhere they go on the web …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Fine-grained entitlements • Strict separation of duties (SoD) • Rich audit trail for compliance • Micro-segmentation • Cloud + DevOps = rapid patching • Multiple recovery options Minimize attack surface
“The necessity of procuring good Intelligence is apparent & need not be further urged.” George Washington
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat intelligence Consume feeds from various sources: • AWS Security • Commercial feeds • Open source feeds • Customer provided threat intel (STIX) • Known malware infected hosts • IP Blacklist • Anonymizing Proxies • Sites hosting malware & hacker tools = Great catch-all for suspicious & malicious activity
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to action: Try this at home 1) Document all human interaction with systems that process data. Engineering & operations teams should drive this goal 2) Deeply understand how software is created and shipped. Don’t just sit with AppSec team, include Dev and Security team
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to action: Try this at home 3) Catalog controls and visibility into Continuous Integration and Continuous Delivery (CI/CD) pipelines. This is where change management and control happens 4) Set crisp goals with owners to harden pipeline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to action: Try this at home 5) Drive workload deployment from source code. Catalog % of workloads built on automation 6) Reduce human access to systems that process sensitive data by: 80%(hint: this can’t be done through effort alone)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Maximize your most valuable resource
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automation retains talent
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Excessive traffic to external IP address: xx.xx.xxx.xxx rate xxxxxx packets p/sec … Behind the scenes - SecOps on-call
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“The future depends on what you do today.” Mahatma Gandhi
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Provable Security Provable Security verify the correctness of https://aws.amazon.com/security/provable-security/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Source control Current state • Network and system engineers directly log into systems to make changes • Fixed credentials • Version control for infrastructure configuration is a decoupled process • Changes are committed to source control for infrastructure and pipeline executes the change • Temp credentials vended to the build system • Changes cannot be made without version control Future state
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IT map - Traditional IT Products & services CTO/VP applications/LoB owners Digital products, brand websites, mobile applications, point of-sale systems, commerce E-mail, productivity, collaboration, HR, finance, ERP Back office systems CIO/VP corp systems Desktop support, device management, telephony, IT support End user computing VP IT support Infrastructure/delivery VP Infrastructure Information Security CISO Encryption, Key Management, Identity Management, Firewalls, IDS, DDoS PMO Engineering Operations Design
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. End user computing Back office systems Business app Business app Business app Business app Business appBusiness app Products and services Information Security Cloud Center of Excellence IT map - A cloud-first tomorrow
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Compliance certifications at launch
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Keynotes KEYNOTE: Andy Jassy, CEO, AWS Wednesday, November 28 8:00am-10:30am The Venetian, Level 2 KEYNOTE: Dr. Werner Vogels, CTO, Amazon Thursday, November 29 8:30am-10:30am The Venetian, Level 2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related breakouts Tonight Become an IAM Policy Master in 60 Minutes or Less 7pm – 8pm | Aria West, Level 3, Ironwood 5 Wednesday, Nov 28th Using AWS Lambda as a Security Team 1pm – 2pm | Mirage, Grand Ballroom F Wednesday, Nov 28th Data Protection: Encryption, Availability, Resiliency, and Durability 3:15pm – 4:15pm | MGM, Level 1, Grand Ballroom 113
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related breakouts Wednesday, Nov 28th Well-Architected for Security 4:45pm – 5:45pm | Venetian, Level 3, Murano 3302 Thursday, Nov 29th Netflix Cloud Forensics 1pm – 2pm | Mirage, Grand Ballroom F Friday, Nov 30th Mastering Identity at Every Layer of the Cake 10am – 11am | Venetian, Level 4, Delfino 4005
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Jam at re:Invent Security Jam: MGM Studio Ballroom - Thursday, Nov. 29 @ 8AM Join us for a day-long security jam! We will provide the beat and brand-new incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents Powered By: Jam Lounge: Venetian Partner Expo Hall – Tundra Lounge AWS and a select few partners will provide environments and scenarios where you can learn new skills and practice current ones while competing in the following areas: Security, All-In, and Data Analytics Powered By:
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. More information Visit the AWS Booth: Venetian Expo Hall AWS Security Twitter: @AWSSecurityInfo My Twitter: @StephenSchmidt AWS Security Blog: aws.amazon.com/blogs/security/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Coming in 2019: AWS re:Inforce
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Employee locked out of his account under suspicious circumstances … Behind the scenes - SecOps on-call
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
 
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Amazon Web Services
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
Amazon Web Services
 

Recommended

The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
 
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Amazon Web Services
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
Amazon Web Services
 
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Amazon Web Services
 
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Amazon Web Services
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Amazon Web Services
 
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Amazon Web Services
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
Amazon Web Services
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Amazon Web Services
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Amazon Web Services
 
Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...
Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...
Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...
Amazon Web Services
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
Amazon Web Services
 
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Amazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Amazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3
Amazon Web Services
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Amazon Web Services
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Amazon Web Services
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
Amazon Web Services
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Amazon Web Services
 
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Amazon Web Services
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
Amazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
Amazon Web Services
 

More Related Content

What's hot

Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Amazon Web Services
 
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Amazon Web Services
 
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Amazon Web Services
 
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Amazon Web Services
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Amazon Web Services
 
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Amazon Web Services
 

What's hot (20)

Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
 
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
 
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
 
Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...
Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...
Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
 
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
 
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...
 

Similar to Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
Amazon Web Services
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Amazon Web Services
 
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Amazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
Amazon Web Services
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Amazon Web Services
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
Amazon Web Services
 
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
Amazon Web Services
 

Similar to Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018 (20)

New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your Firewall
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
The New Normal Getting Started with AWS
The New Normal Getting Started with AWSThe New Normal Getting Started with AWS
The New Normal Getting Started with AWS
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS Migrations
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leadership Session: AWS Security Steve Schmidt Vice President and Chief Information Security Officer Amazon Web Services Twitter: @StephenSchmidt S E C 3 0 5 - L
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. “The truth must be quite plain, if one could just clear away the litter.” Agatha Christie, A Caribbean Mystery
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Behind the scenes - SecOps on-call AWS Security Ticket - Port Scanning abuse case created …
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Ticket – LogScan errors detected … Behind the scenes - SecOps on-call
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Ticket – Experiencing 500s in … Behind the scenes - SecOps on-call
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Behind the scenes - SecOps on-call AWS Security Ticket – Proxy high latency in XXX region …
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Expectations Buy-in from leadership Radically restrict and monitor Human Access to data / Patching / Log retention duration / Credentials lifespan + blast radius reduction / AWS Encryption everywhere / Canaries and invariants for security functionality Key performance indicators AppSec reviews / Automated Security checks / Third-party Audits / Internal Time Spent metrics / Conformity with SLAs
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Correction of Errors (COE) • Compile detailed timeline to systematically understand the incident. • Analyze impact on business and customers • Find root cause of issue by diving deep into sequence of events • Address root cause via trackable and deliverable action items • Eliminate opportunity for reoccurrence by analyzing and sharing lessons learned This is NOT a process to place blame, nor is it a punitive tool
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Correction of Errors (COE) – The five “why”s •Ask questions until you have actionable root causes •Address root causes with actions/deadline/owner •Your analysis may branch into multiple root causes
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Suspicious page from a obfuscated phishing domain (no whois record) … Behind the scenes - SecOps on-call
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The power of the AWS Cloud – Our customers
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 239 new security features
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Management, security, and monitoring Storage Customer instances Network Hypervisor Original Amazon EC2 host architecture SERVER
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Improved performance by isolating functions within the hypervisor; moving them away from hardware • Offloaded network processing to dedicated hardware within the system, decoupling from hardware that managed the hypervisor, saving significant CPU time through more efficient network packet processing • Offloaded storage, requiring Amazon EC2 host software to validate, encrypt and route storage requests Amazon EC2 - C3 & C4 instances launched
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Management, security, and monitoring Storage Customer instances Network Nitro hypervisor 2017: Amazon EC2 C5 instances launched SERVER NITRO SYSTEM
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resource-based policies
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPN Connection Network Load Balancer Inter-Region VPC Peering Bring Your Own IP Address
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous changeRecordingChanging resources AWS Config - Overview History Stream Snapshot (ex. 2018-06-05)
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Store the compliance history of AWS resources evaluated by Config rules
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Now offers agentless network assessments
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty adds three new threat detections UnauthorizedAccess:EC2/TorClient UnauthorizedAccess:EC2/TorRelay CryptoCurrency:EC2/BitcoinTool.B.
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Processes an average 92.7million/sec flow log records
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty = automatic cost savings • Travel company | 44% reduction in GuardDuty spend • Financial services company | 82% reduction • Automotive company | 79% reduction • Social media company | 86% reduction
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing: Amazon S3 block public access
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 block public access
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Ticket - DDoS abuse case created … Behind the scenes - SecOps on-call
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. “The time to repair the roof is when the sun is shining.” John F. Kennedy, State of the Union, 1962
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24 48 61 82 159 280 516 722 1017 1430 1,800+ 0 300 600 900 1200 1500 1800 2100 1 2 3 4 5 6 7 8 9 10 11 Pace of innovation | Launches
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. From reactive to proactive Pace of innovation: 1800+ updates Meets pace of protection: 239 security updates … through automation
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pattern for automated remediation Detection Alerting Remediation Countermeasures Forensics VPC Flow logs APIs Team collaboration
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudWatch + AWS Lambda + AWS Systems Manager Amazon EC2 instance contents Amazon EC2 instance: ec2-user$ top ec2-user$ pcap Event Documents Amazon EBS Volume Amazon EBS snapshot
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example response timeline Time Analyze Trace origin Remediate Event Rule matched Alert sent Correlate Check baseline Remediate Incidentdetected Traditional Response Response Locate Get logs Correlate
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Kinesis • Capture, store, and analyze streaming data • Quickly load TBs per hour of streaming data into the cloud for applications such as social media analysis or IoT • Build custom applications that process or analyze streaming data such as real-time content recommendations
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Physical Security – Kinesis Video Have cameras for physical security? Leverage Kinesis Video New Glacier Deep Archive storage at $0.00099 GB a month
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our mission Powering prosperity around the world
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Who we are: Founded 8,900 Employees 50M Customers 1993 IPO $6B FY18 Revenue 21 Locations 1983
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where are we in our journey?
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why AWS? Cost efficiencies for highly elastic business model Speed and ease for our engineers and operations teams Strategic enterprise partnership and cultural fit
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. …and we discovered more Recruitment AWS is a magnet Global reach Servers where we need them Security innovation Security as code
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security services circa 2012
  • 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Intuit’s security hierarchy of needs 4Authentication Access and privileges Asset management Metadata and attribution 2 Encryption Protection of data in transit and at rest 5 Zoning and containment Govern the boundaries 1 Logging Collecting metadata 3
  • 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Meeting security requirements in the cloud in 2012 Asset management 2 Authentication 4 Logging 3 Encryption 5 Zoning & containment 1
  • 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Zoning and containment 1 KEY BENEFITS • Reduced network attack surface • Retired 1000+ EC2 software VPNs with significant operational savings VPN Connection
  • 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Asset management 2 KEY BENEFITS • Accurate and up to date inventory of AWS accounts, resources and systems • Faster response and remediation due to clear attribution to resource owners • Lower operational costs, fewer headaches Orgs.
  • 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logging 3 KEY BENEFITS • Better detection through audit trails of control/data plane events and network logs • Find the signals from the noise in petabytes of logs Flow logs
  • 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Authentication 4 KEY BENEFITS • Single sign-on to AWS tied to Intuit identity • Meet compliance requirements at scale • Policy management across Intuit’s AWS fleet of accounts Orgs. Fine Grained Access
  • 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Encryption 5 KEY BENEFITS • Checkbox transparent data encryption standard for all Intuit’s data at rest • Encryption of data at rest across AWS services • Audit trail of access to all keys App Level Encryption
  • 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Meeting security requirements in the cloud today Asset management Authentication Encryption Logging Zoning & containment
  • 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • 70+ Intuit patents and collaborated with AWS on dozens of services • Pioneered DevSecOps model for public cloud • Accelerated delivery of new security and platform capabilities InnovationCost • Lower TCO by eliminating clones and converging on AWS services • Increased investments to combat rapidly evolving threat landscape • Faster detection and response • Lowering security risks faster • More scalable controls across the enterprise • Leveraging the power of all Intuit engineers through DevSecOps Speed and ease Security benefits
  • 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Looking ahead
  • 60. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Michele Iacovone SVP, Chief Information Security & Fraud Officer
  • 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 62. ”As long as the world is turning and spinning, we’re gonna be dizzy and we’re gonna make mistakes.” Mel Brooks
  • 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security incidents in the news inappropriate access to personal information … Financial Services: unauthorized third parties used employee information to gain access to company websites, possibly accessing personal information … Retail: investigating an incident where a contract worker improperly handled employee data … Financial Services: may have occurred through a technique called "credential stuffing," in which hackers who have stolen passwords for other websites try them out under the assumption that people use the same passwords everywhere they go on the web …
  • 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Fine-grained entitlements • Strict separation of duties (SoD) • Rich audit trail for compliance • Micro-segmentation • Cloud + DevOps = rapid patching • Multiple recovery options Minimize attack surface
  • 65. “The necessity of procuring good Intelligence is apparent & need not be further urged.” George Washington
  • 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat intelligence Consume feeds from various sources: • AWS Security • Commercial feeds • Open source feeds • Customer provided threat intel (STIX) • Known malware infected hosts • IP Blacklist • Anonymizing Proxies • Sites hosting malware & hacker tools = Great catch-all for suspicious & malicious activity
  • 67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to action: Try this at home 1) Document all human interaction with systems that process data. Engineering & operations teams should drive this goal 2) Deeply understand how software is created and shipped. Don’t just sit with AppSec team, include Dev and Security team
  • 68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to action: Try this at home 3) Catalog controls and visibility into Continuous Integration and Continuous Delivery (CI/CD) pipelines. This is where change management and control happens 4) Set crisp goals with owners to harden pipeline
  • 69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to action: Try this at home 5) Drive workload deployment from source code. Catalog % of workloads built on automation 6) Reduce human access to systems that process sensitive data by: 80%(hint: this can’t be done through effort alone)
  • 70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Maximize your most valuable resource
  • 71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automation retains talent
  • 72. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Excessive traffic to external IP address: xx.xx.xxx.xxx rate xxxxxx packets p/sec … Behind the scenes - SecOps on-call
  • 73. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 74. “The future depends on what you do today.” Mahatma Gandhi
  • 75. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Provable Security Provable Security verify the correctness of https://aws.amazon.com/security/provable-security/
  • 76. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Source control Current state • Network and system engineers directly log into systems to make changes • Fixed credentials • Version control for infrastructure configuration is a decoupled process • Changes are committed to source control for infrastructure and pipeline executes the change • Temp credentials vended to the build system • Changes cannot be made without version control Future state
  • 77. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IT map - Traditional IT Products & services CTO/VP applications/LoB owners Digital products, brand websites, mobile applications, point of-sale systems, commerce E-mail, productivity, collaboration, HR, finance, ERP Back office systems CIO/VP corp systems Desktop support, device management, telephony, IT support End user computing VP IT support Infrastructure/delivery VP Infrastructure Information Security CISO Encryption, Key Management, Identity Management, Firewalls, IDS, DDoS PMO Engineering Operations Design
  • 78. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. End user computing Back office systems Business app Business app Business app Business app Business appBusiness app Products and services Information Security Cloud Center of Excellence IT map - A cloud-first tomorrow
  • 79. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Compliance certifications at launch
  • 80. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Keynotes KEYNOTE: Andy Jassy, CEO, AWS Wednesday, November 28 8:00am-10:30am The Venetian, Level 2 KEYNOTE: Dr. Werner Vogels, CTO, Amazon Thursday, November 29 8:30am-10:30am The Venetian, Level 2
  • 81. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related breakouts Tonight Become an IAM Policy Master in 60 Minutes or Less 7pm – 8pm | Aria West, Level 3, Ironwood 5 Wednesday, Nov 28th Using AWS Lambda as a Security Team 1pm – 2pm | Mirage, Grand Ballroom F Wednesday, Nov 28th Data Protection: Encryption, Availability, Resiliency, and Durability 3:15pm – 4:15pm | MGM, Level 1, Grand Ballroom 113
  • 82. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related breakouts Wednesday, Nov 28th Well-Architected for Security 4:45pm – 5:45pm | Venetian, Level 3, Murano 3302 Thursday, Nov 29th Netflix Cloud Forensics 1pm – 2pm | Mirage, Grand Ballroom F Friday, Nov 30th Mastering Identity at Every Layer of the Cake 10am – 11am | Venetian, Level 4, Delfino 4005
  • 83. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Jam at re:Invent Security Jam: MGM Studio Ballroom - Thursday, Nov. 29 @ 8AM Join us for a day-long security jam! We will provide the beat and brand-new incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents Powered By: Jam Lounge: Venetian Partner Expo Hall – Tundra Lounge AWS and a select few partners will provide environments and scenarios where you can learn new skills and practice current ones while competing in the following areas: Security, All-In, and Data Analytics Powered By:
  • 84. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. More information Visit the AWS Booth: Venetian Expo Hall AWS Security Twitter: @AWSSecurityInfo My Twitter: @StephenSchmidt AWS Security Blog: aws.amazon.com/blogs/security/
  • 85. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Coming in 2019: AWS re:Inforce
  • 86. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Employee locked out of his account under suspicious circumstances … Behind the scenes - SecOps on-call
  • 87. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 88. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.