SlideShare a Scribd company logo

NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics

Amazon Web Services
Amazon Web Services

This session provides an overview of IPv6 and covers key aspects of AWS support for the protocol. We discuss Amazon S3 and S3 Transfer Acceleration, Amazon CloudFront and AWS WAF, Amazon Route 53, AWS IoT, Elastic Load Balancing, and the virtual private cloud (VPC) environment of Amazon EC2. The presentation assumes solid knowledge of IPv4 and these AWS services.

1 of 54
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. N E T 2 0 3 AWS re:INVENT Using Amazon VPC Flow Logs to Do Predictive Security Analytics N o v e m b e r 2 7 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introductions and Welcome Carl Johnson Enterprise Solutions Architect carlpjoh@amazon.com Grant McCarthy Enterprise Solutions Architect gmccarth@amazon.com
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prerequisites Full Participation: • A laptop with Internet Access and a Web Browser. • AWS Account with full IAM privileges, access to EU-WEST-1 region. • EC2 Keypair in the EU-WEST-1 region. • Setup your web stack using this AWS CloudFormation: http://amzn.to/2yX3rSb • A basic understanding of ANSI SQL, Amazon VPC, AWS Lambda, and AWS WAF. Follow Along: • A neighbor that loves to share! $25 AWS Credits are available at the end of the workshop
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reference Architecture EC2 EC2 VPC Internet Gateway Application Load Balancer VPC Flow Logs S3 Amazon Elasticsearch Service Amazon Kinesis Analytics Amazon Machine Learning Amazon Kinesis Firehose
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Services used? Primary to this solution: AWS Web Application Firewall (WAF) Amazon VPC Flow Logs Amazon Elasticsearch Service Amazon Kinesis Analytics Amazon Machine Learning Helpers: Amazon Kinesis Firehose Amazon Simple Storage Service (S3) Amazon Lambda Amazon CloudWatch Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are we doing and why? Users Attackers EC2 Application
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are we doing and why? Users Attackers EC2 Application WAF
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Web Application Firewall
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a web application firewall? • Web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to HTTP traffic • WAFs come in four flavors • Pure play: Standalone appliance or software • CDN: bundled with content delivery network • Load balancer: bundled with a load balancer • Universal threat manager (UTM): catch-all for misc. security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? Application vulnerabilities: Good users Bad folks Web server Database Exploit code Your application
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? Abuse detection and prevention: Good users Bad folks Web server Database Your applicationData leaks
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? Distributed denial of service (DDOS) attacks: Good users Bad folks Web server Database Your application
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Why use a WAF? AWS WAF  block the bad folks and allow the good users: Good users Bad folks Web server Database Your application
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? • WAFs help protect websites and applications against attacks that cause data breaches and downtime • General WAF use cases • Protect from SQL injection (SQLi) and cross-site scripting (XSS) • Prevent website scraping, crawlers, and BOTs • Mitigate DDOS (HTTP/HTTPS floods) • Gartner reports that main driver of WAF purchases (25- 30%) is PCI compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How - Analyze. Users Attackers EC2 Application Human: Analyze
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon VPC Flow Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon VPC Flow Logs  Stores log in AWS CloudWatch Logs  Can be enabled on • Amazon VPC, a subnet, or a network interface • Amazon VPC & Subnet enables logging for all interfaces in the VPC/subnet • Each network interface has a unique log stream  Flow logs do not capture real-time log streams for your network interfaces  Filter desired result based on need • All, Reject, Accept • Troubleshooting or security related with alerting needs? • Think before enabling All on VPC, will you use it?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How – Protect. Users Attackers EC2 Application WAF Human: Protect
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elasticsearch Service Amazon Kinesis Firehose VPC Flow Logs AWS WAF Amazon Elasticsearch Service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elasticsearch Service – Use Case 1 http://amzn.to/2yX9dTR
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How - Analyze. Users Attackers EC2 Application Machine: Analyze
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics Pay for only what you use Automatic elasticity Standard SQL for analytics Real-time processing Easy to use
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use SQL to build real-time applications Easily write SQL code to process streaming data Connect to streaming source Continuously deliver SQL results
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Connect to streaming source • Streaming data sources include Firehose or Streams • Automatic ingestion of JSON and CSV formats; Other formats supported through Lambda Pre-processing. • Each input has a schema; schema is inferred, but you can edit • Reference data sources (S3) for data enrichment
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write SQL code • Build streaming applications with one-to-many SQL statements • Robust SQL support and advanced analytic functions • Extensions to the SQL standard to work seamlessly with streaming data • Support for at-least-once processing semantics • Support for the majority of ANSI SQL 2011 standard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuously deliver SQL results • Send processed data to multiple destinations • S3, Amazon Redshift, Amazon ES (through Firehose) • Streams (with AWS Lambda integration for custom destinations) • End-to-end processing speed as low as sub- second • Separation of processing and data delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Generate time series analytics • Compute key performance indicates over-time windows • Combine with historical data in S3 or Amazon Redshift Amazon Kinesis AnalyticsStreams Firehose Amazon Redshift S3 Streams Firehose Custom,real- time destinations
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Feed real-time dashboards • Validate and transform raw data, and then process to calculate meaningful statistics • Send processed data downstream for visualization in BI and visualization services Amazon QuickSightAnalytics Amazon ES Amazon Redshift Amazon RDS Streams Firehose
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Create real-time alarms and notifications • Build sequences of events from the stream, like user sessions in a clickstream or app behavior through logs • Identify events (or a series of events) of interest, and react to the data through alarms and notifications Analytics Streams Firehose Streams Amazon SNS Amazon CloudWatch Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How – Detect & Protect. Users Attackers EC2 Application WAF Machine: Analyze, Detect, Alert, Protect
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics Amazon Kinesis Firehose AWS WAF Amazon SNSVPC Flow Logs AWS Lambda Alert? Amazon Kinesis Analytics
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics - Use Case 1 High Frequency abuse, content crawlers. Lets block them! http://amzn.to/2zDsgPY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How - Learn. Users Attackers EC2 Application Machine: Learn
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AI Solutions for Every DeveloperUSABILITY& SIMPLICITY CONTROL
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is Amazon Machine Learning? • Easy-to-use, managed machine learning service built for developers • Robust, powerful machine learning technology based on Amazon’s internal systems • Create models using your data already stored in the AWS cloud • Deploy models to production in seconds
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Integrated with the AWS data ecosystem Access data that is stored in Amazon S3, Amazon Redshift, or MySQL databases in Amazon RDS Output predictions to Amazon S3 for easy integration with your data flows Use AWS Identity and Access Management (IAM) for fine-grained data access permission policies
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Binary classification Predict the answer to a Yes/No question Multiclass classification Predict the correct category from a list Regression Predict the value of a numeric variable Three supported types of predictions
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Explore and understand your data
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Explore model quality
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Batch predictions Asynchronous, large-volume prediction generation Request through service console or API Best for applications that deal with batches of data records >>> import boto >>> ml = boto.connect_machinelearning() >>> model = ml.create_batch_prediction( batch_prediction_id = 'my_batch_prediction’, batch_prediction_data_source_id = ’my_datasource’, ml_model_id = ’my_model', output_uri = 's3://examplebucket/output/’)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real-time predictions Synchronous, low-latency, high-throughput prediction generation Request through service API, server, or mobile SDKs Best for interaction applications that deal with individual data records >>> import boto >>> ml = boto.connect_machinelearning() >>> ml.predict( ml_model_id = ’my_model', predict_endpoint = ’example_endpoint’, record = {’key1':’value1’, ’key2':’value2’}) { 'Prediction': { 'predictedValue': 13.284348, 'details': { 'Algorithm': 'SGD', 'PredictiveModelType': 'REGRESSION’ } } }
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How – Predict & Protect. Users Attackers EC2 Application WAF Machine: Learn, Predict, Alert, Protect
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning Amazon S3 Amazon Kinesis Firehose AWS WAF Amazon SNS VPC Flow Logs AWS Lambda Amazon Machine Learning
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning - Use Case 1 Test the model and lets rate limit them! http://amzn.to/2yYnsHR
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Build an Amazon Machine Learning Collect & Organize Augment & Enrich Experiment & Learn
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning AWS WAF Amazon SNS VPC Flow Logs Amazon Machine Learning Good Traffic? Yes No Within acceptable limits? Yes No Extra Credit: Using multiple ML models
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Expected Outcome. Users Attackers EC2 Application WAF Automated: Analyze, Predict, Alert, Protect
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Don’t Forget: Clean up • Ensure any resources used in this Workshop are terminated • Delete the CloudFormation Stack AND/OR • Terminate EC2 instances • Delete S3 objects • Delete Kinesis Delivery streams/Analytics • Remove Lambda triggers on S3 buckets • Etc. $25 AWS Credits are available at the end of the workshop
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Closing & Questions Please complete the survey!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU!

Recommended

CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsAmazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
 
ARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignAmazon Web Services
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerAmazon Web Services
 
NET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private CloudNET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private CloudAmazon Web Services
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
STG301_Deep Dive on Amazon S3 and Glacier Architecture
STG301_Deep Dive on Amazon S3 and Glacier ArchitectureSTG301_Deep Dive on Amazon S3 and Glacier Architecture
STG301_Deep Dive on Amazon S3 and Glacier ArchitectureAmazon Web Services
 

Recommended

CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsAmazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
 
ARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignAmazon Web Services
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerAmazon Web Services
 
NET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private CloudNET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private CloudAmazon Web Services
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
STG301_Deep Dive on Amazon S3 and Glacier Architecture
STG301_Deep Dive on Amazon S3 and Glacier ArchitectureSTG301_Deep Dive on Amazon S3 and Glacier Architecture
STG301_Deep Dive on Amazon S3 and Glacier ArchitectureAmazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
NET308_VPC Design Scenarios for Real-Life Use Cases
NET308_VPC Design Scenarios for Real-Life Use CasesNET308_VPC Design Scenarios for Real-Life Use Cases
NET308_VPC Design Scenarios for Real-Life Use CasesAmazon Web Services
 
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...Amazon Web Services
 
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...Amazon Web Services
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...Amazon Web Services
 
ARC213_Open Source at AWS
ARC213_Open Source at AWSARC213_Open Source at AWS
ARC213_Open Source at AWSAmazon Web Services
 
DAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudDAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudAmazon Web Services
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...Amazon Web Services
 
ABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesAmazon Web Services
 
ARC205_Born in the Cloud
ARC205_Born in the CloudARC205_Born in the Cloud
ARC205_Born in the CloudAmazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS SnapshotsCMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS SnapshotsAmazon Web Services
 
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...Amazon Web Services
 
GPSTEC325-Enterprise Storage
GPSTEC325-Enterprise StorageGPSTEC325-Enterprise Storage
GPSTEC325-Enterprise StorageAmazon Web Services
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsAmazon Web Services
 
NET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterNET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterAmazon Web Services
 
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...Amazon Web Services
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notesAmazon Web Services
 
Optimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSOptimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSAmazon Web Services
 
ARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesAmazon Web Services
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Amazon Web Services
 
Dive deep into technical enhancements - re:Invent Come to London 2.0
Dive deep into technical enhancements - re:Invent Come to London 2.0Dive deep into technical enhancements - re:Invent Come to London 2.0
Dive deep into technical enhancements - re:Invent Come to London 2.0Amazon Web Services
 

More Related Content

What's hot

Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
NET308_VPC Design Scenarios for Real-Life Use Cases
NET308_VPC Design Scenarios for Real-Life Use CasesNET308_VPC Design Scenarios for Real-Life Use Cases
NET308_VPC Design Scenarios for Real-Life Use CasesAmazon Web Services
 
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...Amazon Web Services
 
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...Amazon Web Services
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...Amazon Web Services
 
DAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudDAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudAmazon Web Services
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...Amazon Web Services
 
ABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesAmazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS SnapshotsCMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS SnapshotsAmazon Web Services
 
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...Amazon Web Services
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsAmazon Web Services
 
NET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterNET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterAmazon Web Services
 
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...Amazon Web Services
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notesAmazon Web Services
 
Optimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSOptimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSAmazon Web Services
 
ARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesAmazon Web Services
 

What's hot (20)

Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
 
NET308_VPC Design Scenarios for Real-Life Use Cases
NET308_VPC Design Scenarios for Real-Life Use CasesNET308_VPC Design Scenarios for Real-Life Use Cases
NET308_VPC Design Scenarios for Real-Life Use Cases
 
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
DAT339_Replicate, Analyze, and Visualize Datasets Using AWS Database Migratio...
 
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
ATC303-Cache Me If You Can Minimizing Latency While Optimizing Cost Through A...
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
 
ARC213_Open Source at AWS
ARC213_Open Source at AWSARC213_Open Source at AWS
ARC213_Open Source at AWS
 
DAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudDAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into Cloud
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
 
ABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notes
 
ARC205_Born in the Cloud
ARC205_Born in the CloudARC205_Born in the Cloud
ARC205_Born in the Cloud
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash Talks
 
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS SnapshotsCMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
CMP304_Deep Dive Backing Up Amazon EC2 with Amazon EBS Snapshots
 
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...
 
GPSTEC325-Enterprise Storage
GPSTEC325-Enterprise StorageGPSTEC325-Enterprise Storage
GPSTEC325-Enterprise Storage
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale Migrations
 
NET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterNET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data Center
 
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notes
 
Optimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSOptimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWS
 
ARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using Microservices
 

Similar to NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics

Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Amazon Web Services
 
Dive deep into technical enhancements - re:Invent Come to London 2.0
Dive deep into technical enhancements - re:Invent Come to London 2.0Dive deep into technical enhancements - re:Invent Come to London 2.0
Dive deep into technical enhancements - re:Invent Come to London 2.0Amazon Web Services
 
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL MeetupIntroduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL MeetupBoaz Ziniman
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
Getting started with Serverless on AWS
Getting started with Serverless on AWSGetting started with Serverless on AWS
Getting started with Serverless on AWSAdrian Hornsby
 
Getting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep DiveGetting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep Divejavier ramirez
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Amazon Web Services
 
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...Amazon Web Services
 
Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...
Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...
Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...Amazon Web Services
 
Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017
Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017
Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017Amazon Web Services
 
Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...Amazon Web Services
 
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...Amazon Web Services
 
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Amazon Web Services
 
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSGPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 

Similar to NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics (20)

Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
 
Dive deep into technical enhancements - re:Invent Come to London 2.0
Dive deep into technical enhancements - re:Invent Come to London 2.0Dive deep into technical enhancements - re:Invent Come to London 2.0
Dive deep into technical enhancements - re:Invent Come to London 2.0
 
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL MeetupIntroduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Getting started with Serverless on AWS
Getting started with Serverless on AWSGetting started with Serverless on AWS
Getting started with Serverless on AWS
 
Getting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep DiveGetting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep Dive
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
 
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
 
Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...
Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...
Navigating Microservice Architecture with AWS - AWS Public Sector Summit Sing...
 
Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017
Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017
Migrating Your Microsoft Applications to AWS - ENT325 - re:Invent 2017
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
 
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
 
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
 
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSGPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. N E T 2 0 3 AWS re:INVENT Using Amazon VPC Flow Logs to Do Predictive Security Analytics N o v e m b e r 2 7 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introductions and Welcome Carl Johnson Enterprise Solutions Architect carlpjoh@amazon.com Grant McCarthy Enterprise Solutions Architect gmccarth@amazon.com
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prerequisites Full Participation: • A laptop with Internet Access and a Web Browser. • AWS Account with full IAM privileges, access to EU-WEST-1 region. • EC2 Keypair in the EU-WEST-1 region. • Setup your web stack using this AWS CloudFormation: http://amzn.to/2yX3rSb • A basic understanding of ANSI SQL, Amazon VPC, AWS Lambda, and AWS WAF. Follow Along: • A neighbor that loves to share! $25 AWS Credits are available at the end of the workshop
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reference Architecture EC2 EC2 VPC Internet Gateway Application Load Balancer VPC Flow Logs S3 Amazon Elasticsearch Service Amazon Kinesis Analytics Amazon Machine Learning Amazon Kinesis Firehose
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Services used? Primary to this solution: AWS Web Application Firewall (WAF) Amazon VPC Flow Logs Amazon Elasticsearch Service Amazon Kinesis Analytics Amazon Machine Learning Helpers: Amazon Kinesis Firehose Amazon Simple Storage Service (S3) Amazon Lambda Amazon CloudWatch Logs
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are we doing and why? Users Attackers EC2 Application
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are we doing and why? Users Attackers EC2 Application WAF
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Web Application Firewall
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a web application firewall? • Web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to HTTP traffic • WAFs come in four flavors • Pure play: Standalone appliance or software • CDN: bundled with content delivery network • Load balancer: bundled with a load balancer • Universal threat manager (UTM): catch-all for misc. security
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? Application vulnerabilities: Good users Bad folks Web server Database Exploit code Your application
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? Abuse detection and prevention: Good users Bad folks Web server Database Your applicationData leaks
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? Distributed denial of service (DDOS) attacks: Good users Bad folks Web server Database Your application
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Why use a WAF? AWS WAF  block the bad folks and allow the good users: Good users Bad folks Web server Database Your application
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why use a WAF? • WAFs help protect websites and applications against attacks that cause data breaches and downtime • General WAF use cases • Protect from SQL injection (SQLi) and cross-site scripting (XSS) • Prevent website scraping, crawlers, and BOTs • Mitigate DDOS (HTTP/HTTPS floods) • Gartner reports that main driver of WAF purchases (25- 30%) is PCI compliance
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How - Analyze. Users Attackers EC2 Application Human: Analyze
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon VPC Flow Logs
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon VPC Flow Logs  Stores log in AWS CloudWatch Logs  Can be enabled on • Amazon VPC, a subnet, or a network interface • Amazon VPC & Subnet enables logging for all interfaces in the VPC/subnet • Each network interface has a unique log stream  Flow logs do not capture real-time log streams for your network interfaces  Filter desired result based on need • All, Reject, Accept • Troubleshooting or security related with alerting needs? • Think before enabling All on VPC, will you use it?
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How – Protect. Users Attackers EC2 Application WAF Human: Protect
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elasticsearch Service Amazon Kinesis Firehose VPC Flow Logs AWS WAF Amazon Elasticsearch Service
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elasticsearch Service – Use Case 1 http://amzn.to/2yX9dTR
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How - Analyze. Users Attackers EC2 Application Machine: Analyze
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics Pay for only what you use Automatic elasticity Standard SQL for analytics Real-time processing Easy to use
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use SQL to build real-time applications Easily write SQL code to process streaming data Connect to streaming source Continuously deliver SQL results
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Connect to streaming source • Streaming data sources include Firehose or Streams • Automatic ingestion of JSON and CSV formats; Other formats supported through Lambda Pre-processing. • Each input has a schema; schema is inferred, but you can edit • Reference data sources (S3) for data enrichment
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write SQL code • Build streaming applications with one-to-many SQL statements • Robust SQL support and advanced analytic functions • Extensions to the SQL standard to work seamlessly with streaming data • Support for at-least-once processing semantics • Support for the majority of ANSI SQL 2011 standard
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuously deliver SQL results • Send processed data to multiple destinations • S3, Amazon Redshift, Amazon ES (through Firehose) • Streams (with AWS Lambda integration for custom destinations) • End-to-end processing speed as low as sub- second • Separation of processing and data delivery
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Generate time series analytics • Compute key performance indicates over-time windows • Combine with historical data in S3 or Amazon Redshift Amazon Kinesis AnalyticsStreams Firehose Amazon Redshift S3 Streams Firehose Custom,real- time destinations
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Feed real-time dashboards • Validate and transform raw data, and then process to calculate meaningful statistics • Send processed data downstream for visualization in BI and visualization services Amazon QuickSightAnalytics Amazon ES Amazon Redshift Amazon RDS Streams Firehose
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Create real-time alarms and notifications • Build sequences of events from the stream, like user sessions in a clickstream or app behavior through logs • Identify events (or a series of events) of interest, and react to the data through alarms and notifications Analytics Streams Firehose Streams Amazon SNS Amazon CloudWatch Lambda
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How – Detect & Protect. Users Attackers EC2 Application WAF Machine: Analyze, Detect, Alert, Protect
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics Amazon Kinesis Firehose AWS WAF Amazon SNSVPC Flow Logs AWS Lambda Alert? Amazon Kinesis Analytics
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Analytics - Use Case 1 High Frequency abuse, content crawlers. Lets block them! http://amzn.to/2zDsgPY
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How - Learn. Users Attackers EC2 Application Machine: Learn
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AI Solutions for Every DeveloperUSABILITY& SIMPLICITY CONTROL
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is Amazon Machine Learning? • Easy-to-use, managed machine learning service built for developers • Robust, powerful machine learning technology based on Amazon’s internal systems • Create models using your data already stored in the AWS cloud • Deploy models to production in seconds
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Integrated with the AWS data ecosystem Access data that is stored in Amazon S3, Amazon Redshift, or MySQL databases in Amazon RDS Output predictions to Amazon S3 for easy integration with your data flows Use AWS Identity and Access Management (IAM) for fine-grained data access permission policies
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Binary classification Predict the answer to a Yes/No question Multiclass classification Predict the correct category from a list Regression Predict the value of a numeric variable Three supported types of predictions
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Explore and understand your data
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Explore model quality
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Batch predictions Asynchronous, large-volume prediction generation Request through service console or API Best for applications that deal with batches of data records >>> import boto >>> ml = boto.connect_machinelearning() >>> model = ml.create_batch_prediction( batch_prediction_id = 'my_batch_prediction’, batch_prediction_data_source_id = ’my_datasource’, ml_model_id = ’my_model', output_uri = 's3://examplebucket/output/’)
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real-time predictions Synchronous, low-latency, high-throughput prediction generation Request through service API, server, or mobile SDKs Best for interaction applications that deal with individual data records >>> import boto >>> ml = boto.connect_machinelearning() >>> ml.predict( ml_model_id = ’my_model', predict_endpoint = ’example_endpoint’, record = {’key1':’value1’, ’key2':’value2’}) { 'Prediction': { 'predictedValue': 13.284348, 'details': { 'Algorithm': 'SGD', 'PredictiveModelType': 'REGRESSION’ } } }
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How – Predict & Protect. Users Attackers EC2 Application WAF Machine: Learn, Predict, Alert, Protect
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning Amazon S3 Amazon Kinesis Firehose AWS WAF Amazon SNS VPC Flow Logs AWS Lambda Amazon Machine Learning
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning - Use Case 1 Test the model and lets rate limit them! http://amzn.to/2yYnsHR
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Build an Amazon Machine Learning Collect & Organize Augment & Enrich Experiment & Learn
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Learning AWS WAF Amazon SNS VPC Flow Logs Amazon Machine Learning Good Traffic? Yes No Within acceptable limits? Yes No Extra Credit: Using multiple ML models
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Expected Outcome. Users Attackers EC2 Application WAF Automated: Analyze, Predict, Alert, Protect
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Don’t Forget: Clean up • Ensure any resources used in this Workshop are terminated • Delete the CloudFormation Stack AND/OR • Terminate EC2 instances • Delete S3 objects • Delete Kinesis Delivery streams/Analytics • Remove Lambda triggers on S3 buckets • Etc. $25 AWS Credits are available at the end of the workshop
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Closing & Questions Please complete the survey!
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU!