SlideShare a Scribd company logo

Session Sponsored by Dome9:Innovating IAM Protection for AWS

Amazon Web Services
Amazon Web Services

Innovating IAM Protection for AWS. Protecting your IAM users and roles is mission #1 for security professionals and DevOps alike. The challenge become more complex when adding multiple AWS accounts, many users, and a growing list of local and cross account roles. By utilising an innovative IAM protection solution, you can successfully defend your AWS cloud from new threats in the software defined data center realm. In this 30 min session you will learn: - How to identify and map out potential IAM risk factors and attack vectors. - How to prevent potentially irreversible and dangerous activities over your AWS accounts directly from your mobile device. - How to ultimately defend your AWS investment from compromised credentials and malicious insiders that can wreak havoc on your business.

Technology
1 of 17
Taking IAM protection to the next level with Dome9
Quick poll Is it possible that one of your AWS users or team members will have their credentials compromised sometime in the future? What if this compromised account belongs to a privileged user?
What is this session about? IAM best practices and core principles that will allow you to prepare in advance for extreme scenarios
Why IAM? Why this session? 30 years of isolated IT islands are converging now into a software defined data center. AWS IAM policy governs that converged IT and becomes the single most critical security policy in your organization.
About me Adam Neale Product Manager at Dome9 and COO at EB2BCOM Over 20 years IT sales and consulting experience working for companies such as Novell, Quest, Cisco, and Citrix. Dome9 is an AWS Advanced Technology partner with AWS Security Competency focusing on Network Security and IAM protection
To our user... In a software defined world a compromised privileged user account can mean: Data theft - cloning databases, S3 buckets, files DNS hijacking - redirecting traffic to rogue sites Deleting / encrypting data, infrastructure, encryption keys, backups Managing users - preventing legit admins from accessing their environments, adding new accounts
Our user is already fatally compromised, but you don't have to be. Let's take a trip back in our time machine to see what we could have done differently...
2 main courses of actions 1. Preventative actions 2. Detection and containment measures We need them both!
Preventative Measures (1) • Create and use IAM users instead of your root account • Enable multi-factor authentication (MFA) for all users • Configure a strong password policy • Rotate security credentials regularly • Remove unused security credentials that are not needed
Preventative Measures (2) • Use IAM roles to share access: • For EC2 instances (and other AWS services) • For multi-account / federated access scenarios • For 3rd party service providers • Manage permissions with groups
Detection & Containment • Enable AWS CloudTrail to get logs of API calls • Grant least privilege • Restrict privileged access further with policy conditions • Use multiple AWS accounts to segregate between dev/test/prod and between different sub-systems with different security requirements
Still, something is missing... Adversaries constantly target our users One of our users will eventually make a mistake Someone will break in A new breed of solution is needed
Meet Dome9 IAM Safe Dome9 IAM Safe is an AWS IAM Dynamic Authorization solution, providing protection and detection against malicious cloud control plane attacks and unintentional privileged user errors.
IAM Safe Added layer of IAM protection Prevents accidental or malicious invocation of risky actions “Just In time” authorization Out of band authorization via mobile application Multiple AWS accounts & regions SaaS delivered
IAM Safe Demonstration
Containing the Blast Radius Because IAM Safe users work at a lesser privilege day-to-day, the results of stolen credentials & compromises are limited to non- catastrophic actions. IAM Safe ensures that the riskiest AWS operations (as deemed by you) cannot be executed without Dome9 IAM Safe multi-factor authorization. Not all workloads are equal! Leverage the power of AWS IAM policy language to define specific actions and add conditions based on sensitivity, tags, etc...
Summary IAM is critical for AWS Security Apply AWS best practices Utilize the breadth of AWS partners ecosystem to take your posture to the next level The moment of the breach is too late - take ownership regarding your future and start preparing now!

Recommended

ppt
pptppt
pptnorththomson
 
Hollywood vs Silicon Valley: Open Video als Vermittler
Hollywood vs Silicon Valley: Open Video als VermittlerHollywood vs Silicon Valley: Open Video als Vermittler
Hollywood vs Silicon Valley: Open Video als VermittlerBertram Gugel
 
Lennon Imagine
Lennon ImagineLennon Imagine
Lennon Imaginesoclarale
 
Fornitures de rellotge
Fornitures de rellotgeFornitures de rellotge
Fornitures de rellotgemarblocs
 
Pc K3b
Pc K3bPc K3b
Pc K3bkumee
 
Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15
Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15
Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15Bertram Gugel
 
AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...Amazon Web Services
 
MC396 Presentation
MC396 PresentationMC396 Presentation
MC396 Presentationsomethingtochewon
 

Recommended

ppt
pptppt
pptnorththomson
 
Hollywood vs Silicon Valley: Open Video als Vermittler
Hollywood vs Silicon Valley: Open Video als VermittlerHollywood vs Silicon Valley: Open Video als Vermittler
Hollywood vs Silicon Valley: Open Video als VermittlerBertram Gugel
 
Lennon Imagine
Lennon ImagineLennon Imagine
Lennon Imaginesoclarale
 
Fornitures de rellotge
Fornitures de rellotgeFornitures de rellotge
Fornitures de rellotgemarblocs
 
Pc K3b
Pc K3bPc K3b
Pc K3bkumee
 
Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15
Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15
Flüchtige Macht? YouTube im Kreuzfeuer - Facebook & Co greifen an #rp15 #mcb15Bertram Gugel
 
AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...Amazon Web Services
 
MC396 Presentation
MC396 PresentationMC396 Presentation
MC396 Presentationsomethingtochewon
 
教案與教材設計
教案與教材設計教案與教材設計
教案與教材設計Haishuo's Learning Studio
 
Leveraging On-Demand Compensation Management In A Global Environment
Leveraging On-Demand Compensation Management In A Global EnvironmentLeveraging On-Demand Compensation Management In A Global Environment
Leveraging On-Demand Compensation Management In A Global EnvironmentCallidus Software
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAmazon Web Services
 
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitaliGiuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitaliAndrea Rossetti
 
GreeNet Conceptual Design Presentation - 2minutes madness
GreeNet Conceptual Design Presentation - 2minutes madness GreeNet Conceptual Design Presentation - 2minutes madness
GreeNet Conceptual Design Presentation - 2minutes madness jin.fan
 
Essersvius3
Essersvius3Essersvius3
Essersvius3marblocs
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithmguestfbf1e1
 
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...Andrea Rossetti
 
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4W
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4WMigrer vers PMB: retour d\'expérience d\'une migration depuis S4W
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4WPMB-BUG
 
Tsukiji Fish Market
Tsukiji Fish MarketTsukiji Fish Market
Tsukiji Fish MarketAlan Doherty
 
Modelli di governance dell'innovazione territoriale
Modelli di governance dell'innovazione territorialeModelli di governance dell'innovazione territoriale
Modelli di governance dell'innovazione territorialejexxon
 
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMGAndrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMGAndrea Rossetti
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTguestfbf1e1
 
Mt Campbell
Mt CampbellMt Campbell
Mt Campbellmrpc
 
MEDINS Multimedia Labs
MEDINS Multimedia LabsMEDINS Multimedia Labs
MEDINS Multimedia Labsjexxon
 
Insectes2
Insectes2Insectes2
Insectes2marblocs
 
Podcamp Pittsburgh Keynote
Podcamp Pittsburgh KeynotePodcamp Pittsburgh Keynote
Podcamp Pittsburgh KeynoteJeremy Fuksa
 
Comet: Making The Web a 2-Way Medium
Comet: Making The Web a 2-Way MediumComet: Making The Web a 2-Way Medium
Comet: Making The Web a 2-Way MediumJoe Walker
 
Ya aprendimos - Coalicion civica
Ya aprendimos - Coalicion civicaYa aprendimos - Coalicion civica
Ya aprendimos - Coalicion civicafasu
 
Sketch Flow Overview
Sketch Flow OverviewSketch Flow Overview
Sketch Flow OverviewMartha Rotter
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 

More Related Content

Viewers also liked

Leveraging On-Demand Compensation Management In A Global Environment
Leveraging On-Demand Compensation Management In A Global EnvironmentLeveraging On-Demand Compensation Management In A Global Environment
Leveraging On-Demand Compensation Management In A Global EnvironmentCallidus Software
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAmazon Web Services
 
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitaliGiuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitaliAndrea Rossetti
 
GreeNet Conceptual Design Presentation - 2minutes madness
GreeNet Conceptual Design Presentation - 2minutes madness GreeNet Conceptual Design Presentation - 2minutes madness
GreeNet Conceptual Design Presentation - 2minutes madness jin.fan
 
Essersvius3
Essersvius3Essersvius3
Essersvius3marblocs
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithmguestfbf1e1
 
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...Andrea Rossetti
 
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4W
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4WMigrer vers PMB: retour d\'expérience d\'une migration depuis S4W
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4WPMB-BUG
 
Tsukiji Fish Market
Tsukiji Fish MarketTsukiji Fish Market
Tsukiji Fish MarketAlan Doherty
 
Modelli di governance dell'innovazione territoriale
Modelli di governance dell'innovazione territorialeModelli di governance dell'innovazione territoriale
Modelli di governance dell'innovazione territorialejexxon
 
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMGAndrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMGAndrea Rossetti
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTguestfbf1e1
 
Mt Campbell
Mt CampbellMt Campbell
Mt Campbellmrpc
 
MEDINS Multimedia Labs
MEDINS Multimedia LabsMEDINS Multimedia Labs
MEDINS Multimedia Labsjexxon
 
Podcamp Pittsburgh Keynote
Podcamp Pittsburgh KeynotePodcamp Pittsburgh Keynote
Podcamp Pittsburgh KeynoteJeremy Fuksa
 
Comet: Making The Web a 2-Way Medium
Comet: Making The Web a 2-Way MediumComet: Making The Web a 2-Way Medium
Comet: Making The Web a 2-Way MediumJoe Walker
 
Ya aprendimos - Coalicion civica
Ya aprendimos - Coalicion civicaYa aprendimos - Coalicion civica
Ya aprendimos - Coalicion civicafasu
 
Sketch Flow Overview
Sketch Flow OverviewSketch Flow Overview
Sketch Flow OverviewMartha Rotter
 

Viewers also liked (20)

教案與教材設計
教案與教材設計教案與教材設計
教案與教材設計
 
Leveraging On-Demand Compensation Management In A Global Environment
Leveraging On-Demand Compensation Management In A Global EnvironmentLeveraging On-Demand Compensation Management In A Global Environment
Leveraging On-Demand Compensation Management In A Global Environment
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the Cloud
 
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitaliGiuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
Giuseppe Vaciago, Privacy e cloud computing nelle investigazioni digitali
 
GreeNet Conceptual Design Presentation - 2minutes madness
GreeNet Conceptual Design Presentation - 2minutes madness GreeNet Conceptual Design Presentation - 2minutes madness
GreeNet Conceptual Design Presentation - 2minutes madness
 
Essersvius3
Essersvius3Essersvius3
Essersvius3
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithm
 
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
Sveva Avveduto, Gli italiani nella rete. Un popolo di "naviganti" nella soci...
 
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4W
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4WMigrer vers PMB: retour d\'expérience d\'une migration depuis S4W
Migrer vers PMB: retour d\'expérience d\'une migration depuis S4W
 
Tsukiji Fish Market
Tsukiji Fish MarketTsukiji Fish Market
Tsukiji Fish Market
 
Modelli di governance dell'innovazione territoriale
Modelli di governance dell'innovazione territorialeModelli di governance dell'innovazione territoriale
Modelli di governance dell'innovazione territoriale
 
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMGAndrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
Andrea Cavalloni, Digital Rights Management: Il caso Sony-BMG
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
 
Mt Campbell
Mt CampbellMt Campbell
Mt Campbell
 
MEDINS Multimedia Labs
MEDINS Multimedia LabsMEDINS Multimedia Labs
MEDINS Multimedia Labs
 
Insectes2
Insectes2Insectes2
Insectes2
 
Podcamp Pittsburgh Keynote
Podcamp Pittsburgh KeynotePodcamp Pittsburgh Keynote
Podcamp Pittsburgh Keynote
 
Comet: Making The Web a 2-Way Medium
Comet: Making The Web a 2-Way MediumComet: Making The Web a 2-Way Medium
Comet: Making The Web a 2-Way Medium
 
Ya aprendimos - Coalicion civica
Ya aprendimos - Coalicion civicaYa aprendimos - Coalicion civica
Ya aprendimos - Coalicion civica
 
Sketch Flow Overview
Sketch Flow OverviewSketch Flow Overview
Sketch Flow Overview
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Session Sponsored by Dome9:Innovating IAM Protection for AWS

  • 1. Taking IAM protection to the next level with Dome9
  • 2. Quick poll Is it possible that one of your AWS users or team members will have their credentials compromised sometime in the future? What if this compromised account belongs to a privileged user?
  • 3. What is this session about? IAM best practices and core principles that will allow you to prepare in advance for extreme scenarios
  • 4. Why IAM? Why this session? 30 years of isolated IT islands are converging now into a software defined data center. AWS IAM policy governs that converged IT and becomes the single most critical security policy in your organization.
  • 5. About me Adam Neale Product Manager at Dome9 and COO at EB2BCOM Over 20 years IT sales and consulting experience working for companies such as Novell, Quest, Cisco, and Citrix. Dome9 is an AWS Advanced Technology partner with AWS Security Competency focusing on Network Security and IAM protection
  • 6. To our user... In a software defined world a compromised privileged user account can mean: Data theft - cloning databases, S3 buckets, files DNS hijacking - redirecting traffic to rogue sites Deleting / encrypting data, infrastructure, encryption keys, backups Managing users - preventing legit admins from accessing their environments, adding new accounts
  • 7. Our user is already fatally compromised, but you don't have to be. Let's take a trip back in our time machine to see what we could have done differently...
  • 8. 2 main courses of actions 1. Preventative actions 2. Detection and containment measures We need them both!
  • 9. Preventative Measures (1) • Create and use IAM users instead of your root account • Enable multi-factor authentication (MFA) for all users • Configure a strong password policy • Rotate security credentials regularly • Remove unused security credentials that are not needed
  • 10. Preventative Measures (2) • Use IAM roles to share access: • For EC2 instances (and other AWS services) • For multi-account / federated access scenarios • For 3rd party service providers • Manage permissions with groups
  • 11. Detection & Containment • Enable AWS CloudTrail to get logs of API calls • Grant least privilege • Restrict privileged access further with policy conditions • Use multiple AWS accounts to segregate between dev/test/prod and between different sub-systems with different security requirements
  • 12. Still, something is missing... Adversaries constantly target our users One of our users will eventually make a mistake Someone will break in A new breed of solution is needed
  • 13. Meet Dome9 IAM Safe Dome9 IAM Safe is an AWS IAM Dynamic Authorization solution, providing protection and detection against malicious cloud control plane attacks and unintentional privileged user errors.
  • 14. IAM Safe Added layer of IAM protection Prevents accidental or malicious invocation of risky actions “Just In time” authorization Out of band authorization via mobile application Multiple AWS accounts & regions SaaS delivered
  • 16. Containing the Blast Radius Because IAM Safe users work at a lesser privilege day-to-day, the results of stolen credentials & compromises are limited to non- catastrophic actions. IAM Safe ensures that the riskiest AWS operations (as deemed by you) cannot be executed without Dome9 IAM Safe multi-factor authorization. Not all workloads are equal! Leverage the power of AWS IAM policy language to define specific actions and add conditions based on sensitivity, tags, etc...
  • 17. Summary IAM is critical for AWS Security Apply AWS best practices Utilize the breadth of AWS partners ecosystem to take your posture to the next level The moment of the breach is too late - take ownership regarding your future and start preparing now!