SlideShare a Scribd company logo

SID304 Threat Detection and Remediation with Amazon GuardDuty

Amazon Web Services
Amazon Web Services

Join us for this hands-on lab where you learn about Amazon GuardDuty by walking through some real-world threat scenarios. Learn about the threat detection capabilities of GuardDuty and the available remediation options. We first go through a scenario where an Amazon EC2 instance is compromised, followed by one where IAM credentials are compromised. In each scenario, we look at a method to remediate the threat. We use the following services: AWS CloudFormation, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch events, Amazon SNS, Amazon S3, AWS Lambda, and, of course, Amazon GuardDuty. Be sure you have an AWS account to do the lab. This should be your own personal account and not an account through your company. We provide AWS credits to help cover any costs incurred during the lab.

1 of 24
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Greg McConnel Security Solutions Architect Jesse Fuchs Security Solutions Architect SID304 Threat Detection and Remediation with Amazon GuardDuty
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Introduction to GuardDuty - 20 min • Intro to Lab 1 - 10 min • Lab 1 – Discovery & Remediation – EC2 - 35 min • Intro to Lab 2 - 10 min • Lab 2 – Discovery & Remediation – IAM - 40 min • Summary & Closing - 5 min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Introduction Quick intro – very quick, I promise …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Role Playing Demo
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Now some slides!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. You Never Know What You’ll Find Vs.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Detection Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Detection
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Summary AWS Accounts Threat Detection Types Data Sources Findings Trusted & Threat IP Lists Pricing
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty Updates and Resources 12 new detections! https://aws.amazon.com/blogs/security/why-we-reduce-complexity-and-rapidly- iterate-on-amazon-guardduty-twelve-new-detections-added/ All findings: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html GuardDuty to Slack Integration: https://github.com/aws-samples/amazon- guardduty-to-slack Multi Account script: https://github.com/aws-samples/amazon-guardduty- multiaccount-scripts GuardDuty Testing Scripts: https://github.com/awslabs/amazon-guardduty-tester
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions • How soon before enabling GuardDuty do you need to enable VPC Flow Logs? • Which services does GuardDuty report findings on? • Which services can you remediate threats found by GuardDuty? • How can you calculate the cost of GuardDuty? • What performance impact does GuardDuty have on your account if you have more than 100 VPCs?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab http://lab.gregmcconnel.net/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 1 http://lab.gregmcconnel.net/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 1 The first lab will generate GuardDuty findings when an EC2 instance attempts to connect to an IP in a customer Threat List. We will assume this instance is compromised and isolate it using a Security Group. Here are the steps: • Environment Setup – Create Elastic IP address, and add this to a Custom Threat List. Run an AWS CloudFormation template. • Attack Simulation – In the background, the ”Compromised” instance will connect with the “Malicious” instance, generating GuardDuty findings. • Remediation – A Lambda function will be added that will remove the ”Compromised” instance from its current security group and add it to one with no Ingress or Egress rule. • Extra Credit – Enhance the Lambda function to take additional actions on the ”Compromised” instance.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 1 Part 1
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 1 Part 2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 2 http://lab.gregmcconnel.net/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 2 For the second lab, you will be focused on generating and remediating GuardDuty findings related to compromised IAM credentials. Below are the steps you’ll be walking through: • Environment Setup – Run the AWS CloudFormation template and create the additional resources. • Attack Simulation – Set up a profile for stolen EC2 credentials, and use the AWS CLI to see what you have access to. • Remediation – Review the auto remediation Lambda function and other recommended remediations. Answer questions related to how you would remediate these within your own company. • Extra Credit – Enhance the Lambda function to output a more granular alert, process other GuardDuty findings, or rotate Instance Profiles to limit downtime of an application.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab Discussion
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Next Steps Enable GuardDuty – Monitor the cost and findings during the 30-day no- cost trial period. Assess after 30 days where GuardDuty will sit in your overall security strategy. https://aws.amazon.com/guardduty/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
Submit Session Feedback 1. Tap the Schedule icon. 2. Select the session you attended. 3. Tap Session Evaluation to submit your feedback.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!

Recommended

SRV313 Introduction to Building Web Apps on AWS
SRV313 Introduction to Building Web Apps on AWS SRV313 Introduction to Building Web Apps on AWS
SRV313 Introduction to Building Web Apps on AWSAmazon Web Services
 
SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWS SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWSAmazon Web Services
 
SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser...
SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser... SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser...
SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser...Amazon Web Services
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Amazon Web Services
 
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Amazon Web Services
 
SRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKSSRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKSAmazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
 

Recommended

SRV313 Introduction to Building Web Apps on AWS
SRV313 Introduction to Building Web Apps on AWS SRV313 Introduction to Building Web Apps on AWS
SRV313 Introduction to Building Web Apps on AWSAmazon Web Services
 
SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWS SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWSAmazon Web Services
 
SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser...
SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser... SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser...
SRV327 Replicate, Analyze, and Visualize Data Using Managed Database and Ser...Amazon Web Services
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Amazon Web Services
 
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...
Hands-On: Building a Migration Strategy for SQL Server on AWS (WIN310) - AWS ...Amazon Web Services
 
SRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKSSRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKSAmazon Web Services
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
 
Deep dive - AWS Fargate
Deep dive - AWS FargateDeep dive - AWS Fargate
Deep dive - AWS FargateAmazon Web Services
 
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...Amazon Web Services
 
SRV314 Containerized App Development with AWS Fargate
SRV314 Containerized App Development with AWS FargateSRV314 Containerized App Development with AWS Fargate
SRV314 Containerized App Development with AWS FargateAmazon Web Services
 
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech TalksAnalyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech TalksAmazon Web Services
 
Replicate and Manage Data Using Managed Databases and Serverless Technologies
Replicate and Manage Data Using Managed Databases and Serverless Technologies Replicate and Manage Data Using Managed Databases and Serverless Technologies
Replicate and Manage Data Using Managed Databases and Serverless Technologies Amazon Web Services
 
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018Amazon Web Services
 
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceAmazon Web Services
 
ENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSAmazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon Web Services
 
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...Amazon Web Services
 
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right JobAmazon Web Services
 
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...Amazon Web Services
 
Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Amazon Web Services
 
Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Amazon Web Services
 
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...Amazon Web Services
 
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Amazon Web Services
 
BDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSBDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSAmazon Web Services
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Amazon Web Services
 
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018Amazon Web Services
 
Module 4 - AWSome Day Online Conference 2018
Module 4 - AWSome Day Online Conference 2018Module 4 - AWSome Day Online Conference 2018
Module 4 - AWSome Day Online Conference 2018Amazon Web Services
 
Amazon guard duty_lab
Amazon guard duty_labAmazon guard duty_lab
Amazon guard duty_labBela Sojina MBA, PMP
 
Amazon guard duty_lab
Amazon guard duty_labAmazon guard duty_lab
Amazon guard duty_labBela Sojina MBA, PMP
 

More Related Content

What's hot

Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...Amazon Web Services
 
SRV314 Containerized App Development with AWS Fargate
SRV314 Containerized App Development with AWS FargateSRV314 Containerized App Development with AWS Fargate
SRV314 Containerized App Development with AWS FargateAmazon Web Services
 
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech TalksAnalyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech TalksAmazon Web Services
 
Replicate and Manage Data Using Managed Databases and Serverless Technologies
Replicate and Manage Data Using Managed Databases and Serverless Technologies Replicate and Manage Data Using Managed Databases and Serverless Technologies
Replicate and Manage Data Using Managed Databases and Serverless Technologies Amazon Web Services
 
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018Amazon Web Services
 
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceAmazon Web Services
 
ENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSAmazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon Web Services
 
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...Amazon Web Services
 
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right JobAmazon Web Services
 
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...Amazon Web Services
 
Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Amazon Web Services
 
Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Amazon Web Services
 
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...Amazon Web Services
 
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Amazon Web Services
 
BDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSBDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSAmazon Web Services
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Amazon Web Services
 
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018Amazon Web Services
 
Module 4 - AWSome Day Online Conference 2018
Module 4 - AWSome Day Online Conference 2018Module 4 - AWSome Day Online Conference 2018
Module 4 - AWSome Day Online Conference 2018Amazon Web Services
 

What's hot (20)

Deep dive - AWS Fargate
Deep dive - AWS FargateDeep dive - AWS Fargate
Deep dive - AWS Fargate
 
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
Building Serverless Analytics Solutions with Amazon QuickSight (ANT391) - AWS...
 
SRV314 Containerized App Development with AWS Fargate
SRV314 Containerized App Development with AWS FargateSRV314 Containerized App Development with AWS Fargate
SRV314 Containerized App Development with AWS Fargate
 
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech TalksAnalyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
Analyze your Data Lake, Fast @ Any Scale - AWS Online Tech Talks
 
Replicate and Manage Data Using Managed Databases and Serverless Technologies
Replicate and Manage Data Using Managed Databases and Serverless Technologies Replicate and Manage Data Using Managed Databases and Serverless Technologies
Replicate and Manage Data Using Managed Databases and Serverless Technologies
 
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018
 
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
 
ENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWSENT208 Transform your Business with VMware Cloud on AWS
ENT208 Transform your Business with VMware Cloud on AWS
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and Remediation
 
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
Accelerating Containerized Workloads with Amazon EC2 Spot Instances - AWS Onl...
 
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
SRV309 AWS Purpose-Built Database Strategy: The Right Tool for the Right Job
 
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
Lifecycle Management of Amazon WorkSpaces Using the AWS Service Catalog Conne...
 
Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics
 
Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018
 
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
Resiliency Testing: Verify That Your System Is as Reliable as You Think (ARC4...
 
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
Securing Container Workloads on AWS Fargate (CON316-R1) - AWS re:Invent 2018
 
BDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSBDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWS
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
 
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
A Deep Dive into What's New with Amazon EMR (ANT340-R1) - AWS re:Invent 2018
 
Module 4 - AWSome Day Online Conference 2018
Module 4 - AWSome Day Online Conference 2018Module 4 - AWSome Day Online Conference 2018
Module 4 - AWSome Day Online Conference 2018
 

Similar to SID304 Threat Detection and Remediation with Amazon GuardDuty

Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Amazon Web Services
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Amazon Web Services
 
Threat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopThreat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopAmazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Amazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018Amazon Web Services
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Teri Radichel
 
Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...Amazon Web Services
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksAmazon Web Services
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your FirewallAmazon Web Services
 

Similar to SID304 Threat Detection and Remediation with Amazon GuardDuty (20)

Amazon guard duty_lab
Amazon guard duty_labAmazon guard duty_lab
Amazon guard duty_lab
 
Amazon guard duty_lab
Amazon guard duty_labAmazon guard duty_lab
Amazon guard duty_lab
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
 
Threat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopThreat Detection & Remediation Workshop
Threat Detection & Remediation Workshop
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
 
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018
 
Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your Firewall
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

SID304 Threat Detection and Remediation with Amazon GuardDuty

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Greg McConnel Security Solutions Architect Jesse Fuchs Security Solutions Architect SID304 Threat Detection and Remediation with Amazon GuardDuty
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Introduction to GuardDuty - 20 min • Intro to Lab 1 - 10 min • Lab 1 – Discovery & Remediation – EC2 - 35 min • Intro to Lab 2 - 10 min • Lab 2 – Discovery & Remediation – IAM - 40 min • Summary & Closing - 5 min
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Introduction Quick intro – very quick, I promise …
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Role Playing Demo
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Now some slides!
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. You Never Know What You’ll Find Vs.
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Detection Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Detection
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Summary AWS Accounts Threat Detection Types Data Sources Findings Trusted & Threat IP Lists Pricing
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty Updates and Resources 12 new detections! https://aws.amazon.com/blogs/security/why-we-reduce-complexity-and-rapidly- iterate-on-amazon-guardduty-twelve-new-detections-added/ All findings: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html GuardDuty to Slack Integration: https://github.com/aws-samples/amazon- guardduty-to-slack Multi Account script: https://github.com/aws-samples/amazon-guardduty- multiaccount-scripts GuardDuty Testing Scripts: https://github.com/awslabs/amazon-guardduty-tester
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions • How soon before enabling GuardDuty do you need to enable VPC Flow Logs? • Which services does GuardDuty report findings on? • Which services can you remediate threats found by GuardDuty? • How can you calculate the cost of GuardDuty? • What performance impact does GuardDuty have on your account if you have more than 100 VPCs?
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab http://lab.gregmcconnel.net/
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 1 http://lab.gregmcconnel.net/
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 1 The first lab will generate GuardDuty findings when an EC2 instance attempts to connect to an IP in a customer Threat List. We will assume this instance is compromised and isolate it using a Security Group. Here are the steps: • Environment Setup – Create Elastic IP address, and add this to a Custom Threat List. Run an AWS CloudFormation template. • Attack Simulation – In the background, the ”Compromised” instance will connect with the “Malicious” instance, generating GuardDuty findings. • Remediation – A Lambda function will be added that will remove the ”Compromised” instance from its current security group and add it to one with no Ingress or Egress rule. • Extra Credit – Enhance the Lambda function to take additional actions on the ”Compromised” instance.
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 1 Part 1
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 1 Part 2
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 2 http://lab.gregmcconnel.net/
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 2 For the second lab, you will be focused on generating and remediating GuardDuty findings related to compromised IAM credentials. Below are the steps you’ll be walking through: • Environment Setup – Run the AWS CloudFormation template and create the additional resources. • Attack Simulation – Set up a profile for stolen EC2 credentials, and use the AWS CLI to see what you have access to. • Remediation – Review the auto remediation Lambda function and other recommended remediations. Answer questions related to how you would remediate these within your own company. • Extra Credit – Enhance the Lambda function to output a more granular alert, process other GuardDuty findings, or rotate Instance Profiles to limit downtime of an application.
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab 2
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Lab Discussion
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty Next Steps Enable GuardDuty – Monitor the cost and findings during the 30-day no- cost trial period. Assess after 30 days where GuardDuty will sit in your overall security strategy. https://aws.amazon.com/guardduty/
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
  • 23. Submit Session Feedback 1. Tap the Schedule icon. 2. Select the session you attended. 3. Tap Session Evaluation to submit your feedback.
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!