SlideShare a Scribd company logo

AWS Security Architecture Week: A Tale of Security & Ops Teamwork

Amazon Web Services
Amazon Web Services

Learn what it takes to accomplish both security and speed in your AWS environment - beyond the basics. We will walk through real-world examples of contention and collaboration points common in organizations running continuous delivery models. Additionally, we’ll offer simple tips for auditing, monitoring and investigating suspicious activity across users, processes, network connections, and file access.

1 of 33
AWS Security Architecture Week A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Agenda ● Quick Introduction ● Define the Problem We’re Solving For ● Framework for Thinking about Security and Operations ○ People ○ Process ○ Tools 2
3 Security That Supports Your Organization’s Business Objectives 4 hours to 4 minutes Real-time Alerting 1 Console for Complex Environments SOC 2, HIPAA, PCI, HITRUST, SOX 404, ISO 27001 Increased Velocity of Your Security Operations Real-time Visibility into Behavior (Who, what, where, when?) Continuous Security Monitoring & Alerting Across Your Environment Continuous Compliance (Automatic controls, policies, & procedures)
Real-Time Host Monitoring Behavior-based monitoring and detection of suspicious events, featuring an out-of-the-box ruleset of alerts for most common security events. 4 Spanning your Data Center and Cloud with One Platform Vulnerability Monitoring Detect systems and packages containing known vulnerabilities and cross-reference against more than two million identified CVEs, automatically categorize them according to security risk. Threat Intelligence Correlation Continuously monitor connections to known bad addresses and receive real-time alerts when these connections occur. Continuous Compliance Achieve compliance criteria across HIPAA, PCI DSS, SOC 2, ISO 27001, and SOX 404 regulations and regularly report/audit relevant activity. Configuration Auditing Scan AWS configurations to ensure the proper security settings have been selected and enabled, while providing an accurate security baseline. Workflow Integrations Increase efficiency with out-of-the-box integrations with popular configuration management and alerting tools, enabling easy collaboration across security and DevOps teams.
6 About Cogito Craig to add
7 About Security at Cogito ● Eliminating agent sprawl: one agent does the work of many (compliance IS possible w/out agent sprawl!) ○ Behavioral intrusion detection ■ Prior research: “Engineering Challenges Doing Intrusion Detection in the Cloud” ○ Data loss and malware detection ○ Each ruleset is between 24-36 rules ● Increasing Security Velocity ○ Slack, JIRA based alert handling ○ “Spacefolding” via pre-aggregated live response data yields a 60-100x increase in velocity
Things that you will never hear... 8
Crop image to fit inside this box “Here’s an award for not letting us get breached.” 9
Crop image to fit inside this box 10 “I get it! That single chart very clearly communicates how much you’ve reduced our risk.”
Crop image to fit inside this box 11 “I don’t mind that you get in my way because it’s protecting our company.”
12 “A breach wouldn’t be that big of a deal.”
13 “Sure, you can buy that tool. To whom should I write the check?”
Ops/DevOps/NoOps! Software Defined Everything! ● Security isn’t allowed to retreat to the perimeter any longer ○ Deployment model isn’t technically feasible ○ This model did very little to secure organizations even in the on prem data center ● Security relies on Operations for: ○ Installing continuous monitoring (agents, AWS IAM, etc.) ○ Remediating risks or active threats ● Operations relies on Security for: ○ Requirements and guidance on how to build secure systems ○ Feedback on where risks or active threats are, and how to remediate them ● This symbiotic relationship depends on a high velocity feedback loop ○ Requires trust, which often requires data ○ Requires organizational investment - often starts with the CEO 14
Ops/DevOps/NoOps! Software Defined Everything! ● Security isn’t allowed to retreat to the perimeter any longer ○ Deployment model isn’t technically feasible ○ This model did very little to secure organizations even in the on prem data center ● Security relies on Operations for: ○ Installing continuous monitoring (agents, AWS IAM, etc.) ○ Remediating risks or active threats ● Operations relies on Security for: ○ Requirements and guidance on how to build secure systems ○ Feedback on where risks or active threats are, and how to remediate them ● This symbiotic relationship depends on a high velocity feedback loop ○ Requires trust, which often requires data ○ Requires organizational investment - often starts with the CEO 15 EVERYONE CANNOT OWN SECURITY, but everyone does have to play a role.
“ 16 Focus on increasing time-to-exfiltration and lowering time-to-discovery. By so doing, hopefully you can stop incidents from becoming breaches. Verizon 2017 DBIR
17 You need all three.
18 Rethinking “People”
Crop image to fit inside this box Don’t Try to Hire Your Way out of Every Problem 19
Crop image to fit inside this box 20 Focus on Building Empathy - Not Rules
Crop image to fit inside this box 21 Integration Goes Way Beyond APIs.
Rethinking “Process” 22
23 Reduce Your Risk by Isolating Failure... Everywhere
Crop image to fit inside this box 24 Think about which communication channels are already working - and leverage them.
Rethinking “Technology” 25
Crop image to fit inside this box 26 Stop trying to retrofit technology that wasn’t built for the cloud.
Crop image to fit inside this box 27 Don’t Connect AWS Directly to Your Office’s Network.
Crop image to fit inside this box 28 Stop trying to build everything yourself.
So where did we land? 29
What about incidents & responding to them?! 30 Everything we’ve talked about supports incident response, making it efficient and more effective.
If you think this is old hat and that it can’t work because it has never worked for you, then it sounds like you’ve already made up your mind and your current employer is paying your past employer’s debts. 31
Where did we land? We landed here 32 1. Leverage the rest of the organization as a force multiplier 2. Everything must be continuous and incremental, which requires automation 3. Embrace the new facts like WAN-only and look for new solutions within them 4. Write more code than policies - bonus points for turning your policies into code
Want to chat some more? 33 Workshop later today Find a Threat Stack team member around the Loft www.threatstack.com Sam @sbisbee Craig @randomuserid Enter to win a $100 amazon gift card at our table!!

Recommended

ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
AWS Storage Stage of Union
AWS Storage Stage of UnionAWS Storage Stage of Union
AWS Storage Stage of UnionAmazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
AWS Security Essentials
AWS Security EssentialsAWS Security Essentials
AWS Security EssentialsAaron Bedra
 

Recommended

ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
AWS Storage Stage of Union
AWS Storage Stage of UnionAWS Storage Stage of Union
AWS Storage Stage of UnionAmazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
AWS Security Essentials
AWS Security EssentialsAWS Security Essentials
AWS Security EssentialsAaron Bedra
 
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit... Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsAmazon Web Services
 
Cloud security
Cloud securityCloud security
Cloud securityFrançois Boucher
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the CloudArmor
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPTAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
AWS Security
AWS Security AWS Security
AWS Security Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
AWS User Group - Security & Compliance
AWS User Group - Security & ComplianceAWS User Group - Security & Compliance
AWS User Group - Security & ComplianceSatish Kumar Natarajan
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-securitykartikaryan4
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
AWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSAWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSSplunk
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAmazon Web Services
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
 

More Related Content

What's hot

Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit... Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsAmazon Web Services
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the CloudArmor
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPTAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
AWS User Group - Security & Compliance
AWS User Group - Security & ComplianceAWS User Group - Security & Compliance
AWS User Group - Security & ComplianceSatish Kumar Natarajan
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-securitykartikaryan4
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
AWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSAWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSSplunk
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAmazon Web Services
 

What's hot (20)

Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit... Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & Controls
 
Cloud security
Cloud securityCloud security
Cloud security
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the Cloud
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
 
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
AWS Security
AWS Security AWS Security
AWS Security
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
 
AWS User Group - Security & Compliance
AWS User Group - Security & ComplianceAWS User Group - Security & Compliance
AWS User Group - Security & Compliance
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-security
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
AWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSAWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWS
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
 

Similar to AWS Security Architecture Week: A Tale of Security & Ops Teamwork

Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
 
Cloud native patterns antipatterns
Cloud native patterns antipatternsCloud native patterns antipatterns
Cloud native patterns antipatternsMartin Stemplinger
 
DevSecOps Days Istanbul 2020 Security Chaos Engineering
DevSecOps Days Istanbul 2020 Security Chaos EngineeringDevSecOps Days Istanbul 2020 Security Chaos Engineering
DevSecOps Days Istanbul 2020 Security Chaos EngineeringAaron Rinehart
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&DChris Dagdigian
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Bemorisson
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityKevin Fealey
 
Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...
Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...
Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...OW2
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Data security in practice
Data security in practiceData security in practice
Data security in practiceAndres Kütt
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop Splunk
 

Similar to AWS Security Architecture Week: A Tale of Security & Ops Teamwork (20)

Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
GRC Dynamics in Securing Cloud
GRC Dynamics in Securing CloudGRC Dynamics in Securing Cloud
GRC Dynamics in Securing Cloud
 
Cloud native patterns antipatterns
Cloud native patterns antipatternsCloud native patterns antipatterns
Cloud native patterns antipatterns
 
DevSecOps Days Istanbul 2020 Security Chaos Engineering
DevSecOps Days Istanbul 2020 Security Chaos EngineeringDevSecOps Days Istanbul 2020 Security Chaos Engineering
DevSecOps Days Istanbul 2020 Security Chaos Engineering
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&D
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Be
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
 
Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...
Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...
Redefine Corporate CyberSecurity Frameworks under "COVID-19" Situations, OW2o...
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Security Architecture Week: A Tale of Security & Ops Teamwork

  • 1. AWS Security Architecture Week A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
  • 2. Agenda ● Quick Introduction ● Define the Problem We’re Solving For ● Framework for Thinking about Security and Operations ○ People ○ Process ○ Tools 2
  • 3. 3 Security That Supports Your Organization’s Business Objectives 4 hours to 4 minutes Real-time Alerting 1 Console for Complex Environments SOC 2, HIPAA, PCI, HITRUST, SOX 404, ISO 27001 Increased Velocity of Your Security Operations Real-time Visibility into Behavior (Who, what, where, when?) Continuous Security Monitoring & Alerting Across Your Environment Continuous Compliance (Automatic controls, policies, & procedures)
  • 4. Real-Time Host Monitoring Behavior-based monitoring and detection of suspicious events, featuring an out-of-the-box ruleset of alerts for most common security events. 4 Spanning your Data Center and Cloud with One Platform Vulnerability Monitoring Detect systems and packages containing known vulnerabilities and cross-reference against more than two million identified CVEs, automatically categorize them according to security risk. Threat Intelligence Correlation Continuously monitor connections to known bad addresses and receive real-time alerts when these connections occur. Continuous Compliance Achieve compliance criteria across HIPAA, PCI DSS, SOC 2, ISO 27001, and SOX 404 regulations and regularly report/audit relevant activity. Configuration Auditing Scan AWS configurations to ensure the proper security settings have been selected and enabled, while providing an accurate security baseline. Workflow Integrations Increase efficiency with out-of-the-box integrations with popular configuration management and alerting tools, enabling easy collaboration across security and DevOps teams.
  • 5.
  • 7. 7 About Security at Cogito ● Eliminating agent sprawl: one agent does the work of many (compliance IS possible w/out agent sprawl!) ○ Behavioral intrusion detection ■ Prior research: “Engineering Challenges Doing Intrusion Detection in the Cloud” ○ Data loss and malware detection ○ Each ruleset is between 24-36 rules ● Increasing Security Velocity ○ Slack, JIRA based alert handling ○ “Spacefolding” via pre-aggregated live response data yields a 60-100x increase in velocity
  • 8. Things that you will never hear... 8
  • 9. Crop image to fit inside this box “Here’s an award for not letting us get breached.” 9
  • 10. Crop image to fit inside this box 10 “I get it! That single chart very clearly communicates how much you’ve reduced our risk.”
  • 11. Crop image to fit inside this box 11 “I don’t mind that you get in my way because it’s protecting our company.”
  • 13. 13 “Sure, you can buy that tool. To whom should I write the check?”
  • 14. Ops/DevOps/NoOps! Software Defined Everything! ● Security isn’t allowed to retreat to the perimeter any longer ○ Deployment model isn’t technically feasible ○ This model did very little to secure organizations even in the on prem data center ● Security relies on Operations for: ○ Installing continuous monitoring (agents, AWS IAM, etc.) ○ Remediating risks or active threats ● Operations relies on Security for: ○ Requirements and guidance on how to build secure systems ○ Feedback on where risks or active threats are, and how to remediate them ● This symbiotic relationship depends on a high velocity feedback loop ○ Requires trust, which often requires data ○ Requires organizational investment - often starts with the CEO 14
  • 15. Ops/DevOps/NoOps! Software Defined Everything! ● Security isn’t allowed to retreat to the perimeter any longer ○ Deployment model isn’t technically feasible ○ This model did very little to secure organizations even in the on prem data center ● Security relies on Operations for: ○ Installing continuous monitoring (agents, AWS IAM, etc.) ○ Remediating risks or active threats ● Operations relies on Security for: ○ Requirements and guidance on how to build secure systems ○ Feedback on where risks or active threats are, and how to remediate them ● This symbiotic relationship depends on a high velocity feedback loop ○ Requires trust, which often requires data ○ Requires organizational investment - often starts with the CEO 15 EVERYONE CANNOT OWN SECURITY, but everyone does have to play a role.
  • 16. “ 16 Focus on increasing time-to-exfiltration and lowering time-to-discovery. By so doing, hopefully you can stop incidents from becoming breaches. Verizon 2017 DBIR
  • 17. 17 You need all three.
  • 19. Crop image to fit inside this box Don’t Try to Hire Your Way out of Every Problem 19
  • 20. Crop image to fit inside this box 20 Focus on Building Empathy - Not Rules
  • 21. Crop image to fit inside this box 21 Integration Goes Way Beyond APIs.
  • 23. 23 Reduce Your Risk by Isolating Failure... Everywhere
  • 24. Crop image to fit inside this box 24 Think about which communication channels are already working - and leverage them.
  • 26. Crop image to fit inside this box 26 Stop trying to retrofit technology that wasn’t built for the cloud.
  • 27. Crop image to fit inside this box 27 Don’t Connect AWS Directly to Your Office’s Network.
  • 28. Crop image to fit inside this box 28 Stop trying to build everything yourself.
  • 29. So where did we land? 29
  • 30. What about incidents & responding to them?! 30 Everything we’ve talked about supports incident response, making it efficient and more effective.
  • 31. If you think this is old hat and that it can’t work because it has never worked for you, then it sounds like you’ve already made up your mind and your current employer is paying your past employer’s debts. 31
  • 32. Where did we land? We landed here 32 1. Leverage the rest of the organization as a force multiplier 2. Everything must be continuous and incremental, which requires automation 3. Embrace the new facts like WAN-only and look for new solutions within them 4. Write more code than policies - bonus points for turning your policies into code
  • 33. Want to chat some more? 33 Workshop later today Find a Threat Stack team member around the Loft www.threatstack.com Sam @sbisbee Craig @randomuserid Enter to win a $100 amazon gift card at our table!!