Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

nVisium Webinar - AWS re:Invent re:Cap 2018 Panel Discussion

142 views

Published on

In this webinar, nVisium hosted a panel discussion to debrief AWS re:Invent 2018. Panelists from nVisium and Kenna Security discussed the latest AWS security announcements, trends, and AWS security topics to be on the lookout for in 2019.

The panel included Jerry Gamblin, Principal Security Engineer at Kenna Security, John Poulin, Director of Engineering at nVisium, and Jonn Callahan, Principal Security Consultant and AWS Security Lead at nVisium.

Published in: Software
  • //DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... //DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • .DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... .DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... .DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... .DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... .DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... .DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... .DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

nVisium Webinar - AWS re:Invent re:Cap 2018 Panel Discussion

  1. 1. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com AWS re:Invent re:Cap December 5, 2018
  2. 2. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com WHO WE ARE Jerry Gamblin Principal Security Engineer, Kenna Security @JGamblin John Poulin Director of Engineering, nVisium @forced_request Jonn Callahan Principal Security Consultant & AWS Security Lead, nVisium @JonnCallahan
  3. 3. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com About nVisium & Kenna Security
  4. 4. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
  5. 5. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
  6. 6. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub • Integrates with: – Amazon GuardDuty – Amazon Inspector – Amazon Macie • Performs Automatic CIS Benchmark scanning
  7. 7. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
  8. 8. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Security Hub Talks • Introduction to AWS Security Hub (SEC397)
  9. 9. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3
  10. 10. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 • 2nd Oldest AWS Service (Circa 2006) • Rich history of Access Control failures – Publicly Readable/Listable S3 Buckets • Popular for content delivery
  11. 11. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 (the new) • Public Access Settings • AWS Transfer for SFTP • Intelligent-Tiering • S3 Object Lock
  12. 12. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Public Access – Control public settings for accounts
  13. 13. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – SFTP – Create an S3-backed SFTP Server – Select Identity Provider for access control
  14. 14. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Intelligent Tiering – Switches between Standard / Infrequently Accessed – Select Identity Provider for access control
  15. 15. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – S3 Object Lock – Prevent Removal/Modification of Object – Governance/Compliance Modes dictate who can modify the data – Enabled at Bucket level during creation
  16. 16. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Best Practices • Review Bucket ACLs (legacy) • Review Bucket Policies • Enable Server and Object-level Logging • Encrypt Files • Utilize Versioning
  17. 17. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 Talks • Best Practices to Secure Data Lake on AWS (ANT327) • AWS Transfer for SFTP, a Fully Managed SFTP Service (STG326)
  18. 18. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Serverless
  19. 19. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda • Lambda Layers • Lambda Custom Runtime • Firecracker • Lambda + Application Load Balancer
  20. 20. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Layers • Integrate Libraries / Dependencies with Lambda functions • Up to 5 Layers per function • Cannot exceed (unzipped) package size: 250MB • Supports public layers
  21. 21. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Layers
  22. 22. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Custom Runtimes • Add custom runtime as a Layer • Published Implementations: C++ and Rust • Ruby added as native runtime
  23. 23. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Custom Runtimes
  24. 24. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Firecracker • Lightweight MicroVM • Powering AWS Lambda and AWS Fargate • Open Source Project – https://github.com/firecracker- microvm/firecracker • Available on .metal instances, and on- prem bare metal servers
  25. 25. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Application Load Balancer • Lambda triggered via ALB • Process HTTP(S) reqs via a serverless arch • Great for green/blue hybrid arch migration • Health checks + failover meets serverless
  26. 26. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Best Practices • Manually set timeouts when calling external services depending on how much exec time is left for the Lambda • Reserved concurrency • Avoid recursion (99% of the time, anyway) • Take care calling invoke + invoke_async with user-provided data • Pre-warming (but pre-mature optimization should be avoided)
  27. 27. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Serverless Talks • A Serverless Journey: AWS Lambda Under the Hood (SRV409) • Applying Principles of Chaos Engineering to Serverless (DVC305)
  28. 28. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com AWS RE:INFORCE
  29. 29. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Questions? • Q&A • Slides and recommended talks will be made available after this webinar.
  30. 30. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Contact Us • nVisium Contact Info: – https://www.nVisium.com – contact@nvisium.com – @nVisium • Kenna Security Contact Info: – https://www.kennasecurity.com/ – hello@kennasecurity.com – @KennaSecurity

×