Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Automation on AWS - AWS Community Day Nordics - 2019-02-19

207 views

Published on

IT is inherently insecure and moving to the cloud could expose your workload to all new kinds of potential risks. However, Amazon Web Services (AWS) provides you with a large set of integrated tools to be just as secure as your on-premises solution.

In this talk you will learn how to combine these built-in tools with serverless technologies to monitor your environment and automatically detect, contain, and remediate security risks on AWS.

About Dennis:
With 25 years in the industry, I have been building software for many clients, ranging from startups to multinational corporations. As a Fellow at codecentric I help my clients transforming their businesses through technology, DevOps practices, and the cloud.

I am also very passionate about the personal aspects of the modern workplace, how it can affect your life, your health and well-being. I share my learnings at conferences and corporate events, writes for various publications, and I'm always happy to discuss new ideas.

If you'd like me to speak at your event about cloud security or cloud in general, or if you have any other questions, please feel free to reach out to me at https://twitter.com/dtraub or at dennis.traub@gmail.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security Automation on AWS - AWS Community Day Nordics - 2019-02-19

  1. 1. Security 
 Automation
 on AWS 
 @dtraub
 Dennis Traub, Fellow at codecentric AG
  2. 2. What management thinks
  3. 3. What it actually looks like
  4. 4. AWS Shared Responsibility Model
  5. 5. What needs to be protected Understand the systems, people, assets, 
 data, and capabilities that need to be protected Protect your assets Implement safeguards to limit or contain 
 the impact of a potential security event Detect incidents Continuously monitor access and changes
 to timely discover potential security events Respond with a plan Take action and contain the impact
 of a potential security event Restore normal operations Recover and restore capabilities or services that were impaired due to an incident NIST Cybersecurity Framework National Institute of Standards and Technology: www.nist.gov
  6. 6. Protect your assets Implement safeguards to limit or contain 
 the impact of a potential security event Detect incidents Continuously monitor access and changes
 to timely discover potential security events Respond with a plan Take action and contain the impact
 of a potential security event Incident Response Automation
  7. 7. PROTECT AWS Identity and Access Management (IAM) AWS Shield AWS Web Application Firewall (WAF) Be proactive: AWS Organizations Amazon Virtual Private Cloud (VPC) Limit the
 blast radius: AWS Key Management Service (KMS) AWS Secrets Manager Encrypt: AWS Certificate Manager (ACM)
  8. 8. DETECT AWS CloudTrail VPC Flow Logs Log everything: Amazon Inspector Amazon Macie Amazon CloudWatch AWS Config Detect changes
 and deviations: Amazon Trusted Advisor Amazon GuardDuty Amazon CloudWatch
  9. 9. RESPOND Amazon Simple Notification Service (SNS) Notify: CloudWatch Alarms CloudWatch Events AWS Lambda AWS Step Functions Automatically
 respond: AWS Systems Manager
  10. 10. Security Automation on AWS CloudTrail Detect: Config Lambda GuardDuty CloudWatch Respond: Step Functions Systems Manager . . . . . . Alert:
  11. 11. Examples
  12. 12. Amazon CloudTrail Amazon CloudTrail Log, monitor, and retain activity 
 in your AWS account Provides event history of your AWS 
 account activity Includes actions taken through the 
 Management Console, SDKs, command 
 line tools, and other AWS services
  13. 13. Scenario 1: CloudTrail Logging Disabled CloudTrail re-enable
 logging re-enable
 logging Detect RespondAlert Lambda Security Topic Email Notification invoke
 function publish
 message CloudWatch
 Events Rule logging
 disabled
  14. 14. AWS Config AWS
 Config Continuously records resource changes Checks compliance with desired configuration 
 using pre-built and custom rules Can also monitor EC2 instance configuration
 (OS patches, installed applications, network
 configuration, etc. with EC2 systems manager
  15. 15. Scenario 2: Firewall Rule Disabled AWS Config Detect RespondAlert Lambda Security Topic Email Notification invoke
 function publish
 message Network ACL port 22 opened to 0.0.0.0/0 undo
 changes CloudWatch
 Events Rule compliance
 violation
  16. 16. Amazon GuardDuty Amazon GuardDuty Continuously monitors account for 
 malicious or unauthorized behavior. Intelligently detects potentially compromised 
 instances or reconnaissance attempts. Delivers detailed security alerts to the 
 GuardDuty console and CloudWatch Events.
  17. 17. Amazon GuardDuty Finding Types
  18. 18. Amazon GuardDuty Finding
  19. 19. . . . Scenario 3: GuardDuty Finding CloudWatch
 Events Rule finding
 detected GuardDuty Email Notification analyze finding Security Topic invoke
 function publish
 message . . . . . . Detect RespondAlert
  20. 20. Demo: CloudTrail Disabled
  21. 21. Scenario 1: CloudTrail Logging Disabled CloudTrail re-enable
 logging re-enable
 logging Detect RespondAlert Lambda Security Topic Email Notification invoke
 function publish
 message CloudWatch
 Events Rule logging
 disabled
  22. 22. Security Automation on AWS CloudTrail Detect: Config Lambda GuardDuty CloudWatch Respond: Step Functions Systems Manager . . . . . . Alert:
  23. 23. The Cloud helps us to get from here …
  24. 24. … to there.
  25. 25. Thank you! 
 @dtraub
 Dennis Traub, Fellow at codecentric AG

×