Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

Do you REALLY know what is going on in your AWS Accounts?

Download to read offline

This presentation introduces AWS Security Hub and how it can help raise the visibility of exactly what is going on in your accounts. We will explore how to setup and configure AWS Security Hub in a typical multi-account setup and demonstrate how to react to security events in realtime.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Do you REALLY know what is going on in your AWS Accounts?

  1. 1. Do you REALLY know what is going on in your AWS Accounts? Aaron Walker, Technology Director @aaronwalker
  2. 2. ©base2services Pty Ltd 2019. All rights reserved. The Cloud Services People Who am I @aaronwalker
 github.com/aaronwalker AWS APN Global Ambassador 2
  3. 3. ©base2services Pty Ltd 2019. All rights reserved. The Cloud Services People Who is base2Services We build and manage innovative, scalable and agile AWS cloud based solutions 10+ years working with AWS We have a global customer base with a local presence Melbourne - Austin - Berlin 3
  4. 4. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Do you REALLY know what is going on in your AWS Accounts? 4
  5. 5. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People The Challenges of scaling the number of accounts • Managing IAM users across many accounts • Ensuring consistency • compliance requirements • Overall security posture 5
  6. 6. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Organizations • Centrally manage policies across 
 multiple aws accounts • Automate aws account creation 
 and management • Govern access to aws services, 
 resources, and regions • Configure aws services across multiple accounts • Consolidate billing across multiple aws accounts 6
  7. 7. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Single Sign On • Centrally manage access to aws 
 accounts • Create users in aws sso or connect 
 to existing directory • Access accounts and applications 
 from one place 7
  8. 8. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Control Tower • Quickly setup and configure a new 
 AWS environment • Automate ongoing policy 
 management • View policy-level summaries of your 
 AWS environment 8
  9. 9. ©base2services Pty Ltd 2019. All rights reserved. The Cloud Services People But what about Security? 9
  10. 10. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Config • Continuous monitoring of your 
 AWS resources • Continuous assessment and overall 
 compliance of your AWS resources • Change management  allowing the 
 tracking and relationships among resources 10
  11. 11. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Inspector • Identify application security issues • Leverage aws security expertise • Integrate security into devops • Streamline security compliance • Increase development agility • Enforce security standards 11
  12. 12. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Guard Duty • Comprehensive threat identification • Strengthens security through 
 automation • Enterprise scale and central 
 management 12
  13. 13. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People These services alone aren’t enough • All require setup and configuration • you need to log into each service to see findings • They mostly work at a single account level (except  Guard Duty) 13
  14. 14. ©base2services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Security Hub 14
  15. 15. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People AWS Security Workflow 15
  16. 16. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Problem • Ensure that your AWS infrastructure meets compliance requirements • Dozens of security tools with different data formats • Large volume of alerts and the need to prioritize • Lack of a single pane of glass across security and compliance tools 16
  17. 17. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Security Hub Overview 17
  18. 18. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Findings • Reduces the effort of collecting findings across accounts • Helps with prioritizing security findings across accounts • Correlates findings across providers to prioritize the most important findings. • Seamless integration through a standardized findings format 18
  19. 19. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Compliance checks • Continuous account-level configuration and compliance checks based • Center for Internet Security (CIS) AWS Foundations Benchmark • checks provide a compliance score and identify specific accounts and resources that require attention. 19
  20. 20. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Insights • Security insights are grouped findings that highlight emerging trends or possible issues • insights help to identify non compliant resources
 
 ( e.g EC2 instances that are missing security patches for important vulnerabilities) • Create and customize your own insights, tailored to your specific security and compliance needs 20
  21. 21. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Response and remediation • Dashboards bring together your security findings across accounts • Use Amazon CloudWatch events to allow for custom response workflows using lambda and step functions • Send findings to 3rd party SIEMs tools, ticketing systems, slack, pager duty etc 21
  22. 22. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People The demo account setup 22 Control Tower AWS Organizations OU - Core OU - Custom Logs Account Audit Account Dev Account Prod Account
  23. 23. ©base2Services Pty Ltd 2019. All rights reserved. The Cloud Services People Summary • Just by enabling Security Hub can very quickly provide insights across your accounts • Get deeper insights with custom finding • Easily detect when “devs” do dumbs things 23
  24. 24. ©base2services Pty Ltd 2019. All rights reserved. The Cloud Services People Questions? 24
  25. 25. Do you REALLY know what is going on in your AWS Accounts? @aaronwalker a.walker@base2services.com base2services.com

This presentation introduces AWS Security Hub and how it can help raise the visibility of exactly what is going on in your accounts. We will explore how to setup and configure AWS Security Hub in a typical multi-account setup and demonstrate how to react to security events in realtime.

Views

Total views

87

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

1

Shares

0

Comments

0

Likes

0

×