Hosted by PolarSeven Cloud Consulting - http://polarseven.com Our monthly AWS User Group Sydney presentation night. http://www.meetup.com/AWS-Sydney/ AWS Sydney Summit Updates - by PolarSeven" Session 1: Monitoring and Troubleshooting complex issues "Solving complex problems using Sumo Logic Real Time Full Stack Visibility Presenter: Nikhil Sing - Tektorch" Sumo Logic https://www.sumologic.com/ See video presentation here https://youtu.be/_0Qx283oepw Session 2: AWS S3 Security: Your One Week Action Plan "Learn AWS S3 security best practices, automated remediation tips, and how to continuously monitor your bucket security to keep your data safe no matter how dynamic your cloud environment is. Presenter: Craig Dent, Consulting Engineer" Palo Alto Networks https://www.paloaltonetworks.com/ Watch the video presentation here https://youtu.be/_HWRQNMii8Q

1. May 2nd 2018
#70PRESENTS

2. Sponsors:

3. Contact Us
hello@polarseven.com
DevOps Competition
12 Months Contract Services
Value = $60,000
http://p7-devops.io/DevOpsComp

4. Tonight:
● AWS Updates and News: PolarSeven - Darrell King
“Summit Overview”
● Session 1: Sumo Logic - Nikhil Singh
“Monitoring and Troubleshooting Complex Issues”
● Break – Networking, Beers & Pizza
● Session 2: Palo Alto Networks - Craig Dent
“AWS S3 Security: Your One Week Action Plan”
● Close
Networking & Prize Draw - Win an Amazon Dot.

5. Darrell King
PolarSeven
AWS Sydney Summit Updates

6. BUILD-A-THON
First Innovation Day at summit
120+ Attendees
Showcased: Serverless - Rekognition & Polly Demo

7. Serverless - Rekognition and Polly Demo

8. ● Modern Company, Culture
● Artificial Intelligence
○ ML
○ SageMaker
○ AI applications
● Big Data / Analytics
● Containers
○ Kubernetes
○ EKS
● Serverless
○ Lambda
○ SAM

9. Session 1:
Nikhil Singh - Tektorch
“ Monitoring and Troubleshooting complex issues”
Using

10. TekTorch
Solutions
Finding Insights, Nimble Engineers
nikhil@tektorch.com.au
@techies

11. Agenda
Complex Problem(s)
Entry of Sumo Warrior
The Sumo Wrestling
Winner
Thank You

12. Complex Problems
● A business workflow App which is used by 100’s
of technicians.
● App & Data is mission critical, some hospital
SLA’s are < 15 min.
● Supports Offline.
● 3000+ forms, multiple workflows, photos,
signatures, barcode etc.
● Bad Network Coverage, Slow WiFi exacerbate the
problem.
● Add rogue human elements to this, who use
system to shield slacking off.

13. What If ...
● We knew exactly what a user was doing?
● What actions were performed, what time?
● Did the job was closed off or not?
● Was missing data due to application errors or user?
● Extract the missing data and apply reactively for old data.
● We could distinguish application issues and slacking.

14. Fully Elastic On Demand
Agility, Scale, Performance
No Painful Upgrades
New Features Weekly
Superior Performance
Guaranteed SLAs
Always Available
4 Geos, 12AZs, 6 X Replication
Real-Time, Full-Stack Visibility
From Source to Sumo Instantly
Secure by Design
Industry’s Most Secure Platform
Up & Running in Minutes
Reduce Time to Value by 90%
No Management Overhead
Reduce TCO > 50%
Introducing Sumo Logic

15. Comprehensive Collection & Integrations
CONFIG MGMT
IAAS & PAAS
CONTAINERS
CDN
SAAS
APP STACKS
INFRASTRUCTURE
COMPLIANCE &
SECURITY

16. Native AWS Integrations
Amazon CloudFront
AWS VPC Flow
AWS CloudTrail Amazon S3
AWS Elastic Load Balancing
Sumo Logic Kinesis + Lambda Connector
CloudTrail VPC Flow
Logs
CloudFrontELB S3 Kinesis
Sumo Logic AWS Apps and Connectors
Config
AWS Config

17. Log Reduce
Reduce MTTI by up to 90%,
MTTR by 50%
Anomaly Detection
Proactively identify new signatures
and abnormalities.
Outlier Detection
Monitor multi-dimensional metrics,
dynamic thresholds.
Predictive Analytics
Predict future trends.
Log Compare
Immediately see
deltas.
Sumo Logic: Advanced Analytics

18. AWS Architecture

19. Sumo Warrior
- Integrated with Sumo Logic
- We built entire data journey
- Data is entered by technician
- Stored in local storage
- API request is made
- API request is stored in outbox if offline
- Reconcilers are called when back online
- Logging the critical path of the system.
- Building complex queries to understand the data for an entity_form_fieldset_field and able to
reconcile where it got lost was gold.
- We extracted lost data and applied to the db without having technicians re do the jobs ($$).
- Understanding the use cases where the application was failing and fixing within days was
unbelievable.

20. Winner
- SumoLogic
- React/Redux/iOS
- Awesome Engineering

21. Questions & Thank You

22. Prize Draw:
Sign In On Your Smart Device To Win an Amazon Dot
» https://p7-devops.io/aws-ug
Sponsored by

23. Break & Networking:
• Refresh your drink
• Grab some pizza
• Make new contacts
• Enter the prize draw!

24. Session 2:
Craig Dent
Consulting Engineer
“AWS S3 Security: Your One Week Action Plan”

25. User Group
Craig Dent
Consulting Engineer
Palo Alto Networks (formerly Evident.io)
AWS S3 Security:
Your One Week Action Plan

26. User Group
MO BUCKETS, MO
PROBLEMS.

27. Are your S3 Buckets Secure?
359+ Million
Records Leaked

28. NEW IMPROVEMENTS & GUARDRAILS HELP…

29. ONE WEEK ACTION PLAN FOR S3 SECURITY
Day 1: Audit Your AWS Accounts
Day 2: Identify Key S3 Risks
Day 3: Divide and Conquer
Day 4: Get Risks Down to Zero
Day 5: Repeat, Repeat, Repeat

30. User Group
What are the key risks?

31. OPTIONS FOR APPLYING
PERMISSIONS
• IAM Policies
• Bucket Policies
• ACL
• One-time URL

32. TIP:
Don’t give the
bad guys the
keys...or the
treasure map!
• Global ACL view – 1% fail
• Global ACL edit – 0.5% fail
• Global ACL permissions
– 4.2 % fail
• Global List ACL – 4.3% fail
• Global List (bucket
policy) – 1.7% fail
WHO CAN VIEW/EDIT
MY S3 BUCKET
POLICIES?

33. Global GET – fail 7.16%
Global PUT
Global DELETE – fail
6.4%
Global LIST
Consider instead:
IAM Policies
One-time links
WHO CAN ACCESS
THE OBJECTS IN MY
BUCKETS?

34. Global Upload
and Delete
MFA Delete
S3-Delete IAM
Global Delete (via
bucket policy)
WHO CAN DELETE
MY DATA AND
CONTENT?
QUESTION:
How do I
prevent
someone from
deleting
something
important?

35. This operational
control is used
only about 50%
of the time
IS OBJECT VERSIONING
ENABLED IN MY S3
BUCKETS?

36. WILL I BE ABLE TO AUDIT
THE ACTIVITY IN MY S3
BUCKETS?
QUESTION:
Without logs,
what
happens
when a
breach
occurs?
This
operational
control fails
55.5% of the
time

37. ACTION PLAN
Day 1: Audit Your AWS Accounts
Day 2: Identify Key S3 Bucket Risks
Day 3: Divide and Conquer
Day 4: Get Risks Down to Zero
Day 5: Repeat, Repeat, Repeat

38. User Group
Day 1: Audit Your AWS Accounts

39. DO YOU KNOW ALL YOUR AWS ACCOUNTS
• Identify teams using AWS
• Identify teams that might be using AWS for siloed apps
(marketing, customer support, sales)
• Leverage procurement to find AWS expenses

40. User Group
Day 2: Identify Key Risks

41. IDENTIFY RISKS: MANUALLY OR WITH EVIDENT

42. SECURE STORAGE SERVICES
• Discover and classify data
within containers and
buckets
• Evaluate exposure based
on policy
• Auto-remediate publicly
exposed data
• Quarantine malware
Amazon S3

43. User Group
Day 3: Divide & Conquer

44. START WITH HIGH PRIORITY ACCOUNTS OR HIGH RISKS

45. User Group
Day 4: Keep Going to Get to Zero

46. TRACK YOUR SECURITY PROGRESS

47. User Group
Day 5: Repeat

48. EVIDENT ARCHITECTURE
Threat Detection Guided
Remediation
Cloud Control Plane
All Services, Regions & Accounts
Role-based Access Controls
EVIDENT SECURITY MONITORING AND COMPLIANCE
Dashboards, Reports, Alerts
Real-time Risk Analysis Engine
Audit & Compliance
Custom
Signatures &
Policies
Continuous
Monitoring
Security
Analytics
Cross-account IAM using
STS Assume Role Function
RESTAPIIntegrations
SDK3rdPartySecOps
AWS LAMBDAAWS SNS
AUTOMATED POLICY
ENFORCEMENT
Event Hub APIs

49. S3 BUCKET FITNESS REPORT

50. EVIDENT SECURITY MONITORING AND COMPLIANCE
Start a Free
Trial

51. User Group
Thank You

52. Thanks For Coming:
Join Us Next Month – June 6th 2018
AWS Presenting on Kubernetes
Plus
Commvault & Talend
>> Register @ http://www.meetup.com/AWS-Sydney/ <<
p7-devops.io/webinars-q2 p7-devops.io/DevOpsComp p7-devops.io/k8s-hands-on-days