This document discusses AWS cloud and container security. It provides background on containers and how they package code and dependencies. It then discusses key elements of container security like the container host, network isolation, and container contents. It introduces DevSecOps as integrating security practices into the DevOps process. Finally, it discusses monitoring threats inside container environments through network traffic, logs, and platform changes.

1. AWS Cloud & Container Security

2. • C l o u d M i g r a t i o n
• A p p M o d e r n i z a t i o n
• D e v O p s A u t o m a t i o n
• C o s t O p t i m i z a t i o n
Oscar Moncada
Co-founder & CEO
• 9+Years of Experience with AWS
• 17+Years of Experience in Software
Engineering & IT
• 4 AWS Certifications
Kevin RisonChu
Co-Founder & CTO
• 13+Years of Experience with AWS
• 20+Years of Experience in Systems
Administration & IT
• 4 AWS Certifications

3. Paul McBratney
Senior Solutions Engineer

4. Security in the Cloud

5. What Are Containers?
A container is a standard unit of software that packages up code and all its
dependencies so the application runs quickly and reliably from one computing
environment to another.

6. What Are Containers?
A container is a standard unit of software that packages up code and all its
dependencies so the application runs quickly and reliably from one computing
environment to another.
Containerized Application

7. Container Security
Container security is the protection of the integrity of containers. This includes
everything from the applications they hold to the infrastructure they rely on.

8. Container Security
K e y E l e m e n t s
• C o n t a i n e r H o s t
• N e t w o r k I s o l a t i o n
• B u i l d & D e p l o y m e n t
• C o n t a i n e r C o n t e n t s
Container security is the protection of the integrity of containers. This includes
everything from the applications they hold to the infrastructure they rely on.

9. Running Containers on AWS
E C S E K S F a r g a t eE C 2

10. DevSecOps
DevSecOps is the philosophy of integrating security practices within the DevOps
process.

11. DevSecOps
• O p e n S o u r c e T o o l s
• C o r e O S C l a i r
• A n c h o r e
C o m p l i a n c e & V u l n e r a b i l i t y A n a l y s i s
DevSecOps is the philosophy of integrating security practices within the DevOps
process.

12. DevSecOps
• A W S N a t i v e C o n t a i n e r I m a g e S c a n n i n g ( F r e e * )
• O p e n S o u r c e T o o l s
• C o r e O S C l a i r
• A n c h o r e
C o m p l i a n c e & V u l n e r a b i l i t y A n a l y s i s
DevSecOps is the philosophy of integrating security practices within the DevOps
process.

13. Container Content
What runs inside the container is just as important as what the container runs on

14. Container Content
• S o f t w a r e C o m p o s i t i o n A n a l y s i s ( S C A )
What runs inside the container is just as important as what the container runs on
D a n g e r s o f O p e n S o u r c e

15. Container Content
• S o f t w a r e C o m p o s i t i o n A n a l y s i s ( S C A )
• T o o l s
• S n y k . i o
• B l a c k D u c k
• I Q S e r v e r
What runs inside the container is just as important as what the container runs on
D a n g e r s o f O p e n S o u r c e

16. Monitoring Threats Inside
Your Environment
• C o n t a i n e r t o c o n t a i n e r n e t w o r k t r a f f i c
• C o n t a i n e r l o g d a t a
• A W S p l a t f o r m c h a n g e s

17. THANK YOU!