SlideShare a Scribd company logo

Amazon guard duty_lab

B
Bela Sojina MBA, PMP

from day 4 of AWS NYC loft security week

Technology
1 of 18
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab Greg McConnel, Security Solutions Architect Jesse Fuchs, Security Solutions Architect
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty 1. Intro to GuardDuty & Demo - 20 min 2. Lab 1 – Discovery & Remediation – EC2 - 35 min 3. Discussion - 10 min 4. Lab 2 – Discovery & Remediation – IAM - 35 min 5. Discussion - 10 min 6. Summary & Closing - 10 min Amazon GuardDuty
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Quick Intro – very quick, I promise… Amazon GuardDuty
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo Start
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Role Playing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Threat Detection and Notification
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo Finish
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty http://lab.gregmcconnel.net/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 The first lab will generate GuardDuty findings when an EC2 instance attempts to connect to a IP in a customer Threat List. We will assume this instance is compromised and isolate it using a Security Group. Here are the steps: • Environment Setup – Create Elastic IP and add this to a Custom Threat List. Run CloudFormation Template • Attack Simulation – In the background the ”Compromised” instance will connect with the “Malicious” instance, generating GuardDuty findings • Remediation – A Lambda function will be added that will remove the ”Compromised” instance from its current Security Group and add it to one with no Ingress or Egress rule • Extra Credit – Enhance the Lambda function to take additional actions on the ”Compromised” instance http://loftlab.gregmcconnel.net/ http://lab.gregmcconnel.net/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 Part 1 http://loftlab.gregmcconnel.net/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 – Part 2 http://loftlab.gregmcconnel.net/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 Discussion
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 2 For the second lab you will be focused on generating and remediating GuardDuty findings related to compromised IAM credentials. Below are the steps you’ll be walking through: • Environment Setup – Run the CloudFormation template and create the additional resources • Attack Simulation – Setup a profile for stolen EC2 credentials and use the AWS CLI to see what you have access to • Remediation – Review the auto remediation Lambda function and other recommended remediations. Answer questions related to how you would remediate these within your own company • Extra Credit – Enhance the Lambda function to output a more granular alert, process other GuardDuty findings, or rotate Instance Profiles to limit downtime of an application http://lab.gregmcconnel.net/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 2 http://loftlab.gregmcconnel.net/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab Discussion
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Next Steps Enable GuardDuty - monitor the cost and findings during the 30 day no cost trial period – assess after 30 days where GuardDuty will sit in your overall security strategy. https://aws.amazon.com/guardduty/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS

Recommended

Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Amazon Web Services
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfAmazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
ThreatResponse
ThreatResponseThreatResponse
ThreatResponseAmazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty LabAmazon Web Services
 

Recommended

Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Amazon Web Services
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfAmazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
ThreatResponse
ThreatResponseThreatResponse
ThreatResponseAmazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty LabAmazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 
Application Resiliency
Application ResiliencyApplication Resiliency
Application ResiliencyAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...Amazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Amazon Web Services
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationAmazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
 
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Amazon Web Services
 
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDutyAmazon Web Services
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 

More Related Content

What's hot

From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...Amazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Amazon Web Services
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationAmazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
 
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Amazon Web Services
 

What's hot (20)

From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
 
Application Resiliency
Application ResiliencyApplication Resiliency
Application Resiliency
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
 
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
 

Similar to Amazon guard duty_lab

SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDutyAmazon Web Services
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Amazon Web Services
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
BDA210 AWS DeepLens Workshop Building Computer Vision Applications BDA210 AWS DeepLens Workshop Building Computer Vision Applications
BDA210 AWS DeepLens Workshop Building Computer Vision Applications Amazon Web Services
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...Amazon Web Services
 
AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications Amazon Web Services
 
External Security Services Round: Security Week at the San Francisco Loft
External Security Services Round: Security Week at the San Francisco LoftExternal Security Services Round: Security Week at the San Francisco Loft
External Security Services Round: Security Week at the San Francisco LoftAmazon Web Services
 
AWS DeepLens Workshop: Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision ApplicationsAWS DeepLens Workshop: Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision ApplicationsAmazon Web Services
 
AWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation WorkshopAWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation WorkshopAmazon Web Services
 
Threat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopThreat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopAmazon Web Services
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitAmazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksAmazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 

Similar to Amazon guard duty_lab (20)

SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
BDA210 AWS DeepLens Workshop Building Computer Vision Applications BDA210 AWS DeepLens Workshop Building Computer Vision Applications
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
 
AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications
 
External Security Services Round: Security Week at the San Francisco Loft
External Security Services Round: Security Week at the San Francisco LoftExternal Security Services Round: Security Week at the San Francisco Loft
External Security Services Round: Security Week at the San Francisco Loft
 
AWS DeepLens Workshop: Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision ApplicationsAWS DeepLens Workshop: Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision Applications
 
AWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation WorkshopAWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation Workshop
 
Threat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopThreat Detection & Remediation Workshop
Threat Detection & Remediation Workshop
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS Summit
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
 

Recently uploaded

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Amazon guard duty_lab

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab Greg McConnel, Security Solutions Architect Jesse Fuchs, Security Solutions Architect
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty 1. Intro to GuardDuty & Demo - 20 min 2. Lab 1 – Discovery & Remediation – EC2 - 35 min 3. Discussion - 10 min 4. Lab 2 – Discovery & Remediation – IAM - 35 min 5. Discussion - 10 min 6. Summary & Closing - 10 min Amazon GuardDuty
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Quick Intro – very quick, I promise… Amazon GuardDuty
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo Start
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Role Playing
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Threat Detection and Notification
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo Finish
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty http://lab.gregmcconnel.net/
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 The first lab will generate GuardDuty findings when an EC2 instance attempts to connect to a IP in a customer Threat List. We will assume this instance is compromised and isolate it using a Security Group. Here are the steps: • Environment Setup – Create Elastic IP and add this to a Custom Threat List. Run CloudFormation Template • Attack Simulation – In the background the ”Compromised” instance will connect with the “Malicious” instance, generating GuardDuty findings • Remediation – A Lambda function will be added that will remove the ”Compromised” instance from its current Security Group and add it to one with no Ingress or Egress rule • Extra Credit – Enhance the Lambda function to take additional actions on the ”Compromised” instance http://loftlab.gregmcconnel.net/ http://lab.gregmcconnel.net/
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 Part 1 http://loftlab.gregmcconnel.net/
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 – Part 2 http://loftlab.gregmcconnel.net/
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 Discussion
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 2 For the second lab you will be focused on generating and remediating GuardDuty findings related to compromised IAM credentials. Below are the steps you’ll be walking through: • Environment Setup – Run the CloudFormation template and create the additional resources • Attack Simulation – Setup a profile for stolen EC2 credentials and use the AWS CLI to see what you have access to • Remediation – Review the auto remediation Lambda function and other recommended remediations. Answer questions related to how you would remediate these within your own company • Extra Credit – Enhance the Lambda function to output a more granular alert, process other GuardDuty findings, or rotate Instance Profiles to limit downtime of an application http://lab.gregmcconnel.net/
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 2 http://loftlab.gregmcconnel.net/
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab Discussion
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Next Steps Enable GuardDuty - monitor the cost and findings during the 30 day no cost trial period – assess after 30 days where GuardDuty will sit in your overall security strategy. https://aws.amazon.com/guardduty/
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS