Defending your workloads with aws waf and deep securityMark Nunnikhoven
What is a WAF (web application firewall) and how can it help defend your AWS workloads? In this webinar, you’ll learn how to get started with the new AWS WAF service and where it fits in your security strategy. You’ll see how AWS WAF works with Trend Micro’s Deep Security to provide a strong, layered defense for your web applications
AWS re:Invent 2016: Amazon s2n: Cryptography and Open Source at AWS (NET405)Amazon Web Services
Launched in June of 2015, s2n is an AWS open-source implementation of the TLS and SSL network security protocols, which focus on security, simplicity, and performance. With development led by engineers from Amazon EC2, Amazon S3, Amazon CloudFront, and AWS security and cryptography services, s2n is a unique opportunity to observe how we develop and test security and availability for critical software at AWS. Learn how we iterate and code, how we automate software verification beyond the usual code reviews, and how open source works at Amazon.
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
As attackers become more sophisticated, web application developers need to constantly update their security configurations. Static firewall rules are no longer good enough. Developers need a way to deploy automated security that can learn from the application behavior and identify bad traffic patterns to detect bad bots or bad actors on the Internet. This session showcases some of the real-world customer use cases that use machine learning and AWS WAF (a web application firewall) with automated incident response and machine learning to automatically identify bad actors. We also present tutorials and code samples that show how customers can analyze traffic patterns and deploy new AWS WAF rules on the fly.
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
Today’s web applications are becoming increasingly difficult to secure. AWS WAF helps to protect web applications from attack by blocking common web exploits like SQL injection and cross-site scripting. This session will introduce AWS WAF, how it integrates with other AWS services and how to use it to help protect your web applications. We will also demo how to deploy preconfigured rules and security automation on AWS WAF.
Learning Objectives:
• Understand the basics of AWS WAF
• Learn about AWS WAF’s ease of use and fast incident response
• Learn how to deploy preconfigured rules and security automation
A look at AWS web application firewall service from the September meeting of the Atlanta AWS Meetup group
Looking at how the service works with cloudfront along with it's pricing model compared with other WAF offerings.
This document discusses security teams and technology in a cloud world. It notes that security is now everyone's responsibility rather than isolated to one team. Modern security requires new skills from specialists like basic coding knowledge and a user-focused perspective. The document advocates distributing security specialists throughout teams rather than keeping them isolated. It also presents opportunities that cloud infrastructure provides for faster deployment times and continuous monitoring through automation and aggregation of security data.
This document provides an overview of setting up a private network in AWS called a VPC (Virtual Private Cloud). It discusses choosing an IP address range for the VPC, creating subnets across Availability Zones, setting up a route to the internet, and configuring security. It also covers options for connecting the VPC to on-premises networks, accessing other AWS services from the VPC, and monitoring VPC traffic with Flow Logs.
Security Automation: Spend Less Time Securing Your Applications.Amazon Web Services
This document discusses automating security on AWS through key services like AWS Lambda, CloudFormation, Config Rules, and CloudWatch Events. It provides examples of automating infrastructure deployment with templates, automating compliance monitoring with Config Rules, and automating incident response through CloudWatch Events. The goal is to remove human error by automating security processes and detecting issues faster through continuous monitoring and automated remediation.
Defending your workloads with aws waf and deep securityMark Nunnikhoven
What is a WAF (web application firewall) and how can it help defend your AWS workloads? In this webinar, you’ll learn how to get started with the new AWS WAF service and where it fits in your security strategy. You’ll see how AWS WAF works with Trend Micro’s Deep Security to provide a strong, layered defense for your web applications
AWS re:Invent 2016: Amazon s2n: Cryptography and Open Source at AWS (NET405)Amazon Web Services
Launched in June of 2015, s2n is an AWS open-source implementation of the TLS and SSL network security protocols, which focus on security, simplicity, and performance. With development led by engineers from Amazon EC2, Amazon S3, Amazon CloudFront, and AWS security and cryptography services, s2n is a unique opportunity to observe how we develop and test security and availability for critical software at AWS. Learn how we iterate and code, how we automate software verification beyond the usual code reviews, and how open source works at Amazon.
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
As attackers become more sophisticated, web application developers need to constantly update their security configurations. Static firewall rules are no longer good enough. Developers need a way to deploy automated security that can learn from the application behavior and identify bad traffic patterns to detect bad bots or bad actors on the Internet. This session showcases some of the real-world customer use cases that use machine learning and AWS WAF (a web application firewall) with automated incident response and machine learning to automatically identify bad actors. We also present tutorials and code samples that show how customers can analyze traffic patterns and deploy new AWS WAF rules on the fly.
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
Today’s web applications are becoming increasingly difficult to secure. AWS WAF helps to protect web applications from attack by blocking common web exploits like SQL injection and cross-site scripting. This session will introduce AWS WAF, how it integrates with other AWS services and how to use it to help protect your web applications. We will also demo how to deploy preconfigured rules and security automation on AWS WAF.
Learning Objectives:
• Understand the basics of AWS WAF
• Learn about AWS WAF’s ease of use and fast incident response
• Learn how to deploy preconfigured rules and security automation
A look at AWS web application firewall service from the September meeting of the Atlanta AWS Meetup group
Looking at how the service works with cloudfront along with it's pricing model compared with other WAF offerings.
This document discusses security teams and technology in a cloud world. It notes that security is now everyone's responsibility rather than isolated to one team. Modern security requires new skills from specialists like basic coding knowledge and a user-focused perspective. The document advocates distributing security specialists throughout teams rather than keeping them isolated. It also presents opportunities that cloud infrastructure provides for faster deployment times and continuous monitoring through automation and aggregation of security data.
This document provides an overview of setting up a private network in AWS called a VPC (Virtual Private Cloud). It discusses choosing an IP address range for the VPC, creating subnets across Availability Zones, setting up a route to the internet, and configuring security. It also covers options for connecting the VPC to on-premises networks, accessing other AWS services from the VPC, and monitoring VPC traffic with Flow Logs.
Security Automation: Spend Less Time Securing Your Applications.Amazon Web Services
This document discusses automating security on AWS through key services like AWS Lambda, CloudFormation, Config Rules, and CloudWatch Events. It provides examples of automating infrastructure deployment with templates, automating compliance monitoring with Config Rules, and automating incident response through CloudWatch Events. The goal is to remove human error by automating security processes and detecting issues faster through continuous monitoring and automated remediation.
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
If you're trying to figure out how to run enterprise applications and services on AWS securely, come join Intuit and the AWS Professional Services team to learn how to embrace a new discipline called DevSecOps. You'll learn more about software-defined security and why we think that DevSecOps helps organizations large and small adopt cloud services at a rapid pace. We'll provide you with links and information to help you get started with creating your own DevSecOps team.
Everett Toews gave a presentation on coding in the cloud to Women Who Code. He discussed different cloud computing models including SaaS, PaaS, and IaaS. He also demonstrated how to use Rackspace cloud services by deploying a sample application and configuring DNS, logs, and security. Finally, he provided information on Rackspace's developer discount for cloud resources.
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesAmazon Web Services
Keeping consistent environments across your development, test, and production systems can be a complex task. Docker containers offer a way to develop and test your application in the same environment in which it runs in production. You can use tools such as Docker Compose for local testing of applications; Jenkins and AWS CodePipeline for building and workflow orchestration; and Amazon EC2 Container Service to manage and scale containers. In this session, you will learn how to build containers into your continuous deployment workflow and orchestrate container deployments using Amazon ECS. Join us to: - Learn to integrate containers into CI/CD flows - Orchestrate continuous delivery workflows using AWS CodePipeline - Schedule containers on production clusters using Amazon ECS Who should attend: Developers, DevOps, Admins who wants to understand how to integrate containers in a CI/CD workflow. Working knowledge of containers and Docker is required. Knowledge of AWS Services is preferred, but not required.
Once a team is able to automatically produce deliverables, deploy them in a test environment and automatically assess some aspects of its quality, it has all the tools in hand to be able to automatically roll out code in a production environment. While the main tools and techniques are already in place, this step cannot be taken lightly and presents its own challenges.
This presentation explains the different techniques for rolling out code in a production environment while limiting or avoiding downtime. More advanced techniques such as A / B testing or deployments rollbacks will also be covered.
Topics included in this slide:
- Using Amazon Route53 to balance traffic between two deployments.
- Pushing updates to the production environment using Amazon OpsWorks
Watch a recording of this presentation here:
Amazon Virtual Private Cloud (VPC) allows users to define virtual networks within AWS. Users can launch AWS resources like EC2 instances into a VPC and configure the VPC's IP address range, subnets, route tables, and security settings. Security groups act as a firewall at the instance-level to control inbound and outbound traffic, while network access control lists provide an additional optional layer of firewall controls at the subnet-level.
This document discusses the traditional responsibility model versus the shared responsibility model used with AWS. With AWS, customers are responsible for the guest operating system (OS), applications, and data while AWS is responsible for security of the cloud infrastructure like hardware, software, and facilities. The document also covers pillars of incident response like monitoring and forensics. It provides examples of how incident response processes have changed with AWS instances compared to traditional servers.
This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need.
Learning Objectives:
• Understand the security measures AWS puts in place to secure the environment where your data lives
• Understand the tools AWS offers to help you create a resilient environment with the security you need
• Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud
Who Should Attend:
- Prospects and customers with a security background
- Who are interested in using AWS to manage security-sensitive workloads
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
This session covers the shared responsibility model for security and compliance specific to the AWS GovCloud (US) region. This presentation highlights the enhanced security offerings of AWS GovCloud (US), such as FIPS-140 Level 2 encryption, as well as the supported compliance regimes. It also reviews how our customers can build secure applications in GovCloud using the various security features such as IAM and VPC. This presentation also offers a brief overview of FedRAMP, explains the shared responsibility model through customer use cases, and covers how customers can obtain an Authority to Operate.
Shift Left - How to improve your security with checkov before it’s going to p...Anton Grübel
This document discusses shifting security left by using infrastructure as code (IaC) security tools like Checkov to find and prevent defects early. It lists several IaC security tools including Checkov, which supports over 1000 policies across multiple cloud platforms and languages. Checkov allows custom checks to be written in Python or YAML and integrates with GitHub Actions and pre-commit hooks to shift security testing left in the development process.
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Amazon Web Services
Learning Objectives:
- Get an inside look into Managed Rules for AWS WAF
- Learn how to set up Managed Rules for AWS WAF and the best practices
- Learn about the security experts that offer Managed Rules for AWS WAF
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
Implementing a HIPAA solution presents challenges from day one. Not only are you saddled with seemingly insurmountable regulatory challenges, you also take on the stewardship of people's most deeply personal information. The AWS platform simplifies deployment of HIPAA applications by offering a rich set of dynamic scalability, developer services, high availability options, and strong security. Hosting a HIPAA application on the public cloud may seem pretty scary, but Ideomed solved some of this architecture's most vexing challenges by building a major health portal and deploying it on AWS. Come hear Ideomed CEO Keith Brophy and solution architect Gerry Miller talk first-hand about the challenges and solutions, including CloudHSM encryption, multi-AZ failover, dynamic scaling, and more!
How Serverless Computing Enables Microservices and Micropayment Amazon Web Services
Scalable applications are by nature resource intensive, expensive to build and difficult to manage. AWS, through the serverless computing initiative, is changing this perception. In this session, Eugene Istrati from Mitoc Group shows how they are using serverless building blocks like S3, CloudFront, API Gateway, Lambda, DynamoDB, SQS, Elasticache – and this is only the foundation.
Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.
This document discusses several security tools and compliance standards for Amazon Web Services (AWS). It provides information on:
1. AWS security certification for standards like ISO 27017, ISO 27018, and Cloud Security Principles Compliance.
2. AWS security tools like Inspector, Config Rules, and Trusted Advisor that help detect vulnerabilities, enforce configurations, and evaluate alignment with best practices.
3. Other topics covered include AWS security principles, security by design, implementing security controls using services like IAM, WAF, and VPC flow logs, and certification programs to validate security skills.
Getting Started with Amazon Inspector - AWS June 2016 Webinar SeriesAmazon Web Services
The flexibility and scale of the AWS Cloud and the emergence of DevOps have combined to allow developers to build and deploy applications faster than ever before. Assessing these applications for security risks without slowing down the development process can be a challenge with traditional vulnerability assessment tools designed for on-premises infrastructure. Amazon Inspector, an automated security assessment service, addresses this by integrating security assessments directly into the development process of applications running on Amazon Elastic Compute Cloud (Amazon EC2).
In this session, we will review Amazon Inspector for performing host security assessments and how it can become a seamless part of your devops lifecycle. We will run through a demo of setting up assessment targets and templates, installing the AWS agent, and running assessments. We will explore the findings generated by an assessment and discuss how you can automate the running of assessments.
Learning Objectives:
An overview and the value of Security Assessment testing with Amazon Inspector
How customer sign up for, configure, and use the service
Understand AWS Agent and assessment data security
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
Cloud adoption is driving digital business growth and enabling companies to shift to processes and practices that make innovation continual. As with any paradigm shift, cloud computing requires different rules and a different way of thinking. This presentation will highlight best practices to build and secure scalable systems in the cloud and capitalize on the cloud with confidence and clarity.
In this session we will cover:
Key market drivers and advantages for leveraging cloud architectures.
Foundational design principles to guide strategy for securely leveraging the cloud.
The “Defense in Depth” approach to building secure services in the cloud, whether it’s private, public, or hybrid.
Real-world customer insights from organizations who have successfully adopted the ""Defense in Depth"" approach.
Session sponsored by Sumo Logic.
Stephen Quigg discusses security at AWS. He notes that security is the top priority and that AWS provides comprehensive security capabilities to support any workload. Security is shared responsibility between AWS and customers, with AWS providing visibility, auditability and control through services like CloudTrail and IAM. Customers have control over their data through encryption options and can choose the right level of security for their needs and business.
This document discusses how AWS services like Amazon Inspector, AWS WAF, and AWS Config Rules help customers improve security and compliance while maintaining agility. Amazon Inspector allows customers to automate security assessments of their applications. AWS WAF provides centralized rule management and real-time protection against web attacks. AWS Config Rules enable continuous monitoring and simplify management of configuration changes across an organization. These services embed security expertise, streamline compliance processes, and allow customers to move fast while staying safe on AWS.
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAmazon Web Services
Learning Objectives:
• Overview of AWS New & Existing Services
• Advice for Getting Started
Join the “AWS Services Overview and Quarterly Update” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. We will also provide an update so you can review and catch up on the biggest updates from the past quarter. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAmazon Web Services
• Overview of AWS New & Existing Services
• Advice for Getting Started
Join the “AWS Services Overview and Quarterly Update” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. We will also provide an update so you can review and catch up on the biggest updates from the past quarter. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
If you're trying to figure out how to run enterprise applications and services on AWS securely, come join Intuit and the AWS Professional Services team to learn how to embrace a new discipline called DevSecOps. You'll learn more about software-defined security and why we think that DevSecOps helps organizations large and small adopt cloud services at a rapid pace. We'll provide you with links and information to help you get started with creating your own DevSecOps team.
Everett Toews gave a presentation on coding in the cloud to Women Who Code. He discussed different cloud computing models including SaaS, PaaS, and IaaS. He also demonstrated how to use Rackspace cloud services by deploying a sample application and configuring DNS, logs, and security. Finally, he provided information on Rackspace's developer discount for cloud resources.
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesAmazon Web Services
Keeping consistent environments across your development, test, and production systems can be a complex task. Docker containers offer a way to develop and test your application in the same environment in which it runs in production. You can use tools such as Docker Compose for local testing of applications; Jenkins and AWS CodePipeline for building and workflow orchestration; and Amazon EC2 Container Service to manage and scale containers. In this session, you will learn how to build containers into your continuous deployment workflow and orchestrate container deployments using Amazon ECS. Join us to: - Learn to integrate containers into CI/CD flows - Orchestrate continuous delivery workflows using AWS CodePipeline - Schedule containers on production clusters using Amazon ECS Who should attend: Developers, DevOps, Admins who wants to understand how to integrate containers in a CI/CD workflow. Working knowledge of containers and Docker is required. Knowledge of AWS Services is preferred, but not required.
Once a team is able to automatically produce deliverables, deploy them in a test environment and automatically assess some aspects of its quality, it has all the tools in hand to be able to automatically roll out code in a production environment. While the main tools and techniques are already in place, this step cannot be taken lightly and presents its own challenges.
This presentation explains the different techniques for rolling out code in a production environment while limiting or avoiding downtime. More advanced techniques such as A / B testing or deployments rollbacks will also be covered.
Topics included in this slide:
- Using Amazon Route53 to balance traffic between two deployments.
- Pushing updates to the production environment using Amazon OpsWorks
Watch a recording of this presentation here:
Amazon Virtual Private Cloud (VPC) allows users to define virtual networks within AWS. Users can launch AWS resources like EC2 instances into a VPC and configure the VPC's IP address range, subnets, route tables, and security settings. Security groups act as a firewall at the instance-level to control inbound and outbound traffic, while network access control lists provide an additional optional layer of firewall controls at the subnet-level.
This document discusses the traditional responsibility model versus the shared responsibility model used with AWS. With AWS, customers are responsible for the guest operating system (OS), applications, and data while AWS is responsible for security of the cloud infrastructure like hardware, software, and facilities. The document also covers pillars of incident response like monitoring and forensics. It provides examples of how incident response processes have changed with AWS instances compared to traditional servers.
This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need.
Learning Objectives:
• Understand the security measures AWS puts in place to secure the environment where your data lives
• Understand the tools AWS offers to help you create a resilient environment with the security you need
• Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud
Who Should Attend:
- Prospects and customers with a security background
- Who are interested in using AWS to manage security-sensitive workloads
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
This session covers the shared responsibility model for security and compliance specific to the AWS GovCloud (US) region. This presentation highlights the enhanced security offerings of AWS GovCloud (US), such as FIPS-140 Level 2 encryption, as well as the supported compliance regimes. It also reviews how our customers can build secure applications in GovCloud using the various security features such as IAM and VPC. This presentation also offers a brief overview of FedRAMP, explains the shared responsibility model through customer use cases, and covers how customers can obtain an Authority to Operate.
Shift Left - How to improve your security with checkov before it’s going to p...Anton Grübel
This document discusses shifting security left by using infrastructure as code (IaC) security tools like Checkov to find and prevent defects early. It lists several IaC security tools including Checkov, which supports over 1000 policies across multiple cloud platforms and languages. Checkov allows custom checks to be written in Python or YAML and integrates with GitHub Actions and pre-commit hooks to shift security testing left in the development process.
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Amazon Web Services
Learning Objectives:
- Get an inside look into Managed Rules for AWS WAF
- Learn how to set up Managed Rules for AWS WAF and the best practices
- Learn about the security experts that offer Managed Rules for AWS WAF
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
Implementing a HIPAA solution presents challenges from day one. Not only are you saddled with seemingly insurmountable regulatory challenges, you also take on the stewardship of people's most deeply personal information. The AWS platform simplifies deployment of HIPAA applications by offering a rich set of dynamic scalability, developer services, high availability options, and strong security. Hosting a HIPAA application on the public cloud may seem pretty scary, but Ideomed solved some of this architecture's most vexing challenges by building a major health portal and deploying it on AWS. Come hear Ideomed CEO Keith Brophy and solution architect Gerry Miller talk first-hand about the challenges and solutions, including CloudHSM encryption, multi-AZ failover, dynamic scaling, and more!
How Serverless Computing Enables Microservices and Micropayment Amazon Web Services
Scalable applications are by nature resource intensive, expensive to build and difficult to manage. AWS, through the serverless computing initiative, is changing this perception. In this session, Eugene Istrati from Mitoc Group shows how they are using serverless building blocks like S3, CloudFront, API Gateway, Lambda, DynamoDB, SQS, Elasticache – and this is only the foundation.
Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.
This document discusses several security tools and compliance standards for Amazon Web Services (AWS). It provides information on:
1. AWS security certification for standards like ISO 27017, ISO 27018, and Cloud Security Principles Compliance.
2. AWS security tools like Inspector, Config Rules, and Trusted Advisor that help detect vulnerabilities, enforce configurations, and evaluate alignment with best practices.
3. Other topics covered include AWS security principles, security by design, implementing security controls using services like IAM, WAF, and VPC flow logs, and certification programs to validate security skills.
Getting Started with Amazon Inspector - AWS June 2016 Webinar SeriesAmazon Web Services
The flexibility and scale of the AWS Cloud and the emergence of DevOps have combined to allow developers to build and deploy applications faster than ever before. Assessing these applications for security risks without slowing down the development process can be a challenge with traditional vulnerability assessment tools designed for on-premises infrastructure. Amazon Inspector, an automated security assessment service, addresses this by integrating security assessments directly into the development process of applications running on Amazon Elastic Compute Cloud (Amazon EC2).
In this session, we will review Amazon Inspector for performing host security assessments and how it can become a seamless part of your devops lifecycle. We will run through a demo of setting up assessment targets and templates, installing the AWS agent, and running assessments. We will explore the findings generated by an assessment and discuss how you can automate the running of assessments.
Learning Objectives:
An overview and the value of Security Assessment testing with Amazon Inspector
How customer sign up for, configure, and use the service
Understand AWS Agent and assessment data security
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
Cloud adoption is driving digital business growth and enabling companies to shift to processes and practices that make innovation continual. As with any paradigm shift, cloud computing requires different rules and a different way of thinking. This presentation will highlight best practices to build and secure scalable systems in the cloud and capitalize on the cloud with confidence and clarity.
In this session we will cover:
Key market drivers and advantages for leveraging cloud architectures.
Foundational design principles to guide strategy for securely leveraging the cloud.
The “Defense in Depth” approach to building secure services in the cloud, whether it’s private, public, or hybrid.
Real-world customer insights from organizations who have successfully adopted the ""Defense in Depth"" approach.
Session sponsored by Sumo Logic.
Stephen Quigg discusses security at AWS. He notes that security is the top priority and that AWS provides comprehensive security capabilities to support any workload. Security is shared responsibility between AWS and customers, with AWS providing visibility, auditability and control through services like CloudTrail and IAM. Customers have control over their data through encryption options and can choose the right level of security for their needs and business.
This document discusses how AWS services like Amazon Inspector, AWS WAF, and AWS Config Rules help customers improve security and compliance while maintaining agility. Amazon Inspector allows customers to automate security assessments of their applications. AWS WAF provides centralized rule management and real-time protection against web attacks. AWS Config Rules enable continuous monitoring and simplify management of configuration changes across an organization. These services embed security expertise, streamline compliance processes, and allow customers to move fast while staying safe on AWS.
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAmazon Web Services
Learning Objectives:
• Overview of AWS New & Existing Services
• Advice for Getting Started
Join the “AWS Services Overview and Quarterly Update” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. We will also provide an update so you can review and catch up on the biggest updates from the past quarter. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAmazon Web Services
• Overview of AWS New & Existing Services
• Advice for Getting Started
Join the “AWS Services Overview and Quarterly Update” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. We will also provide an update so you can review and catch up on the biggest updates from the past quarter. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
This document summarizes announcements from AWS re:Invent about new and updated AWS services. It describes new EC2 instance types (C4) and larger, faster EBS volumes. It introduces Amazon Aurora as a MySQL-compatible database engine, the EC2 Container Service for managing Docker containers, and AWS Lambda for serverless computing. It also describes new services like AWS Config for auditing resource configurations, the Service Catalog for application deployment, and the Key Management Service for encryption key management.
This document summarizes announcements from AWS re:Invent including new services like Amazon Aurora (a MySQL compatible database engine at 1/10th the cost of commercial databases), AWS Lambda (an event-driven serverless computing platform), AWS CodeDeploy (a deployment service), AWS Config (a resource configuration and auditing service), and the AWS Service Catalog (a service for discovering and provisioning cloud applications). It also describes updates to existing services like EC2 (new C4 instance type), EBS (larger and faster volumes), and re:Invent highlights like the pace of innovation at AWS.
Building a Real Time Dashboard with Amazon Kinesis, Amazon Lambda and Amazon ...Amazon Web Services
Organisations today need a way to manage the ever-increasing volume of data from numerous sources such as log systems, click streams or connected devices and be able to analyse this data in real-time. In this session we will walk through an architecture demonstration of how to leverage AWS services to meet these needs.
Speaker: Ganesh Raja, Solutions Architect, Amazon Web Services
This document discusses Amazon Web Services (AWS) and how it provides on-demand infrastructure for hosting web-scale solutions. It outlines the various services AWS offers, including compute, storage, databases, analytics, and more. It highlights how AWS allows customers to avoid upfront costs and scale infrastructure quickly. The document also discusses how AWS provides a more flexible system than traditional infrastructure and enables businesses to focus on innovation rather than managing infrastructure.
In this presentation from the AWS User Group UK meetup in November 2014 I recap the new AWS services that were launched and announced at AWS re:Invent 2014.
Learn best practices for architecting fully available and scalable Microsoft solutions and environments on AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, introduce DevOps concepts, automation, and repeatability.
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
AWS and the Cloud has ushered in a new era for Information Security & Risk Professionals. In this session, we will talk through how the world's leading corporates are reinventing their internal GRC practices to enable their business to leverage the business value of AWS while improving the security posture of their organisation. We will talk about the journey undertaken by globally regulated entities such as Capital One who now believe they can operate more securely in the public cloud than they can in their own data centres. Finally, we will provide lessons and best practices on how you can use AWS to improve the security posture of your organisation.
Speaker: Rodney Haywood, Manager Solutions Architecture, Amazon Web Services
Featured Customer - Xero
AWS provides a broad platform of managed services to help you build, secure, and seamlessly scale end-to-end Big Data applications quickly and with ease. Want to get ramped up on how to use Amazon's big data web services? Learn when to use which service? Want to write your first big data application on AWS? Join us in this session as we discuss reference architecture, design patterns, and best practices for pulling together various AWS services to meet your big data challenges.
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Amazon Web Services
- AWS provides built-in security controls that customers don't need to manage themselves, like security groups and IAM.
- The Cloud Adoption Framework helps customers adapt existing practices or introduce new practices for cloud computing across five core security capabilities: identity and access management, detective controls, infrastructure security, data protection, and incident response.
- AWS services like CloudTrail, Config, Inspector, and Flow Logs provide detective controls to monitor activity and configuration changes. Services like OpsWorks, Shield, and WAF help secure infrastructure. Key Management Service, CloudHSM, and Certificate Manager help protect data. CloudWatch Events and Lambda can automate incident response.
Join the “AWS Services Overview” webinar to take a fast-paced 45-minute tour through our broad range of services. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
Learning Objectives:
• Overview of AWS Services
• Advice for Getting Started
WIN204-Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability. Also, plan authentication and authorization, and explore various hybrid scenarios with other cloud environment and on-premise solutions/infrastructure. Learn about common architecture patterns for network design, Active Directory, and business productivity solutions like Dynamics AX, CRM, and SharePoint, also common scenarios for custom .NET, .NET Core with SQL deployments and migrations.
Join the “AWS Services Overview” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
Learning Objectives:
• Overview of AWS New & Existing Services
• Advice for Getting Started
Who Should Attend:
• IT Administrators, IT Directors, IT Architects, and Technology or Business Decision Makers
The document discusses Amazon Web Services (AWS) and cloud computing. It provides an agenda for an introduction to AWS services including computing, storage, databases, analytics and security. It highlights AWS's global infrastructure, depth of services, continuous innovation and shared responsibility model. Examples of architectures using AWS services like EC2, S3, VPC and security groups are also presented.
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Amazon Web Services
AWS provides a broad platform of managed services to help you build, secure, and seamlessly scale end-to-end Big Data applications quickly and with ease. Want to get ramped up on how to use Amazon's big data web services? Learn when to use which service? Want to write your first big data application on AWS? Join us in this session as we discuss reference architecture, design patterns, and best practices for pulling together various AWS services to meet your big data challenges.
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
Using AWS Lambda to Build Control Systems for Your AWS InfrastructureAmazon Web Services
Defining infrastructure resource policies in an organized manner can help your company better manage its infrastructure resources.
This session will familiarize you with using AWS Lambda to process data and provide control logic for your infrastructure. You can use Amazon CloudWatch Events to monitor infrastructure resources in real-time, and you can use AWS Lambda to react to events based on a set of rules. We will demonstrate how you can build a rules engine for creating, monitoring, and managing policies.
AWS DevDay San Francisco, June 21, 2016.
Presenter: Bryan Liston, Community Manager, AWS Lambda
AWS Summit 2014 Perth - Breakout 5
Increased agility, elasticity, focus on core business, optimized costs, and better security are all good outcomes when it comes to working with AWS. But, for an enterprise with many existing complex applications, integrated operations, and sophisticated teams, this integration and transition requires thought and planning. Within this session, we will start with a typical enterprise customer and work backwards step by step to show how an extreme IT makeover it possible with reusable examples; demonstrating that an application doesn’t have to be written for cloud to realize cloud’s benefits. Many large-scale shops are already leveraging AWS without sacrificing what they are good at, and we will explain the framework for kicking off this initiative within your own organization.
Presenter: Richard Busby, Solutions Architect, Amazon Web Services
Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud.
This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.
A review of the highlights of AWS re:Invent 2017. There was simply too many announcement to include them all. This is my cheat sheet to the top ones for me (@marknca)
When it hits the fan, one of the first questions that you get asked is "Who did this?".
And like any good mystery, trying to find the attacker takes many twists and turns. There's a trail of evidence, a red herring or two, and the inevitable plot twist before the final reveal.
Unfortunately, despite what you see on TV, in the movies, or even in the press, attack attribution is hard. In face, it's one of the hardest problems in information security today.
In this talk, we use real world examples to work through what it takes to properly make the connection between attack and attacker.
Looking at real world techniques used to gather and validate evidence, we'll examine what it takes for that evidence to hold up to cross examination. We'll look at the role each of your security controls play in the attribution process and the steps you can take to immediately make attribution easier.
Come learn what it takes to actually prove who the attacker is and where attribution fits into your daily security practice.
Power Struggle: Balancing Relationships & Responsibility in the CloudMark Nunnikhoven
The document discusses the shared responsibility model for security between cloud service providers and their clients. It outlines the different levels of responsibility for various cloud service types from IaaS to SaaS. For IaaS, the client is responsible for security of the guest operating system, applications, and data while the provider is responsible for the cloud infrastructure security. For PaaS and SaaS, more of the responsibility shifts to the provider as clients have less control over the stack. The document emphasizes that while providers manage certain security controls, clients still need to understand security risks and have appropriate defenses for their use of cloud services.
A providers view of security in the cloud. This talk shows how the main cloud providers (AWS & Azure) build security into their cloud services and how they contribute to the shared responsibility model for security in the cloud.
An examination of how the shared responsibility model for cloud security works in the real world.
Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.
Software-defined networking is the latest technology in a move to abstract a variety of data center resources. As more and more of the data center is defined in code, some unique security challenges come to the fore.
In this session, we'll explore both sides of the security challenge. What types of controls and implementations are required to define security as part of your infrastructure code? What challenges does maintaining an infrastructure codebase present?
You'll learn not only how to integrate security into your infrastructure code but also how to properly and securely manage that codebase.
The document discusses the shared responsibility model between users and AWS for security. It provides examples of how responsibility is shared for different AWS services like SQS, RDS, and EC2. The document also covers security updates needed for vulnerabilities like Shellshock and POODLE and recommends actions users can take to protect their AWS resources and workloads.
This talk looks at the challenges we face as a defender today by examining several recent, prominent breaches and one of their common causes.
The first 2/3 of this talk are the same as "Is That Normal?" (http://www.slideshare.net/marknca/is-that-normal-behaviour-modelling-on-the-cheap) but in the last 3rd, instead of diving in the the mechanics of behavioural analysis, this talk looks at what we should be doing with the results.
Originally presented at the Gartner Security & Risk Management Summit in London, 08-Sep-2014
Is That Normal? Behaviour Modelling On The CheapMark Nunnikhoven
Originally presented at BSides Ottawa on 06-Sep-2014, this talk lays out the challenges faced by todays defender (for context), the gap in our current defensive strategies (what we'll address), and explains how to start a basic behavioural analysis practice with minimal investment.
Remember this is a BSides presentation so there may be some language which causes a double-take ;-)
Open with caution.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
8. Amazon Inspector
On instance analysis of workload
Limited time frame for analysis
Findings compared against;
Common vulnerabilities (CVE)
Network security issues
OS hardening
Preview
9.
10. AWS Config Rules
Event triggered AWS Lambda functions
Reacts to changes in some services
Fantastic for compliance reporting
Preview
11.
12.
13. AWS WAF
Examines HTTP/HTTPS requests
Rules on source IP or HTTP header
Global service
Sits in front of CloudFront (not just a CDN)
25. https://medium.com/@marknca/5-ways-aws-re-invent-2015-rocked-ee40b9b3c203
(ARC403) From One to Many: Evolving VPC Design
(NET403) Another Day, Another Billion Packets
(MBL311) AWS IoT: Securely Building, Provisioning, & Using Things
(MBL313) AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(DVO304) AWS CloudFormation Best Practices
(SEC323) Securing Web Applications with AWS WAF
(DAT405) Amazon Aurora Deep Dive
(DVO209) JAWS: The Monstrously Scalable Serverless Framework — AWS
Lambda, Amazon API Gateway, and More!