AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
by Greg McConnel, Sr. Solutions Architect, AWS
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket and launching an Amazon EC2 instance of a specific type.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
by Greg McConnel, Sr. Solutions Architect, AWS
Join us for this hands-on lab where you will learn about the new threat detection and monitoring service, Amazon GuardDuty, by walking through its capabilities and some real-world attack scenarios. You need a personal (not corporate) AWS account to take the lab. We will provide AWS credits to help cover any costs you incur while taking the lab.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
by Greg McConnel, Sr. Solutions Architect, AWS
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket and launching an Amazon EC2 instance of a specific type.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
by Greg McConnel, Sr. Solutions Architect, AWS
Join us for this hands-on lab where you will learn about the new threat detection and monitoring service, Amazon GuardDuty, by walking through its capabilities and some real-world attack scenarios. You need a personal (not corporate) AWS account to take the lab. We will provide AWS credits to help cover any costs you incur while taking the lab.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering flexibility for customers to build a wide range of applications. Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Topics covered include:
• The AWS approach to security and how responsibilities are shared between AWS and our customers
• How to build your own secure virtual private cloud and integrate it with your existing solutions
• How to use AWS Identity and Access Management to securely manage and operate your applications
• Best practices for securing your AWS account, your content and your applications
View a recording of this webinar here: http://youtu.be/Ihe_8o00-WI
Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including computing, storage, networking and database services, as well as a range of high level services. AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. In this presentation, we focus on advanced security best practices and recently introduced security services from AWS.
See a recording of the webinar based on this presentation here: https://youtu.be/zU1x5SfKEzs
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...Amazon Web Services
AWS Organizations is a new administrative capability, which allows you to control multiple AWS accounts centrally. With Organizations, you can hierarchically organize and manage your AWS accounts and apply organizational controls across these accounts to meet your business needs. In this session, we cover the capabilities of AWS Organizations and discuss best practices when managing multiple AWS accounts.
Core strategies to develop defense in depth in AWSShane Peden
Information security guidance and strategies for securing cloud infrastructure in Amazon Web Services, presented by risk3sixty LLC and Afonza. Atlanta based cyber risk management.
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
This session will review how AWS allows FinTech’s across APAC to innovate at pace while maintaining the high level of security expected by the financial services community. We will review security domains including Infrastructure Security, Data Protection, Logging & Monitoring, Identity & Access Management and Intrusion Detection.
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We will take a look at innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS. Learn More: https://aws.amazon.com/government-education/
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...Amazon Web Services
The landscape of IT and data security has changed vastly since the advent of the cloud. Savvy technology leaders know that they must have visibility and control over their environment to fully leverage their cloud investments. Tools like IAM offer teams indispensable tools to proactively manage and protect their cloud environment.
Join CloudCheckr CEO Aaron Newman to learn tips for effective and secure cloud deployments that you can implement today, including:
How to address requirements of the AWS Shared Responsibility Model
Why anticipating internal and external threats are crucial for mitigating security risks in the cloud
IAM overview and how it helps ensure secure and compliant deployments
Features and policies, as well as how to apply them to users and groups
Advice for leveraging IAM roles to mitigate potential security risks
Best practices for using IAM to configure user permissions, and other important considerations
This session is brought to you by AWS Summit Chicago sponsor, CloudCheckr.
How to prepare for & respond to security incidents in your AWS environmentNathan Case
In this session, we walk through what you need to do to be prepared to respond to security incidents in your AWS environments. We start off with planning best practices, move through the configurations that will help deliver protective and detective controls, then finally show you how you can improve your response capability. Learn how AWS Organizations, AWS Identity and Access Management (IAM), Amazon GuardDuty, AWS Security Hub, AWS Lambda, AWS WAF, AWS Systems Manager, and AWS Key Management Service (AWS KMS) can help take you from protect and detect to respond and recover.
This session will cover how operating on the AWS cloud helps you manage risk and remain competitive in an ever changing landscape. We will review how to manage confidentiality, integrity, compliance and availability on AWS.
Speaker: David Kaplan, Security Specialist, Amazon Web Services
AWS provides tools to improve your security posture, by providing ways of implementing detective and reactive controls that will detect and remediate security threats. We’ll look at the various services and the features that you can employee, such as AWS Inspector, AWS Trusted Advisor, AWS Config and Config Rules and CloudTrail. We’ll explore how they work and how they should be deployed as part of an overall security strategy.
It's 10pm, Do You Know Where Your Access Keys Are?Ken Johnson
Ken Johnson, CTO of nVisium, discusses harnessing existing AWS functionality to strengthen your organization’s AWS infrastructure against real-world attacks.
You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next?
Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages. It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations. In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies.
Join us to learn:
• How security will be integrated into the overall processes of development and deployment.
• How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed.
• How to be successful with API-enabled, continuous security tools in the cloud.
• How to operationalize security alarms, enabling world-class incident response and remediation capabilities.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next?
Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages.
It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations.
In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies.
This slide deck covers:
- How security will be integrated into the overall processes of development and deployment.
- How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed.
- How to be successful with API-enabled, continuous security tools in the cloud.
- How to operationalize security alarms, enabling world-class incident response and remediation capabilities.
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
As government agencies expand the use of cloud services, security continues to be a top priority for program managers, policymakers, and cloud service providers (CSPs). Governments and agencies worldwide are moving workloads with varying levels of sensitivity to the cloud. This session will feature agency-level security risk management practices and address common myths about security in the cloud. Participants will gain insight into how governments are leveraging cloud computing to improve their security posture and more quickly benefit from economies of scale.
Mark Ryland, Chief Solutions Architect, Amazon Web Services, WWPS
Cloud Security and some preferred practicesMichael Pearce
Cloud Security and some preferred practices. Security isn't easy, but here is why it matters, the difference between security and compliance and what we can do to implement it and mitigate some of the risks.
Michael Pearce, DevOps Engineer @ Peak AI.
Rackspace provides a comprehensive set of tooling and expertise on AWS that further unlocks your ability to secure your environment efficiently and cost effectively. The dynamic environment of data, applications, and infrastructure can pose challenges for businesses trying to manage security while following compliance regulations. To mitigate these challenges, businesses need a scalable security solution to ensure their data is safe, secure, and stable. In this webinar, Brad Schulteis, Jarret Raim and Todd Gleason will discuss the topic of security control requirements on AWS through the lens of three common compliance scenarios: HIPAA, PCI-DSS, and generalized security compliance based on the NIST Risk Management Framework. Watch our webinar to learn how Rackspace combines AWS and security expertise with tools like AWS CloudFormation, AWS CodeCommit and AWS CodeDeploy to help customers meet their security and compliance needs.
Join us to learn:
• Best practices for securely operating workloads on the AWS Cloud
• Architecting a secure environment for dynamic workloads
• How to incorporate Security by Design principles to address compliance needs across 3 use cases: HIPAA, PCI-DSS and generalized security compliance based on the NIST Risk Management Framework
Who should attend: Directors and Managers of Security, IT Administers, IT Architects, and IT Security Engineers
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Teri Radichel
Security controls you might not be using but you should consider. In June 2021, an Ermetic report found that most of the companies surveyed experienced a cloud data breach in the prior 18 months. AWS has a number of security controls that can help prevent common data breaches and security incidents. Find out what these controls are and how they can help you secure your data.
Top Priorities for Cloud Application SecurityTeri Radichel
Are you trying to make sure your cloud applications are secure? You might think the biggest thing you need to worry about is S3 buckets, but you can actually leverage the cloud and DevSecOps in much more powerful ways to secure your applications. This talk was first presented at Countermeasure IT in Ottawa, Canada in November 2018
Auditors can have a significant positive impact on Cybersecurity. This slide deck is from a sold out presentation on Azure for Auditors for ISACA and IIA in Seattle. How can auditors help cloud security? What should auditors and those performing cloud security assessments consider when evaluating cloud security on Azure? If you'd like to learn more check out my cybersecurity classes at https://2ndsightlab.com
If your company is moving to the cloud, or you are auditing a company using cloud technology, what's different? What stays the same? ~ Keynote presentation for Bienvenue au congrès ISACA Québec 2019 ~ Copyright 2nd Sight Lab, LLC https://2ndsightlab.com
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.
Red Team vs. Blue Team on AWS ~ re:Invent 2018Teri Radichel
Red Teaming and Pen Testing steps taken on a vulnerable account followed by Blue Teaming and cloud security defensive strategies. Teri Radichel and Kolby Allen at re:Invent 2018
Five concepts to help companies get a handle on cloud security. Create a base upon which you can recover from security incidents faster and bake security into every application from the start. Create reporting that helps appropriately prioritize, assign, and attribute security problems to the person who can and should fix them.
Validate code on the way into the cloud and verify code remains security after deployment. Leverage monitoring, segregation of duties and account architecture to enhance security in AWS and other cloud providers.
Presentation on current security trends, prevention and detection. This presentation was initially given at a WatchGuard partner event for Equinox IT. http://www.equinoxits.com/
Packet Capture on AWS. Simple explanation of why security people like to capture packets, how it can be done, potential architectures, and a POC using a WatchGuard Firebox Cloud, the CLI, a bucket, bucket policy, etc. and a lambda function to show that packet capture is possible. Next steps for an actual production solution.
Caveat: these slides were written in about one hour. Please refer to the paper for details.
When organizations start using AWS, they may initially use a single VPC and a very simple network implementation. In many cases, however, companies are leveraging multiple VPCs, regions and accounts. Companies are also connecting cloud networks to corporate headquarters and remote locations. They may even be connecting different cloud providers. This presentation will consider some of these use cases and the implications of connecting different networks. Material covered will include security considerations, sample architectures and tools that can help protect your account and your data.
Security ideas to help you operate more securely in the cloud. Use the AWS platform and CICD as a mechanism to monitor security of what is being deployed. Limit risk with proper security controls, network implementation and logging mechanisms.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
8. Points of Discovery and Reaction
• Knowns:
• Prevent from entering environment
• Detect and roll back on entry into environment
• Unknowns:
• Baseline normal behavior
• React to anomalies – alerts, investigation
12. The Right People
Cowboy has no
well thought out
plan or expertise
Mr. No Kills Innovation.
He is not open to new ideas.
Analysis Paralysis
Kills Productivity
Engineers = expertise + well-designed
solutions based on available data
13. Deployment Pipeline
DevOps, security, developer and
QA teams should all use the
same process for AWS
deployments.
Add Security Controls at this
checkpoint.
Facilitates inventory, audit and
compliance.
CICD – Continuous Integration,
Continuous Deployment
15. Security Automation
• Automate Biggest Risks ~ Verizon Data Breach Report
• Automated Deployments – CloudFormation, SDKs
- Consider Immutable Infrastructure where possible
• Automated Compliance – AWS Config, AWS Inspector
• Automated Security Operations – AWS WAF, 3rd Party Tools
• Custom automation – roll your own
• Automated Intrusion Detection – Proof of Concept Framework:
https://github.com/tradichel/AWSSecurityAutomationFramework
16.
17. Other Options for SSH and Access Secret Key
• IAM Roles for Users and AWS Resources
• Cross Account Roles
• Active Directory Integration
• STS – temporary credentials
• Use MFA where possible
• Consider CLI, Console and Instance Logins
• If using keys, train users that keys are passwords and treat as such
18. Encryption on AWS
• KMS - AWS Key Management Service
• CloudHSM - Single Tenant Hardware Security Module
• Bring Your Own Key – import from your own key manager or HSM
• AWS Certificate Manager - SSL/TLS for encryption in transit
19. 5. Plan Network Carefully.
Internet Access AWS Only AWS to Corporate
security group
security group
security group
security group
security group
security group
Routes: Enforce Traffic Flow. Subnets: Larger. Security Groups: Whitelist.
20. Avoid This
So many holes in
your network and
running so many
agents that you no
longer know what is
traversing your
network anymore
and network security
is pointless.
21. Avoid This
Subnets with almost nothing in
them has the potential to
exhaust your IP space.
It also becomes unwieldy to
manage numerous subnets and
security groups.
Use security groups for
application specific rules.
22. Architect for the Cloud
Avoid Lift and Shift
Costs will be higher
Doesn’t leverage AWS
Possible Security Issues
Fix it later…right.
If you do...keep it in a
separate account.
25. Have a Sandbox Account
Tightly secure other accounts.
Match production or purpose built.
26.
27. AWS Monitoring Tools
• VPC Flow Logs ~ like Netflow for VPC, not real time
• CloudTrail ~ Monitor actions taken on AWS
• CloudWatch ~ Any kind of logs, cannot be altered if properly secured
• 3rd Party Tools
28. Teri Radichel, Cloud Architect
WatchGuard Technologies ~ We are hiring!
@teriradichel
Security Certifications and Papers:
Http://www.giac.org/certified-professional/teri-radichel/140127
Thank you!
Editor's Notes
Video from AWS re:Invent 2015 where Rob Alexander was the keynote speaker.
AWS Security Process Overview:
https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
Top 5 Critical Controls:
https://www.cisecurity.org/critical-controls.cfm
Deski Network Suite on left. AWS Web Console on right.
Sample architecture from AWS Case Studies:
https://aws.amazon.com/solutions/case-studies/
Paper on Security Automation in AWS:
https://www.sans.org/reading-room/whitepapers/incident/balancing-security-innovation-event-driven-automation-36837
AWS IAM Best Practices:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Code Spaces ~ The company that got deleted.
http://www.networkcomputing.com/cloud-infrastructure/code-spaces-lesson-cloud-backup/314805651
Evident IO Blog with Security Best Practices:
http://blogs.evident.io
Images: Shutterstock, Meme Generator
Target was likely compromised via a deployment system: https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412
KMS:
https://aws.amazon.com/kms/
CloudHSM:
https://aws.amazon.com/cloudhsm/
AWS Certificate Manager:
https://aws.amazon.com/certificate-manager/
Bring your own key:
https://aws.amazon.com/blogs/aws/new-bring-your-own-keys-with-aws-key-management-service/
This new feature allows you to import keys from any key management and HSM (Hardware Security Module) solution that supports the RSA PKCS #1 standard, and use them with the AWS services and your own applications.
Protecting Data At Rest on AWS: https://d0.awsstatic.com/whitepapers/AWS_Securing_Data_at_Rest_with_Encryption.pdf
AWS Security Blog ~ Encryption: https://blogs.aws.amazon.com/security/blog/category/Encryption
AWS Best Practices ~ Architecting for the Cloud:
https://aws.amazon.com/whitepapers/architecting-for-the-aws-cloud-best-practices/
Don’t be a bottleneck image:
http://digital.library.unt.edu/ark:/67531/metadc182/
Images from 6 Ways to Make Toast – Wikihow
http://www.wikihow.com/Make-Toast
AWS Compliance White Paper: https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf