SlideShare a Scribd company logo

AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS

Download as PPTX, PDF
Lacework
Lacework

This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.

1 of 16
Automated End-to-End Security for AWS
• Introduction • Anatomy of a compromise • What to Secure • How Lacework can help • Product Demo • Trial Agenda
About Me • Lacework’s 1st Systems Engineer • 15 years in SaaS, Public Cloud, DevOps, and Security • Experience with SOC2, PCI-DSS, NIST 800-53, ISO27001 • AWS Certified Solutions Architect – Professional
The majority of compromises come down to one of these four methods: 1. Compromised credentials 2. Failure to patch known security flaws 3. Insider threats 4. Human error or negligence Anatomy of a Compromise
How are credentials compromised? Many of the recent compromises start with GitHub Specifically when developers move code from local to remote repo’s
Anatomy of a Compromise  People have gotten better!  But mistakes still happen Search  Credentials in GitHub are easy to find
Example Compromise At a well-known company, let’s call them Q’ber, a DevOps engineer accidentally committed SSH keys into GitHub And as you well know:
Example Compromise Q’ber’s security team had no idea the breach had occurred, only until the hacker contacted them with a ransom demand With full access to Q’ber’s servers, the hacker then accessed a database and exfiltrated 50M customer data records
Example Compromise Q’ber then paid the hackers $100K to delete the data and cover up the incident But the incident still became public
Cost of Compromise Q’ber is eventually sued by the US Government for not implementing requisite security controls for their hosts in the cloud $148,000,000Q’ber settles with the government for $148M How many zeroes is that??
Data Leaks Publicly exposed S3 buckets Hijacked Resources Compromised AWS accounts Hijacked Compute Resources Crypto-mining attacks Recent Security Incidents
Shared Responsibility Model AWS Global Infrastructure Customer is expected to: - Add protection layer - Configure AWS security features - Update OS and applications Amazon Web Services Responsible for security “of” the cloud Customer Responsible for security “in” the cloud Application Operating System Configuration AWS Foundation Services Compute Storage Database Networking
Surface of Risk & Threat
What Lacework Does Workload & Container Security Continuous Configuration Audit & Compliance AWS Account Security
Free Trial Signup https://www.lacework.com/security-week
Demo time!

Recommended

Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
Lacework
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
Lacework
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
Lacework
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
Lacework
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
John Varghese
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To Us
Lacework
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
Lacework
 

Recommended

Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
Lacework
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
Lacework
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
Lacework
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
Lacework
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
John Varghese
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To Us
Lacework
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
Lacework
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
Lacework
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
John Varghese
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
John Varghese
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
Teri Radichel
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
John Varghese
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
Teri Radichel
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the Cloud
CloudVillage
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slide
CloudVillage
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
CloudVillage
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud era
CloudVillage
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open Source
CloudVillage
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
Sqreen
 
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...
Karl Ots
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
Avi Shulman
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
 

More Related Content

What's hot

Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
Lacework
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
John Varghese
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
John Varghese
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
Teri Radichel
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
John Varghese
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
Teri Radichel
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the Cloud
CloudVillage
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slide
CloudVillage
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
CloudVillage
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud era
CloudVillage
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open Source
CloudVillage
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
Sqreen
 
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...
Karl Ots
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
Avi Shulman
 

What's hot (20)

Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the Cloud
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slide
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud era
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open Source
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
 

Similar to AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS

Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
OWASP Delhi
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdf
Craw Cyber Security
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
Amazon Web Services
 
Building an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSBuilding an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWS
Amazon Web Services
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
Andrew Bienert
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment
Nathan Case
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Amazon Web Services
 
A Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig BaldingA Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig Balding
craigbalding
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
 

Similar to AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS (20)

Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdf
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
Building an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSBuilding an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWS
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
 
A Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig BaldingA Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig Balding
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 

More from Lacework

BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackBSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
Lacework
 
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Lacework
 
Containers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud EnvironmentsContainers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud Environments
Lacework
 
Lacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 BucketsLacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 Buckets
Lacework
 
Guidebook Case Study
Guidebook Case StudyGuidebook Case Study
Guidebook Case Study
Lacework
 
Container Security Research
Container Security ResearchContainer Security Research
Container Security Research
Lacework
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
Lacework
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud Environments
Lacework
 

More from Lacework (8)

BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackBSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
 
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
 
Containers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud EnvironmentsContainers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud Environments
 
Lacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 BucketsLacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 Buckets
 
Guidebook Case Study
Guidebook Case StudyGuidebook Case Study
Guidebook Case Study
 
Container Security Research
Container Security ResearchContainer Security Research
Container Security Research
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud Environments
 

Recently uploaded

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 

Recently uploaded (20)

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 

AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS

  • 2. • Introduction • Anatomy of a compromise • What to Secure • How Lacework can help • Product Demo • Trial Agenda
  • 3. About Me • Lacework’s 1st Systems Engineer • 15 years in SaaS, Public Cloud, DevOps, and Security • Experience with SOC2, PCI-DSS, NIST 800-53, ISO27001 • AWS Certified Solutions Architect – Professional
  • 4. The majority of compromises come down to one of these four methods: 1. Compromised credentials 2. Failure to patch known security flaws 3. Insider threats 4. Human error or negligence Anatomy of a Compromise
  • 5. How are credentials compromised? Many of the recent compromises start with GitHub Specifically when developers move code from local to remote repo’s
  • 6. Anatomy of a Compromise  People have gotten better!  But mistakes still happen Search  Credentials in GitHub are easy to find
  • 7. Example Compromise At a well-known company, let’s call them Q’ber, a DevOps engineer accidentally committed SSH keys into GitHub And as you well know:
  • 8. Example Compromise Q’ber’s security team had no idea the breach had occurred, only until the hacker contacted them with a ransom demand With full access to Q’ber’s servers, the hacker then accessed a database and exfiltrated 50M customer data records
  • 9. Example Compromise Q’ber then paid the hackers $100K to delete the data and cover up the incident But the incident still became public
  • 10. Cost of Compromise Q’ber is eventually sued by the US Government for not implementing requisite security controls for their hosts in the cloud $148,000,000Q’ber settles with the government for $148M How many zeroes is that??
  • 11. Data Leaks Publicly exposed S3 buckets Hijacked Resources Compromised AWS accounts Hijacked Compute Resources Crypto-mining attacks Recent Security Incidents
  • 12. Shared Responsibility Model AWS Global Infrastructure Customer is expected to: - Add protection layer - Configure AWS security features - Update OS and applications Amazon Web Services Responsible for security “of” the cloud Customer Responsible for security “in” the cloud Application Operating System Configuration AWS Foundation Services Compute Storage Database Networking
  • 13. Surface of Risk & Threat
  • 14. What Lacework Does Workload & Container Security Continuous Configuration Audit & Compliance AWS Account Security