When it comes to managing the security of your AWS environment, traditional, on-premise, perimeter-only tactics must evolve to be environment-aware, data-centric, and automated wherever possible.
Speed of detection and agility in recovery are your new challenges and AWS Config, Cloudwatch, and Lambda are your new allies that help address them.
Learn about high-speed security incident response and recovery at the push of a button perhaps. This talk provides an overview with detailed examples of configuration management, event notification, and automatic execution to rapidly detect and react to potential security concerns within your AWS environment.
Speaker: Don Bailey, Principal Security Engineer, Amazon Web Services & Joshua Du Lac, Senior Security Consultant, Amazon Web Services
You Can't Protect What you Can't See. AWS Security Best Practices - Session S...Amazon Web Services
AWS utilises a shared security model where both AWS and the customer share responsibility for the security of data, applications and resources. As part of this model, it is critical that customers leverage services such as AWS CloudTrail, Config, and more. Attend this session to learn best practices on how to leverage these and other AWS services to gain end-to-end visibility and robust security on AWS. You will also hear how customers leverage third-party tools such as the Splunk App for AWS as critical elements of their security posture.
Speakers: Dan Miller, Cloud Sales Director, APAC, Splunk & Simon O'Brien, Senior Systems Engineer, Splunk
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Amazon Web Services
AWS Lambda enables developers to build scalable applications without managing servers. Come learn how Lambda's event driven approach helps build backend ingestion systems, real time stream processing, and scalable API backends. We will deep dive into the different approaches that customers have taken to building applications with Lambda, typical architectures that customers use Lambda for, and best practices for authoring, deploying, and managing Lambda functions.
Speaker: Ajay Nair, Sr Product Manager Lambda, Amazon Web Services
Security and Compliance – Most Commonly Asked Questions - Technical 101Amazon Web Services
We've heard from our customers that using AWS allows them to operate even more securely than they could in their own data centres. Why is this? We will tackle the most commonly asked security & compliance questions customers ask when adopting the AWS Cloud. We will demonstrate practical ways to make sure you're operating securely, and hear first-hand from an AWS customer about how they are using the platform today and the importance of getting this right.
Speaker: Matthew Jobson, Account Manager, Amazon Web Services & Ben Chung, Head of Security Assurance, Amazon Web Services, APAC
Featured Customer - Health Direct Australia
While there are many Cloud design patterns for infrastructure, there are also many Cloud design patterns for developers. Come and learn how you can take your software design patterns and apply them to the next generation of cloud applications, or simply modernise your existing software architectures.
Speaker: Arden Packeer, Solutions Architect, Amazon Web Services
Smaller is Better - Exploiting Microservice Architectures on AWS - Technical 201Amazon Web Services
Microservice oriented architectures have been implemented and deployed by many and are on the near-term agenda of many others. However, the distributed nature of microservices is a double edged sword, being the source of many of the benefits, but also the source of the pain and confusion that teams have endured. We will review best practices and recommended architectures for deploying microservices on AWS with a focus on how to exploit the benefits of microservices to decrease feature cycle times and costs while increasing reliability, scalability, and overall operational efficiency.
Speaker: Craig Dickson, Solutions Architect, Amazon Web Services
Featured Customer - MYOB
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
· Design a workload-centric security architecture
· Improve visibility of AWS-only or hybrid environments
· Stop patching live instances but still prevent exploits
Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro
You Can't Protect What you Can't See. AWS Security Best Practices - Session S...Amazon Web Services
AWS utilises a shared security model where both AWS and the customer share responsibility for the security of data, applications and resources. As part of this model, it is critical that customers leverage services such as AWS CloudTrail, Config, and more. Attend this session to learn best practices on how to leverage these and other AWS services to gain end-to-end visibility and robust security on AWS. You will also hear how customers leverage third-party tools such as the Splunk App for AWS as critical elements of their security posture.
Speakers: Dan Miller, Cloud Sales Director, APAC, Splunk & Simon O'Brien, Senior Systems Engineer, Splunk
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Amazon Web Services
AWS Lambda enables developers to build scalable applications without managing servers. Come learn how Lambda's event driven approach helps build backend ingestion systems, real time stream processing, and scalable API backends. We will deep dive into the different approaches that customers have taken to building applications with Lambda, typical architectures that customers use Lambda for, and best practices for authoring, deploying, and managing Lambda functions.
Speaker: Ajay Nair, Sr Product Manager Lambda, Amazon Web Services
Security and Compliance – Most Commonly Asked Questions - Technical 101Amazon Web Services
We've heard from our customers that using AWS allows them to operate even more securely than they could in their own data centres. Why is this? We will tackle the most commonly asked security & compliance questions customers ask when adopting the AWS Cloud. We will demonstrate practical ways to make sure you're operating securely, and hear first-hand from an AWS customer about how they are using the platform today and the importance of getting this right.
Speaker: Matthew Jobson, Account Manager, Amazon Web Services & Ben Chung, Head of Security Assurance, Amazon Web Services, APAC
Featured Customer - Health Direct Australia
While there are many Cloud design patterns for infrastructure, there are also many Cloud design patterns for developers. Come and learn how you can take your software design patterns and apply them to the next generation of cloud applications, or simply modernise your existing software architectures.
Speaker: Arden Packeer, Solutions Architect, Amazon Web Services
Smaller is Better - Exploiting Microservice Architectures on AWS - Technical 201Amazon Web Services
Microservice oriented architectures have been implemented and deployed by many and are on the near-term agenda of many others. However, the distributed nature of microservices is a double edged sword, being the source of many of the benefits, but also the source of the pain and confusion that teams have endured. We will review best practices and recommended architectures for deploying microservices on AWS with a focus on how to exploit the benefits of microservices to decrease feature cycle times and costs while increasing reliability, scalability, and overall operational efficiency.
Speaker: Craig Dickson, Solutions Architect, Amazon Web Services
Featured Customer - MYOB
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
· Design a workload-centric security architecture
· Improve visibility of AWS-only or hybrid environments
· Stop patching live instances but still prevent exploits
Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
Application Delivery Patterns for Developers - Technical 401Amazon Web Services
Every developer has gone through the frustration of creating new features, fixing bugs, or refactoring beautiful code, and then wait for it to reach the promise land of production. Come and learn how to get your changes in the hands of your customers with more speed, reliability, security and quality.
We will dive deep into architectures for continuous delivery pipelines, apply lean principles, and build intelligence into your pipeline.
Speaker: Shiva Narayanaswamy, Solutions Architect, Amazon Web Services
Featured Customer - REA Group
Key Steps for Setting up your AWS Journey for Success - BusinessAmazon Web Services
When building anything, it's longevity begins with establishing a solid foundation, on AWS you will need to ensure your application is built on top of best practices. We will help you make the best use out of AWS Support and Training, correct account set up and strategies to help you optimise your AWS spend.
Speakers: David Ly, Account Manager and Nathan Besh, Technical Account Manager, Amazon Web Services
Featured Customer - Domain
Cloud is the New Normal, So How Do I Get Started? - BusinessAmazon Web Services
In this session we will tackle the basic concepts for customers who are looking to adopt the AWS Cloud. We will provide demonstrations, examples, and guidance on starting your journey and the ongoing support available to you. You will hear first-hand from an AWS customer who will share their recent experience while moving their first workload to AWS and their learnings so far.
Speaker: Satwant Phull, Account Manager & Evgeny Vaganov, Solutions Architect, Amazon Web Services
Featured Customer - True Alliance
Visibility and Control in the Cloud: How to Get your Boss Comfortable with AW...Amazon Web Services
In this session we will cover key areas for building a business case for the Cloud. Topics covered will include:
Goals in moving your infrastructure to AWS.
Challenges faced along the way.
The 5 steps to achieving visibility and control of AWS across business functions.
Craig partners with Cloud leaders such as Amazon to build Innovative Solutions for the local and international market. His first company Cloud business Devnet was acquired by Cloud Sherpas / Accenture. He is active in the AWS users group and many startup groups. He is currently Founder & CEO of CloudMGR - AWS Advanced Technology Partner
Speaker: Craig Deveson, Founder & CEO, CloudMGR
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
AWS and the Cloud has ushered in a new era for Information Security & Risk Professionals. In this session, we will talk through how the world's leading corporates are reinventing their internal GRC practices to enable their business to leverage the business value of AWS while improving the security posture of their organisation. We will talk about the journey undertaken by globally regulated entities such as Capital One who now believe they can operate more securely in the public cloud than they can in their own data centres. Finally, we will provide lessons and best practices on how you can use AWS to improve the security posture of your organisation.
Speaker: Rodney Haywood, Manager Solutions Architecture, Amazon Web Services
Featured Customer - Xero
Configuration Management in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
In order for your application to operate in a predictable manner in both your test and production environments, you must vigilantly maintain the configuration of your resources. By leveraging configuration management solutions, Dev and Ops engineers can define the state of their resources across their entire lifecycle. In this session, you will learn how to use AWS OpsWorks, AWS CodeDeploy, and AWS CodePipeline to build a reliable and consistent development pipeline that assures your production workloads behave in a predictable manner. Learn More: https://aws.amazon.com/government-education/
Serverless Security Automation | AWS Public Sector Summit 2017Amazon Web Services
To implement security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all accounts. In this session, you will learn how to use AWS CloudFormation and AWS Step Functions to execute security best practices, such as using AWS CloudTrail, AWS Config, Amazon VPC Flow Logs, and Amazon S3 Access logs in scenarios where you are managing many AWS accounts across an organization. Learn how to store all of these logs in a centralized logging system such as Elasticsearch or Splunk, and set up alerting and drift detection on anomalous or high risk activity. Attend this session and discover ways to use centralized IAM roles and enforce MFA across multiple accounts. https://aws.amazon.com/government-education/
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAmazon Web Services
AWS’ suite of serverless technology has enabled enterprises in Financial Services to move quickly from conception to reality. By leveraging AWS, you can run code without provisioning or managing servers—and you only pay for what you use. In this session, we will walk through how we worked with Broadridge to take their Experience Manager application from design to deployment and provide details around how numerous AWS services were leveraged, including Cognito, Lambda, S3, DynamoDB, and SES. We will also dive into how the use of serverless technology can enable developers to move quickly, while improving security postures, minimizing management, and simplifying operations.
Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, automation and repeatability. Plan authentication and authorization, various hybrid scenarios with other cloud environment and on premise solutions/infrastructure. Learn about common architecture patterns for Active Directory and business productivity solutions like SharePoint, Exchange and Skype for Business, also common scenarios for SQL deployments and System Center.
Currently, a breadth of AWS training opportunities are available worldwide, both led by AWS and through community-driven training platforms. In this session, community leaders sort through the different training resources, discuss the resources they used to help them become AWS experts, and explain how different training solutions can complement one another.
Chris Munns takes us on a journey to Innovation. He presents AWS' latest and greatest announcements with a particular focus on Serverless - Amazon Lambda, and Automation - AWS Step Functions. Presented in Montreal at the AWS Innovate event.
Businesses are utlising their digital assets more than ever to engage, acquire and nurture their customers. This session dives into how you can leverage the AWS platform for your Digital assets. Topics include scalability, mobility, and getting closer to your customers through continuous innovation and latency optimisation.
Business session
Speaker: Ralf Capel, Account Manager, Amazon Web Services & Jan Haak, Solutions Architect, Amazon Web Services
Featured Customer - The Iconic
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Amazon Web Services
Amazon Web Services provides JPL with a vast array of capabilities to store, process, and analyze mission data. JPLers were early to adopt AWS services to build complex solutions, but quickly grew to over 50 AWS accounts, 80 IAM users, and hundreds of resources. To deal with this complexity, a team of engineers inside JPL's Office of the CIO developed a cloud governance model. The true challenge was implementing it on existing deployments. Learn about their model and how they overcame the challenges.
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
Application Delivery Patterns for Developers - Technical 401Amazon Web Services
Every developer has gone through the frustration of creating new features, fixing bugs, or refactoring beautiful code, and then wait for it to reach the promise land of production. Come and learn how to get your changes in the hands of your customers with more speed, reliability, security and quality.
We will dive deep into architectures for continuous delivery pipelines, apply lean principles, and build intelligence into your pipeline.
Speaker: Shiva Narayanaswamy, Solutions Architect, Amazon Web Services
Featured Customer - REA Group
Key Steps for Setting up your AWS Journey for Success - BusinessAmazon Web Services
When building anything, it's longevity begins with establishing a solid foundation, on AWS you will need to ensure your application is built on top of best practices. We will help you make the best use out of AWS Support and Training, correct account set up and strategies to help you optimise your AWS spend.
Speakers: David Ly, Account Manager and Nathan Besh, Technical Account Manager, Amazon Web Services
Featured Customer - Domain
Cloud is the New Normal, So How Do I Get Started? - BusinessAmazon Web Services
In this session we will tackle the basic concepts for customers who are looking to adopt the AWS Cloud. We will provide demonstrations, examples, and guidance on starting your journey and the ongoing support available to you. You will hear first-hand from an AWS customer who will share their recent experience while moving their first workload to AWS and their learnings so far.
Speaker: Satwant Phull, Account Manager & Evgeny Vaganov, Solutions Architect, Amazon Web Services
Featured Customer - True Alliance
Visibility and Control in the Cloud: How to Get your Boss Comfortable with AW...Amazon Web Services
In this session we will cover key areas for building a business case for the Cloud. Topics covered will include:
Goals in moving your infrastructure to AWS.
Challenges faced along the way.
The 5 steps to achieving visibility and control of AWS across business functions.
Craig partners with Cloud leaders such as Amazon to build Innovative Solutions for the local and international market. His first company Cloud business Devnet was acquired by Cloud Sherpas / Accenture. He is active in the AWS users group and many startup groups. He is currently Founder & CEO of CloudMGR - AWS Advanced Technology Partner
Speaker: Craig Deveson, Founder & CEO, CloudMGR
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
AWS and the Cloud has ushered in a new era for Information Security & Risk Professionals. In this session, we will talk through how the world's leading corporates are reinventing their internal GRC practices to enable their business to leverage the business value of AWS while improving the security posture of their organisation. We will talk about the journey undertaken by globally regulated entities such as Capital One who now believe they can operate more securely in the public cloud than they can in their own data centres. Finally, we will provide lessons and best practices on how you can use AWS to improve the security posture of your organisation.
Speaker: Rodney Haywood, Manager Solutions Architecture, Amazon Web Services
Featured Customer - Xero
Configuration Management in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
In order for your application to operate in a predictable manner in both your test and production environments, you must vigilantly maintain the configuration of your resources. By leveraging configuration management solutions, Dev and Ops engineers can define the state of their resources across their entire lifecycle. In this session, you will learn how to use AWS OpsWorks, AWS CodeDeploy, and AWS CodePipeline to build a reliable and consistent development pipeline that assures your production workloads behave in a predictable manner. Learn More: https://aws.amazon.com/government-education/
Serverless Security Automation | AWS Public Sector Summit 2017Amazon Web Services
To implement security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all accounts. In this session, you will learn how to use AWS CloudFormation and AWS Step Functions to execute security best practices, such as using AWS CloudTrail, AWS Config, Amazon VPC Flow Logs, and Amazon S3 Access logs in scenarios where you are managing many AWS accounts across an organization. Learn how to store all of these logs in a centralized logging system such as Elasticsearch or Splunk, and set up alerting and drift detection on anomalous or high risk activity. Attend this session and discover ways to use centralized IAM roles and enforce MFA across multiple accounts. https://aws.amazon.com/government-education/
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAmazon Web Services
AWS’ suite of serverless technology has enabled enterprises in Financial Services to move quickly from conception to reality. By leveraging AWS, you can run code without provisioning or managing servers—and you only pay for what you use. In this session, we will walk through how we worked with Broadridge to take their Experience Manager application from design to deployment and provide details around how numerous AWS services were leveraged, including Cognito, Lambda, S3, DynamoDB, and SES. We will also dive into how the use of serverless technology can enable developers to move quickly, while improving security postures, minimizing management, and simplifying operations.
Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, automation and repeatability. Plan authentication and authorization, various hybrid scenarios with other cloud environment and on premise solutions/infrastructure. Learn about common architecture patterns for Active Directory and business productivity solutions like SharePoint, Exchange and Skype for Business, also common scenarios for SQL deployments and System Center.
Currently, a breadth of AWS training opportunities are available worldwide, both led by AWS and through community-driven training platforms. In this session, community leaders sort through the different training resources, discuss the resources they used to help them become AWS experts, and explain how different training solutions can complement one another.
Chris Munns takes us on a journey to Innovation. He presents AWS' latest and greatest announcements with a particular focus on Serverless - Amazon Lambda, and Automation - AWS Step Functions. Presented in Montreal at the AWS Innovate event.
Businesses are utlising their digital assets more than ever to engage, acquire and nurture their customers. This session dives into how you can leverage the AWS platform for your Digital assets. Topics include scalability, mobility, and getting closer to your customers through continuous innovation and latency optimisation.
Business session
Speaker: Ralf Capel, Account Manager, Amazon Web Services & Jan Haak, Solutions Architect, Amazon Web Services
Featured Customer - The Iconic
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Amazon Web Services
Amazon Web Services provides JPL with a vast array of capabilities to store, process, and analyze mission data. JPLers were early to adopt AWS services to build complex solutions, but quickly grew to over 50 AWS accounts, 80 IAM users, and hundreds of resources. To deal with this complexity, a team of engineers inside JPL's Office of the CIO developed a cloud governance model. The true challenge was implementing it on existing deployments. Learn about their model and how they overcame the challenges.
Have you prepared your AWS environment for detecting and managing security-related events? Do you have all the incident response training and tools you need to rapidly respond to, recover from, and determine the root cause of security events in the cloud? Even if you have a team of incident response rock stars with an arsenal of automated data acquisition and computer forensics capabilities, there is likely a thing or two you will learn from several step-by-step demonstrations of wrangling various potential security events within an AWS environment, from detection to response to recovery to investigating root cause. At a minimum, show up to find out who to call and what to expect when you need assistance with applying your existing, already awesome incident response runbook to your AWS environment.
(BAC202) Introducing AWS Solutions for Backup and Archiving | AWS re:Invent 2014Amazon Web Services
Learn how to use the variety of AWS storage services and features to deploy backup and archiving solutions that are low cost and easy to deploy, manage and maintain. The session will present reference architectures, best practices and use cases based on AWS services including Amazon S3, Glacier and Storage Gateway. Special topics will include how to move your data securely into the AWS cloud, how to retrieve and restore your data, and how to backup on-premises data to the cloud using Amazon Storage gateway and other third party storage gateways.
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014Amazon Web Services
Navigating Payment Card Industry (PCI) compliance on AWS can be easier than in a traditional data center. This session discusses how PaymentSpring implemented a PCI level-1 certified payment gateway running entirely on AWS. PaymentSpring will talk about how they designed the system to make PCI validation easier, what AWS provided, and what additional tools PaymentSpring added. Along the way, they'll cover some things they did to reduce costs and increase the overall security of the system.
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS r...Amazon Web Services
AWS Config is a new cross-resource service that allows you to discover new resources, how they're configured, and how these configurations changed over time. The service defines and captures relationships an dependencies between resources, helping you determine if a change to one resource affects other resources.
(SEC314) Customer Perspectives on Implementing Security Controls with AWS | A...Amazon Web Services
Security postures in the cloud can take different forms, depending upon your specific business and IT requirements. Hear from customer panelists representing the energy industry, IT services, and government about how they have successfully delivered projects on AWS using Trend Micro solutions, while meeting or exceeding their security requirements. Focus is on the practical considerations and options for improving your overall IT security posture with the AWS shared responsibility security model. Sponsored by Trend Micro.
(SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014Amazon Web Services
Learn how to increase the effectiveness of your security operations as you move to the cloud. This session for architects and IT administrators covers considerations for optimizing your incident response, monitoring, and audit response tactics to take advantage of built-in capabilities in AWS. This session provides practical advice you can apply today, pulled from industry research, direct experience helping customers migrate to the cloud, and from the speaker's own hard-earned lessons. Sponsored by Trend Micro.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS re:Invent 2016: Lessons from a Chief Security Officer: Achieving Continuo...Amazon Web Services
Does meeting stringent compliance requirements keep you up at night? Do you worry about having the right audit trails in place as proof?
Cengage Learning’s Chief Security Officer, Robert Hotaling, shares his organization’s journey to AWS, and how they enabled continuous compliance for their dynamic environment with automation. When Cengage shifted from publishing to digital education and online learning, they needed a secure elastic infrastructure for their data intensive and cyclical business, and workload layer security tools that would help them meet compliance requirements (e.g., PCI).
In this session, you will learn why building security in from the beginning saves you time (and painful retrofits) later, how to gather and retain audit evidence for instances that are only up for minutes or hours, and how Cengage used Trend Micro Deep Security to meet many compliance requirements and ensured instances were instantly protected as they came online in a hybrid cloud architecture. Session sponsored by Trend Micro, Inc.
AWS Competency Partner
Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, vice president and chief information officer for AWS, shares his insights into cloud security and how AWS meets our customers' demanding security and compliance requirements, and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
This session demonstrates 5 different security and compliance validation actions that you can perform using Amazon CloudWatch Events and AWS Config rules. This session focuses on the actual code for the various controls, actions, and remediation features, and how to use various AWS services and features to build them. The demos in this session include CIS Amazon Web Services Foundations validation; host-based AWS Config rules validation using AWS Lambda, SSH, and VPC-E; automatic creation and assigning of MFA tokens when new users are created; and automatic instance isolation based on SSH logons or VPC Flow Logs deny logs. This session focuses on code and live demos.
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
As attackers become more sophisticated, web application developers need to constantly update their security configurations. Static firewall rules are no longer good enough. Developers need a way to deploy automated security that can learn from the application behavior and identify bad traffic patterns to detect bad bots or bad actors on the Internet. This session showcases some of the real-world customer use cases that use machine learning and AWS WAF (a web application firewall) with automated incident response and machine learning to automatically identify bad actors. We also present tutorials and code samples that show how customers can analyze traffic patterns and deploy new AWS WAF rules on the fly.
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
You've employed the practices outlined for incident detection, but what do you do when you detect an incident in the cloud? This session walks you through a hypothetical incident response on AWS. Learn to leverage the unique capabilities of the AWS environment when you respond to an incident, which in many ways is similar to how you respond to incidents in your own infrastructure. This session also covers specific environment recovery steps available on AWS.
AWS re:Invent 2016: Automating Security Event Response, from Idea to Code to ...Amazon Web Services
With security-relevant services such as AWS Config, VPC Flow Logs, Amazon CloudWatch Events, and AWS Lambda, you now have the ability to programmatically wrangle security events that may occur within your AWS environment, including prevention, detection, response, and remediation. This session covers the process of automating security event response with various AWS building blocks, taking several ideas from drawing board to code, and gaining confidence in your coverage by proactively testing security monitoring and response effectiveness before anyone else does.
AWS re:Invent 2016: How AWS Automates Internal Compliance at Massive Scale us...Amazon Web Services
Is your IT environment getting bigger and more complex than your compliance team can handle? Get a peek under the hood of how the AWS Compliance team manages and automates security assurance and compliance in the AWS environment. We’ll tell you what we’re doing to automate controls, match up huge data sets to validate compliance, how we perform game day simulations of entire region outages, and how we manage our ever-present external audits. With each example, we’ll give you some ideas on how to use AWS services to manage the security and compliance of your AWS and on-prem environments. In this session, Chad Woolf, Director of Risk and Compliance for AWS, and Sara Duffer, Director of Security Assurance Automation discusses how the AWS Compliance team uses AWS services like Amazon Inspector, Amazon CloudWatch Logs, AWS CloudTrail, and AWS Config to manage risk, compliance, and audit in the massive scale of the AWS IT environment.
AWS re:Invent 2016: Monitoring, Hold the Infrastructure: Getting the Most fro...Amazon Web Services
Just as we got a hang of monitoring our server-based applications, they take away the server. How do you monitor something that doesn’t exist? Which metrics matter most in a serverless world? In this session, we will look at how applications are different in an AWS Lambda-based world and how to monitor them. Join us as we work our way through the stack and demonstrate how to capture the health and performance of your services.
The focus of this session is not tool-specific. Attendees will learn production-tested lessons and leave with frameworks they can implement with their serverless workloads, no matter which platforms and tools they use. This session sponsored by Datadog.
AWS Competency Partner
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often.
Automated Compliance and Governance with AWS Config and AWS CloudTrailAmazon Web Services
As your cloud operations evolve, complexity of governance, compliance, and risk auditing of your AWS account increases. With AWS Config you can automate your controls and compliance efforts so that they scale with your cloud footprint. You can proactively audit your AWS resources, assess changes in configurations, and leverage visual dashboard to check your overall compliance status. In this session, we will help you use AWS Config and other AWS Management Tools to automate configuration governance so that compliance is embedded in the development process.
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place, runbook updates specific to AWS, and we show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
SIEM in the AWS Cloud
An overview of Security Incident & Event Managment tools in AWS. How to integrate AWS' core security services such as IAM, Cloudtrail, Config, CloudWatch/Logs and the new VPC Flow Logs into a SIEM solution.
As the number of developers and size of your infrastructure on AWS grows, timely investments in self-service and monitoring can help you scale operations without being the bottleneck. You can standardize infrastructure configurations for commonly used products to enable your customers to self-serve infrastructure needs for their apps. Once these resources are provisioned, you can easily understand how they are connected to administer them effectively, and monitor changes to configurations and evaluate drift. In this session, we will discuss how you can achieve a sophisticated level of standardization, configuration compliance, and monitoring using a combination of AWS Service Catalog, AWS Config, and AWS CloudTrail.
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...Brian Andrzejewski
AWS CloudTrail helps you discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. In this session, you learn about the AWS CloudTrail service and its value for security operations. The session dives deep into sources of data enrichment and reviews how to leverage AWS CloudTrail as part of your security operations and incident response procedures.
YouTube: https://www.youtube.com/watch?v=Tr78kq-Oa70
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place and runbook updates specific to AWS. We also show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
If your business runs entirely on AWS, your AWS account is one of your most critical assets. Just as you might run an intrusion detection system in your on-premises network, you should monitor activity in your AWS account to detect abnormal behavior. This session walks you through leveraging unique capabilities in AWS that you can use to detect and respond to changes in your environment.
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
An organisation’s security controls are defined in part as a result of a need to comply with external industry regulatory requirements, and in part as a result of the organisation’s own risk appetite and culture. In this session we discuss our recommendations for producing a highly-secure AWS baseline environment, comprising multiple AWS accounts to enforce separation of duty, and each configured with a set of base controls for implementing access control, log capture and aggregation, and attack mitigation. We then map common sets of security controls to this architecture, and show how such an architecture can meet the requirements of various external standards.
SEC303 Automating Security in cloud Workloads with DevSecOpsAmazon Web Services
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
AWS Security in Your Sleep: Build End-to-End Automation for IR Workflows (SEC...Amazon Web Services
In previous years, we introduced and explored AWS-oriented intrusion detection and incident response. We also presented a variety of related idea-to-code demonstrations, from automating penetration testing using IoT buttons to force-multiplying your security team with Alexa. We are back with new tips, tricks, and demos that you will love, of course, but this time, you will learn about turning off your pager and getting a full night's sleep while the machines do all your incident response work.
Put detective controls in place to have visibility into your deployments. In this session, you will learn about deployment visibility at the AWS platform, application, operating system, and network levels, aas well as how to build monitoring solutions at scale to leverage AWS services that turn logging data into security insight.
Speaker: Jesse Fuchs - Sr. Solutions Architect, AWS
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)Amazon Web Services
AWS CloudTrail, Amazon CloudWatch Events, AWS Identity & Access Management (IAM), Trusted Advisor, AWS Config Rules, other services? In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs. We will showcase real-life examples and you can take home a blog post with code examples and the full source code for scripts and tooling that AWS professional services have built using these services.
AWS Security Week: CAF Detective Controls - Gain Visibility & Record ChangeAmazon Web Services
AWS Security Week at the San Francisco Loft: CAF Detective Controls - Gain Visibility & Record Change
Presenter: Reef D’Souza - Security Consultant, AWS Professional Services
by Jeff Puchalski, Application Security Engineer, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass.
Similar to Enforcing Your Security Policy at Scale - Technical 301 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
2. What to Expect from This Session?
• Iteration of previous re:Invent talks
• Concrete Examples of Potential Events and How you
can Handle them Manually
• Ideas for Increasing Security Agility through Automation
• Specific AWS Mechanisms to Leverage, Code
• New Services and Features for Security Geeks
3. Previous Talks
YouTube search for…
• “Intrusion Detection in the Cloud” … 2014
• “Incident Response (IR) in the Cloud” … 2014
• “Wrangling Security Events in The Cloud” … 2015
Quick! Take a picture!
FYI – “Enforcing Your Security Policy at Scale” Session
4. “Intrusion Detection in the Cloud” …
• AWS-Specific Areas to Monitor for Security-Concerning
events
• Prerequisites
• Key Concepts, such as Security Role, Write-once Storage
• Key services to Leverage, Events and Behaviors to look for
• Example detection of Key Configuration changes,
Resource usage Anomalies
• YouTube search “Intrusion Detection in the Cloud”
5. “Incident Response (IR) in the Cloud” …
• Ensuring your existing IR Process considers AWS
• More Prerequisites
• Mechanisms for Mitigation and Investigation
• Tactics specific to AWS IR, such as Constraining Exposed
AWS Credentials
• Tactics analogous to traditional IR, modified for AWS, such as
Amazon EC2 instance memory dumping, analysis
• YouTube search “Incident Response in the Cloud”
6. “Wrangling Security Events in The Cloud” …
• Types of Security Events to be wary of and Prepared for
• Absent Protection, knowing how to Detect -> Recover
• Where to Gather supporting data to Investigate -> Protect
• Step by step manual Security Event Recovery
• Services, features, code for AUTOMATED recovery
• YouTube search “Wrangling Security Events in The Cloud”
• Here is an Encore with some Updates …
8. AWS = Agility for Security Geeks
• Ability to Programmatically Inventory Environment —
knowing what you need to protect is key
• Awareness of what’s Happening, what’s Changing, from
AWS API activity to Application Behavior
• Detection and Alerting Mechanisms, freedom to Create
and Flexibility to Configure and tune what’s appropriate
for YOU
• Analysis and Response, via the same platform, natively
or with AWS Partner Solutions
9. Example Events of Concern, Signatures
• Configuration changes that Impact Ability to Detect or
Understand Events
• Activities that are Inconsistent with Expectations
• Activities that Violate Policy
• Resources no longer Available
• Resources more Available than Desired
• Event Detection Signatures! = Commercial Product, and
may require careful thought vs. Operations to Develop
10. AWS CloudTrail
• Records AWS API calls for your account and Delivers
log files to you.
• Turn it ON!
http://docs.aws.amazon.com/awscloudtrail/latest/usergui
de/cloudtrail-user-guide.html
11.
12.
13.
14.
15. CloudTrail Events
• A record in JSON format that contains information about
requests for resources in your account.
• Describes which service was accessed, what action was
performed, and any parameters for the action.
• Helps you determine who made the request.
• The event data is enclosed in a Records array.
http://docs.aws.amazon.com/awscloudtrail/latest/usergui
de/send-cloudtrail-events-to-cloudwatch-logs.html
21. Amazon CloudWatch Logs
• Monitor, store, and access your log files from Amazon
EC2 instances, AWS CloudTrail, or other sources.
• Enable in the AWS Management Console, CLI, or via
AWS CloudFormation.
• Monitor and alarm for specific phrases, values, or
patterns.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/
DeveloperGuide/WhatIsCloudWatchLogs.html
22.
23.
24.
25.
26. CloudTrail -> CloudWatch Alarms
• Downloadable and editable example CloudFormation template from
AWS
• Contains predefined CloudWatch metric filters and alarms that
enable you to receive email notifications when certain security-
related API calls are made in your AWS account
• Amazon S3 bucket events, network events, Amazon EC2 events,
AWS CloudTrail, and AWS Identity and Access Management (IAM)
events
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/use-
cloudformation-template-to-create-cloudwatch-alarms.html
31. CloudTrail OFF Event – Protect
Deny Permissions for CloudTrail in IAM Groups or Roles
{
"Sid": "Stmt0001",
"Effect": "Deny",
"Action": [
"cloudtrail:DeleteTrail",
"cloudtrail:StopLogging"
],
"Resource": [
"*"
]
}
32. CloudTrail OFF – Automated Recovery
• We know how to detect CloudTrail OFF.
• We know we don’t want it OFF. Ever.
• We know that the immediate response to learning that
CloudTrail is OFF is to turn it back ON. Always.
• Shouldn’t we be able to automate doing that?
• If only there was “Do Something aaS” ...
33. Let’s use AWS Lambda!
• Runs your code in response to events
• Python, Node.js, Java
• Automatically manages compute resources for you
• Create new back-end services where compute
resources are automatically triggered based on custom
requests.
• You can read CloudTrail events with AWS Lambda
http://docs.aws.amazon.com/lambda/latest/dg/welcome.html
34. Automate Incident Response?
• Most, if not all, of the pieces to automate IR exist in AWS
• Automated IR = Even greater security agility
• Detect -> Protect programmatically
• Lambda-fy your IR!
35. CloudWatch Events – NEW TO SYDNEY!!
• Amazon CloudWatch Events delivers a near real-time
stream of system events that describe AWS resource
changes to a target (such as AWS Lambda)
• Using simple rules that you can quickly set up, you can
match events and route them to one or more target
functions or streams
36. CloudWatch Events – Components
• Events
• EC2 state change (such as AutoScaling launch or terminate)
• CloudTrail read/write API calls & Management Console logins
• Your own code can publish application-level events
• Scheduled basis (periodic or cron-style scheduling)
• Rules
• Match incoming events and route them to one or more targets
for processing
• Targets
• Are specified in rules and receive matching events
50. Automated Incident Response Diagram
AWS
CloudTrail
Amazon
CloudWatch
Events
AWS
Lambda
Amazon
Simple
Notification
Service
AWS API
Endpoints
Your Staff Amazon S3
Bucket
Your Security
Team
AWS IAM
Role
AWS API
Your SaaS
Tools
51. AWS Config
• AWS resource inventory, configuration history, and
configuration change notifications
• Discover existing AWS resources
• Export inventory of your AWS resources with all configuration
details
• Determine how a resource was configured at any point in
time
• Security geeks should LOVE it!
http://aws.amazon.com/documentation/config/
52.
53.
54.
55.
56.
57.
58.
59.
60. Open Security Group Event – Detect
• Subscribe to AWS Config notification topic.
• Filter notifications for creation of security groups that
might be concerning. You could look for the following,
individually or combined:
• “SecurityGroup” and “Created” within subject
• changeType : “CREATE” within body
• resourceType: "AWS::EC2::SecurityGroup” within body
63. Open Security Group Event – Recover
• If responding soon enough to the creation of a new
security group and no instances, simply delete the
security group.
• Otherwise, assign running instances to another security
group, and then delete the offending security group.
• You can’t delete a default security group, but you can
change its rules back to something sane, including no
rules.
64.
65.
66.
67. Delete Open Security Group – AWS CLI
aws ec2 delete-security-group --no-dry-run --group-id sg-d3bda2b4
68. Open Security Group Event – Investigate
• Revisit the AWS Config change notification.
• Note time, action, and security group ID to correlate to
principal and source IP of EC2 API call via AWS
CloudTrail.
• If possible, engage principal to understand intent or
determine if unexplained, such as by external actor and
potentially malicious.
69. Open Security Group Event – Protect
• Appropriately constrain or deactivate associated
credentials as warranted.
• Security group changes, particularly within production,
should not be a frequent event, so maintain high
vigilance.
70. Lambda – Automated Open Security Group Delete
var snsMsgString = JSON.stringify(event.Records[0].Sns.Message);
var snsMsgObject = getSNSMessageObject(snsMsgString);
if (snsMsgObject.configurationItemDiff.changeType == 'CREATE' &&
snsMsgObject.configurationItem.resourceType == 'AWS::EC2::SecurityGroup' &&
snsMsgObject.configurationItem.configuration.ipPermissions[0].ipProtocol == '-1' &&
snsMsgObject.configurationItem.configuration.ipPermissions[0].ipRanges == '0.0.0.0/0')
{
var params = {
DryRun: false,
GroupId: snsMsgObject.configurationItem.resourceId,
};
ec2.deleteSecurityGroup(params, function(err, data) {
context.succeed(snsMsgObject);
});
}
78. AWS Config Rules Community Repository
Visit https://github.com/awslabs/aws-config-rules
79.
80. VPC Flow Logs
• Choose to collect for VPC, VPC subnet, or Elastic
Network Interface (ENI)
• SRC and DST IP addresses, ports, IANA protocol
number, packet and byte counts, time of flow, action
(ACCEPT or REJECT).
• Create metrics to ID trends and patterns
• Create alarms that will fire if certain types of traffic are
detected!
81. Leverage VPC Flow Logs for Event Detection!
• Reviewing your application’s NORMAL flows may enable
you to constrain security groups further
• Once constrained, pay particular attention to REJECT
based on egress traffic
• Home in on certain hosts, eg. infrequently used jump
hosts, pay attention to ACCEPT even
• Key AWS partners speak VPC Flow Logs!
82. Security Event Response … Practice makes perfect!
• IR Game Day…YAY!
• Humans practicing exercising good judgment under pressure
• Tabletop First…yay?
• Humans talking about exercising good judgment
• YouTube search “Harden Your Architecture with Security
Incident Response Simulations”
• Push-button testing / recovery?
83.
84.
85.
86. Buy an IoT Starter Kit
Intel® Edison and Grove IoT Starter Kit Powered by AWS
90. AWS Security Best Practices Whitepaper
• Help for designing security infrastructure and
configuration of your AWS environment
• High-level guidance for:
• Managing accounts, users, groups, and roles
• Managing OS-level access to instances
• Securing your data, OS, apps, and infrastructure
• Managing security monitoring, auditing, alerting, and incident
response
https://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
91.
92. External Resources – Reading, Training
• SANS Reading Room, Incident Response
http://www.sans.org/reading-room/whitepapers/incident
• FIRST
http://www.first.org/resources/guides
• CERT, Incident Management
http://www.cert.org/incident-management/publications/
95. AWS Support for Security Concerns
• AWS Support is the one-stop shop for AWS customers,
for any concerns, including security related.
• If AWS Support cannot immediately address your
concerns, they will escalate internally to the appropriate
technical team, AWS Security included.
https://aws.amazon.com/support
96. AWS Security Resources
• AWS Security Blog
http://blogs.aws.amazon.com/security/
• AWS Security Center
https://aws.amazon.com/security
• Contact the AWS security team
aws-security@amazon.com
97. Summary
• Security Agility with AWS
• Threat vs. policy-driven concerns, enumerate, create
signatures, detection mechanisms
• Automate IR where you can … with buttons, even?
• TWO ways to get more practice, but you only get to
choose ONE
• Enforce your security policy AT SCALE.
• We (AWS and our technology partners) are here to help!
98. AWS Training & Certification
Intro Videos & Labs
Free videos and labs to
help you learn to work
with 30+ AWS services
– in minutes!
Training Classes
In-person and online
courses to build
technical skills –
taught by accredited
AWS instructors
Online Labs
Practice working with
AWS services in live
environment –
Learn how related
services work
together
AWS Certification
Validate technical
skills and expertise –
identify qualified IT
talent or show you
are AWS cloud ready
Learn more: aws.amazon.com/training
99. Your Training Next Steps:
ü Visit the AWS Training & Certification pod to discuss your
training plan & AWS Summit training offer
ü Register & attend AWS instructor led training
ü Get Certified
AWS Certified? Visit the AWS Summit Certification Lounge to pick up your swag
Learn more: aws.amazon.com/training