by Nathan Case, Sr. Consultant, AWS
Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.
4. Questions you will need to answer
• What is my expressed security objective in words?
• Is this configuration or behavior related?
• What data, where, could help inform me?
• Do I have requisite ownership or visibility?
• What are my performance requirements?
• What mechanisms support the above?
• What is my expressed security objective in code?
30. Introducing Amazon EC2 Systems Manager
A set of capabilities that enable automated configuration and
ongoing management of systems at scale, across all your Windows
and Linux workloads, running in Amazon EC2 or on-premises
31. Systems Manager Capabilities
Run Command Maintenance
Windows
Inventory
State Manager Parameter Store
Patch Manager
Automation
Configuration,
Administration
Update and
Track
Shared
Capabilities
32. Automation
EC2 Systems Manager
• Simplified automation solution
• Perfect for AMI updates, instance deployment & config
• Pro-active event notifications
• AWS optimized (EC2 Run Command, AWS Lambda,
AWS CloudTrail, IAM, and Amazon CloudWatch
integrations)
33. Automation – Getting Started
1. Create an
automation
document
2. Run automation 3. Monitor your
automation
34. Automate Using Extensible Framework
• Generic framework to convert
manual and repetitive tasks into
automated steps
• Use predefined automation tasks
or create custom automation
• Safely perform management
operations at scale using
delegated administration
Automation document
Run the automation
Role and permissioninput
37. Go forth and respond!
• Understand what normal looks like
• Express your security objectives in a clear way
• Know where to find the right information
• Have a plan
• Practice