Learning Objectives:
- Learn about requirements for AWS Firewall Manager, like AWS Organizations
- Learn how to keep new Web applications in compliance across the org from day one
- Learn how Firewall Manager supports your custom WAF rules as well as Managed Rules for AWS WAF
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
This document provides an overview of AWS networking fundamentals including VPC concepts such as IP addressing, subnets, routing, security groups, and connecting VPCs. It discusses choosing IP address ranges and creating subnets across availability zones. It also covers routing and traffic flow, DNS options, network security using security groups and network ACLs, and VPC flow logs. Methods for connecting VPCs like VPC peering, Transit Gateway, VPN connections, and Direct Connect are also summarized.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a threat detection service that monitors AWS accounts and the applications within them for malicious or unauthorized behavior. It uses machine learning, threat intelligence feeds, and other techniques to detect both known and unknown threats. GuardDuty analyzes AWS CloudTrail logs, VPC flow logs, and DNS logs to generate detailed findings on issues like reconnaissance, unauthorized access, and crypto-currency mining. It also integrates with other AWS services like Lambda and CloudWatch Events.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
In this session, we will introduce you to the new AWS WAF service. We will show you how to use the service to block Amazon CloudFront requests that originate from IP addresses that you specify and block requests based on request content, such as header values or SQL queries. We will walk you through working code samples that automate security operations and demonstrate the flexibility of AWS WAF web ACLs.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
This document provides an overview of AWS networking fundamentals including VPC concepts such as IP addressing, subnets, routing, security groups, and connecting VPCs. It discusses choosing IP address ranges and creating subnets across availability zones. It also covers routing and traffic flow, DNS options, network security using security groups and network ACLs, and VPC flow logs. Methods for connecting VPCs like VPC peering, Transit Gateway, VPN connections, and Direct Connect are also summarized.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a threat detection service that monitors AWS accounts and the applications within them for malicious or unauthorized behavior. It uses machine learning, threat intelligence feeds, and other techniques to detect both known and unknown threats. GuardDuty analyzes AWS CloudTrail logs, VPC flow logs, and DNS logs to generate detailed findings on issues like reconnaissance, unauthorized access, and crypto-currency mining. It also integrates with other AWS services like Lambda and CloudWatch Events.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
In this session, we will introduce you to the new AWS WAF service. We will show you how to use the service to block Amazon CloudFront requests that originate from IP addresses that you specify and block requests based on request content, such as header values or SQL queries. We will walk you through working code samples that automate security operations and demonstrate the flexibility of AWS WAF web ACLs.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
This document discusses how AWS Control Tower can be used to govern multi-account AWS environments at scale. It provides an overview of AWS Control Tower's key capabilities including automated setup of a landing zone with best practice blueprints and guardrails, account factory for provisioning accounts, centralized identity and access management, and built-in monitoring and notifications. Examples are also given of how AWS Control Tower can be used to implement common multi-account architectures and operational models.
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
This document discusses using Amazon CloudFront, AWS WAF, and AWS Lambda to protect web applications. AWS WAF provides firewall protection at CloudFront edge locations and can block exploits, abuse, and application DDoS attacks. CloudFront works with AWS WAF to filter legitimate traffic from attacks like SQL injection, cross-site scripting, and others. AWS Lambda can be used to automate security by integrating IP reputation lists and detecting HTTP floods and scans/probes. Resources are provided for webinars and tutorials on configuring AWS WAF and AWS Lambda for automatic protection of web applications.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
In this session, you will learn about Amazon Macie, a new visibility security service that helps you classify and secure your sensitive and business-critical content. Macie uses machine learning to automatically discover, classify, and protect sensitive data in the AWS Cloud, and it recognizes sensitive data such as personally identifiable information (PII) and intellectual property. You also will learn about the available types of alerts (basic and predictive) and demonstrate how you can use Amazon CloudWatch Events, AWS Lambda, and Amazon SNS topics to automate remediation actions to unauthorized access and inadvertent data leaks.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
This document provides an introduction to the AWS Well-Architected Framework, which consists of five pillars - security, reliability, performance efficiency, cost optimization, and operational excellence. It discusses the recent addition of the operational excellence pillar and updates to the reliability pillar. It also covers new architecture type overlays and available resources like whitepapers, online training, and reference architectures. The session is intended for architects, developers, managers, and IT professionals interested in cloud architecture best practices.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- How to safely generate a number of Amazon GuardDuty findings
- How to analyze Amazon GuardDuty findings
- How to think about remediation of threats
Building a Development Workflow for Serverless Applications - March 2017 AWS ...Amazon Web Services
Building, testing, and deploying AWS Lambda-based, serverless applications introduces new challenges to developers whose development workflows are optimized for traditional VM-based applications. In this webinar, we will introduce one method for automating the deployment of serverless applications running on AWS Lambda. We will first cover how you can model and express serverless applications using the open source AWS Serverless Application Model (AWS SAM). Then, we will discuss how you can use CI/CD tooling from AWS CodePipeline and AWS CodeBuild to build an automated development workflow for your serverless app.
Learning Objectives:
1. Understand the fundamentals of the microservices architectural approach
2. Learn best practices for designing microservices on AWS
3. Learn the basics of Amazon EC2 Container Service, Amazon API Gateway, AWS Lambda, and AWS X-Ray"
The document provides an overview of Amazon Web Services (AWS) including its global infrastructure, key services, and security practices. It discusses AWS' 13+ years of experience and 165 cloud services. Specific AWS services covered include compute, storage, databases, security, and containers. Pricing and availability of AWS services are also summarized.
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
This document provides an overview of AWS multi-account architecture best practices and strategies for implementing a "landing zone" on AWS. It discusses setting up accounts for master, core services, shared services, development sandboxes, and team/group environments. The document then outlines steps for implementing a landing zone using the AWS Landing Zone solution, including setting up accounts for shared services, log archives, security and establishing baselines across team accounts.
This document provides an overview and agenda for an AWS Systems Manager November 2020 meetup. It discusses the key capabilities of AWS Systems Manager including SSM documents, managed instances, resource groups, RUN commands, hybrid activations, patch manager, inventory, session manager, automation, parameter store, distributor, and OpsCenter/Explorer. It also includes demonstrations of creating RUN commands, hybrid activations, patching processes, state manager associations, and installing software using distributor.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
This document discusses how AWS Control Tower can be used to govern multi-account AWS environments at scale. It provides an overview of AWS Control Tower's key capabilities including automated setup of a landing zone with best practice blueprints and guardrails, account factory for provisioning accounts, centralized identity and access management, and built-in monitoring and notifications. Examples are also given of how AWS Control Tower can be used to implement common multi-account architectures and operational models.
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
This document discusses using Amazon CloudFront, AWS WAF, and AWS Lambda to protect web applications. AWS WAF provides firewall protection at CloudFront edge locations and can block exploits, abuse, and application DDoS attacks. CloudFront works with AWS WAF to filter legitimate traffic from attacks like SQL injection, cross-site scripting, and others. AWS Lambda can be used to automate security by integrating IP reputation lists and detecting HTTP floods and scans/probes. Resources are provided for webinars and tutorials on configuring AWS WAF and AWS Lambda for automatic protection of web applications.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
In this session, you will learn about Amazon Macie, a new visibility security service that helps you classify and secure your sensitive and business-critical content. Macie uses machine learning to automatically discover, classify, and protect sensitive data in the AWS Cloud, and it recognizes sensitive data such as personally identifiable information (PII) and intellectual property. You also will learn about the available types of alerts (basic and predictive) and demonstrate how you can use Amazon CloudWatch Events, AWS Lambda, and Amazon SNS topics to automate remediation actions to unauthorized access and inadvertent data leaks.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
This document provides an introduction to the AWS Well-Architected Framework, which consists of five pillars - security, reliability, performance efficiency, cost optimization, and operational excellence. It discusses the recent addition of the operational excellence pillar and updates to the reliability pillar. It also covers new architecture type overlays and available resources like whitepapers, online training, and reference architectures. The session is intended for architects, developers, managers, and IT professionals interested in cloud architecture best practices.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- How to safely generate a number of Amazon GuardDuty findings
- How to analyze Amazon GuardDuty findings
- How to think about remediation of threats
Building a Development Workflow for Serverless Applications - March 2017 AWS ...Amazon Web Services
Building, testing, and deploying AWS Lambda-based, serverless applications introduces new challenges to developers whose development workflows are optimized for traditional VM-based applications. In this webinar, we will introduce one method for automating the deployment of serverless applications running on AWS Lambda. We will first cover how you can model and express serverless applications using the open source AWS Serverless Application Model (AWS SAM). Then, we will discuss how you can use CI/CD tooling from AWS CodePipeline and AWS CodeBuild to build an automated development workflow for your serverless app.
Learning Objectives:
1. Understand the fundamentals of the microservices architectural approach
2. Learn best practices for designing microservices on AWS
3. Learn the basics of Amazon EC2 Container Service, Amazon API Gateway, AWS Lambda, and AWS X-Ray"
The document provides an overview of Amazon Web Services (AWS) including its global infrastructure, key services, and security practices. It discusses AWS' 13+ years of experience and 165 cloud services. Specific AWS services covered include compute, storage, databases, security, and containers. Pricing and availability of AWS services are also summarized.
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
This document provides an overview of AWS multi-account architecture best practices and strategies for implementing a "landing zone" on AWS. It discusses setting up accounts for master, core services, shared services, development sandboxes, and team/group environments. The document then outlines steps for implementing a landing zone using the AWS Landing Zone solution, including setting up accounts for shared services, log archives, security and establishing baselines across team accounts.
This document provides an overview and agenda for an AWS Systems Manager November 2020 meetup. It discusses the key capabilities of AWS Systems Manager including SSM documents, managed instances, resource groups, RUN commands, hybrid activations, patch manager, inventory, session manager, automation, parameter store, distributor, and OpsCenter/Explorer. It also includes demonstrations of creating RUN commands, hybrid activations, patching processes, state manager associations, and installing software using distributor.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days.
In these slides, you’ll learn to use AWS tools to secure your environment and maintain a high bar in cloud security. We'll deep dive into the features of AWS CloudTrail, AWS Guard Duty, AWS Inspector, AWS WAF and Shield, and more. We'll also cover how to keep your credentials safe in the cloud using AWS Secrets Manager.
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyVladimir Simek
This document discusses how to protect web applications from DDoS attacks on AWS. It covers the types and trends of DDoS threats, best practices for web architecture, and AWS security services like AWS Shield, AWS WAF, and Firewall Manager that provide built-in and customizable DDoS mitigation. It also includes a demo and discusses pricing models for AWS DDoS protection services.
After AWS IAM and detective controls, the afternoon at AWS Security Week turns to infrastructure security, which means tuning AWS service configurations, AMI composition, and hardening other digital assets that will be deployed. You will learn how to define networking architecture (VPCs, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows; and how to determine vulnerability management and operational maintenance cadence.
Speaker: Mike Wasielewski - Sr. Solutions Architect, AWS
The document discusses various AWS security services including Identity and Access Management (IAM) for authorization, VPCs for network security, CloudTrail for auditing API calls, GuardDuty for threat detection, WAF for web application firewall, Shield for DDoS protection, Inspector for security assessments, and Secrets Manager for secrets management. It provides overviews and examples of how to configure and use these services to help secure workloads running on AWS.
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days. There will be code giveaways and more!
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
The document discusses operational excellence for identity and access management using an AWS Landing Zone solution, which automates the setup of new AWS multi-account environments based on best practices and recommendations and provides initial security, governance, and shared service controls. It describes the components of the AWS Landing Zone including AWS Organizations, AWS Config, and IAM and how labs can be used to demonstrate creating guardrails, applying governance, and handling drift across accounts to meet security and operational goals.
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
This is a practical demo-driven session where you will learn about the best practice to protect applications on AWS. We will give an overview of the threats on AWS, discuss why perimeter defense helps with these threats, and discuss some key techniques that use services such as Amazon CloudFront, Route 53, and WAF to protect your web applications. Lastly, you will learn about the best practices to protect different types of applications - Web/APIs, TCP-based, or Gaming.
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
The document discusses National Australia Bank's cloud security strategy and journey in adopting AWS security best practices. It outlines NAB's objectives to extend existing security services to the cloud and implement integrated and secure-by-default solutions with continuous security governance. The document also discusses AWS security frameworks like the Cloud Adoption Framework and Well-Architected Framework to help organizations define security strategies and implement best practices for identity and access management, infrastructure security, data protection, and incident response.
Artificial Intelligence (AI) is transforming the world around us. At Amazon.com, we use Artificial Intelligence to improve customer experience, grow its business and optimize its operations. In this session, two local startups will share about their journey on building an AI company and their vision on how their technology is going to disrupt the world.
This document discusses best practices for securing customer data on AWS from day one. It recommends implementing security by design principles such as establishing a strong identity foundation with IAM, enabling traceability with detective controls like logging and monitoring, applying security at all layers with a defense-in-depth approach, automating security best practices through tools like CloudFormation, protecting data in transit and at rest using encryption, and preparing for security events with an incident response plan.
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: operating systems, services and applications control responsibilities, the automation of security baselines, the configuration of security, and the auditing of controls for AWS customer infrastructure. You'll learn key principles of how to build a secure organization and protect your customers' data. Don't wait until your first security incident before putting these best practices in place.
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfAmazon Web Services
The document discusses security best practices for protecting customer data on AWS from day one, including implementing a strong identity foundation with IAM, applying security at all layers of the infrastructure, automating security best practices, encrypting data at rest and in transit, and preparing for security events with an incident response plan.
This document discusses best practices for securing customer data on AWS from day one, including implementing strong identity and access management, enabling traceability, applying security at all layers, automating security best practices, protecting data in transit and at rest, and preparing for security events. It provides guidance on setting up authentication and authorization controls with IAM, implementing detective controls with logging and monitoring tools, applying defense-in-depth with network and host security configurations, automating security configurations with tools like CloudFormation, encrypting data at rest and in transit, and planning incident response procedures.
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
AWS CloudFormation enables software and DevOps engineers to harness the power of infrastructure as code. As organizations automate the modeling and provisioning of applications and workloads with AWS CloudFormation repeatable processes and reliable deployments become more critical. This session guides you through various techniques to improve your infrastructure automation including protecting your AWS resources and stacks with safety guardrails while monitoring infrastructure changes. In addition, we will cover efficient ways to provide resources across accounts and regions as show you how to test and improve the reliability of your deployments.
Similar to Introducing AWS Firewall Manager - AWS Online Tech Talks (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.