SlideShare a Scribd company logo

Managed Threat Detection & Response for AWS Applications

Alert Logic
Alert Logic

Managed Threat Detection & Response for AWS Applications

Technology
1 of 15
Download to read offline
Jeremy Breland, Solution Architect, Alert Logic
Alert Logic Security-as-a-Service We deliver our own security software + services in hybrid environments Hosted Data Center with an integrated multi-layer solution to protect enterprise apps & cloud workloads Web application attacks • SQL injection • Cross-site scripting • Other OWASP Top 10 Server & network activity • Brute force • Privilege escalation • Command and control Vulnerabilities across stack • Frameworks, CMSs • Middleware & OS’s • IaaS configurations ASSESS BLOCK DETECT COMPLYSecurity experts included SaaS security services AWS Other Clouds
SECURING YOUR AWS ENVIRONMENT
STORAGE DB NETWORKCOMPUTE Logical network segmentation Perimeter security services External DDoS, spoofing, and scanning prevented Hardened hypervisor System image library Root access for customer Secure coding and best practices Software and virtual patching Configuration management Access management Application-level attack monitoring Understand the Shared Responsibility Model Access management Patch management Configuration hardening Security monitoring Log analysis Network threat detection Security monitoring Configuration best practices CUSTOMER RESPONSIBILITY APPS CLOUD PROVIDER RESPONSIBILITY FOUNDATION SERVICES HOSTS NETWORKS
Remember There Are Multiple Models…
Remember There Are Multiple Models…
Guideline to Risk Modeling Rank the Importance of Your Applications • Is it customer facing? • Does it have access to sensitive or controlled data? • How is the data segregated? Prioritize Remediations • Maintaining inventory of what's running and their use case • Enforcing a well-defined tagging strategy Where To Focus Limited Resources
Best Practices to Securing Your AWS Account • Lock down the root account • Follow least privilege for AWS IAM Users and Roles • Ensure Amazon S3 ACLs and Bucket Policies are properly configured. • Enable a strong password policy and MFA requirement for AWS IAM users. • Enable AWS CloudTrail and AWS Config • Leverage encryption for services that have AWS KMS • Not a one time activity – Continuously monitor for changes.
60 Most Common AWS Configuration Remediations Unencrypted AMI Discovered Unencrypted EBS Volume S3 Logging not Enabled Unrestricted Outbound Access on All Ports User not configured to use MFA User Access Key not configured with Rotation IAM Policies are attached directly to User Dangerous User Privileged Access to S3 Dangerous IAM Role for S3 Dangerous User Privileged Access to RDS Disable Automatic Access Key Creation Dangerous User Privileged Access to DDB Dangerous User Privileged Access to IAM IAM Access Keys Unused for 90 Days ELB Listener Security (2 of 4) ELB Listener Security (1 of 4) Dangerous IAM Role for RDS RDS Encryption is not Enabled Dangerous IAM Role for DDB Unrestricted Inbound Access - Specific Ports 2 Dangerous IAM Role for IAM Unrestricted Inbound Access to SSH Port 22/tcp Unrestricted Inbound Access to HTTP Port 80/tcp Amazon S3 Bucket Permissions (2 of 2) Inactive user account Ensure AWS CloudTrail is Enabled in All Regions ELB Listener Security (4 of 4) Unrestricted Inbound Access Publicly Accessible RDS Database Instance Passwords not set to enforce complexity ACL permissions enabled for Authenticated Users in an S3 Bucket CloudTrail Logging Disabled Passwords not configured to expire Ensure Hardware Multi-Factor Authentication is Enabled for the Root Account Unrestricted Inbound Access to Windows RDP Port 3389/tcp Enable Amazon GuardDuty on AWS Account Unrestricted Inbound Access to PostgreSQL Port 5432/tcp Global View ACL permissions enabled in an S3 Bucket Unrestricted Inbound Access to mySQL Port 3306/tcp Unrestricted Inbound Access to NetBIOS over TCP/IP 137/udp/tcp, 138/udp or 139/udp/tcp Unrestricted Inbound Access to SMTP Port 25/tcp Root account not using MFA Unrestricted Inbound Access to FTP Port 21/tcp Unrestricted Inbound Access to DNS Port 53/tcp Unrestricted Inbound Access to SQLServer Port 1433,1434/tcp Unrestricted Inbound Access to FTP Port 20/tcp Unrestricted Inbound Access to VNC Port 5500,5900/tcp Unrestricted Inbound Access to MSQL Port 4333/tcp Unrestricted Inbound Access to SMTP over TLS/SSL Port 465/tcp Unrestricted Inbound Access to ElasticSearch Port 9300/tcp Unrestricted Inbound Access to CIFS/SMB over TCP 445/tcp Root Account Used Recently Unrestricted Inbound Access to Windows RPC Port 135/tcp Publicly Accessible AMI Discovered Unrestricted Inbound Access to Telnet Port 23/tcp Unencrypted Redshift Cluster Unrestricted Inbound Access to DNS Port 53/udp Publicly Accessible Redshift Cluster Nodes Dangerous use of Root Access Keys Unrestricted Inbound Access to CIFS/SMB over TCP 445/udp
Monitor Activity and Identify Insecure Configurations Inventory the services and regions you are using. • What regions do you have VPCs in. • Which resources are accessible from the Internet. • Leverage AWS CloudTrail to identify new VPCs or service usage. • Define a consistent Tagging and Naming strategy for resources Ensure the AWS Services you’re using remain securely configured. • Disable non-secure ciphers on Elastic Load Balancing. • Remove Amazon S3 bucket permissions that allow global write or read. • Identify security groups or network ACLs that allow unrestricted access to sensitive ports.
Monitor Activity and Identify Insecure Configurations (cont.) Identify and remediate vulnerabilities in AMIs • Patch your AMIs not your instances. • Maintain a list of trustedAMIs, restrict users from launching non-trusted images. • Scan instances frequently to identify new vulnerabilities. Scanning tools must be cloud aware • Don’t assume your instances will be running during scan windows. • Replace rather than patch ephemeral instances • Watch for inherited vulnerabilities from 3rd party plugins or open source packages
Understand Your Compliance Responsibilities • If you have compliance requirements leverage the AWS Artifact service to understand what controls you are responsible for implementing. • Ensure that the AWS services you are leveraging are in-scope. Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager™ • 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others • 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public-facing web applications. • DS 5.10 Network Security • AI 3.2 Infrastructure resource protection and availability • 164.308(a)(1) Security Management Process • 164.308(a)(6) Security Incident Procedures Alert Logic Log Manager™ • 10.2 Automated audit trails • 10.3 Capture audit trails • 10.5 Secure logs • 10.6 Review logs at least daily • 10.7 Maintain logs online for three months • 10.7 Retain audit trail for at least one year • DS 5.5 Security Testing, Surveillance and Monitoring • 164.308 (a)(1)(ii)(D) Information System Activity Review • 164.308 (a)(6)(i) Login Monitoring • 164.312 (b) Audit Controls Alert Logic Threat Manager™ • 5.1.1 Monitor zero day attacks not covered by anti-virus • 6.2 Identify newly discovered security vulnerabilities • 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change • 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • DS5.9 Malicious Software Prevention, Detection and Correction • DS 5.6 Security Incident Definition • DS 5.10 Network Security • 164.308 (a)(1)(ii)(A) Risk Analysis • 164.308 (a)(1)(ii)(B) Risk Management • 164.308 (a)(5)(ii)(B) Protection from Malicious Software • 164.308 (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providingMonitoring, Protection, and Reporting
Create, test, tune signatures & rules Research vulnerabilities, exploits, payloads Verify attacks & criticality Feed findings to analytics team Correlate, model attack progression Develop & tune detection analytics Assemble incident report & notify Assess scope & impact Create machine learning models Integrate intelligence on emerging threats Analytics Verified incident report • Explanation of threat • Evidence for criticality • Related events, incidents, affected resource IDs • Remediation advice Live help within 15 minutes of high-priority threat Analyze for incidents • Signatures & rules • Anomaly detection • Machine learning Build detection content for new threats Monitor and investigate 24x365 Escalate with live notifications and advice Data from 4K+ customers Incident Response Requires Tools and People
Q&A – Additional Resources Alert Logic ActiveWatch Stay ahead of cyber threats without adding staff. Gain managed detection and response services through Alert Logic ActiveWatch Gartner's 2018 IDPS Magic Quadrant Places Alert Logic as Challenger Learn who the innovators and disruptors are in intrusion detection and response Speaker Jeremy Breland Solution Architect Alert Logic
Thank you.

Recommended

Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 

Recommended

Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftAlert Logic
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the CloudAlert Logic
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App AttacksAlert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Alert Logic
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 

More Related Content

What's hot

Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftAlert Logic
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the CloudAlert Logic
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App AttacksAlert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Alert Logic
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
 

What's hot (20)

Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 

Similar to Managed Threat Detection & Response for AWS Applications

Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessToni de la Fuente
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...
AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...
AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...Amazon Web Services
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetricconfluent
 

Similar to Managed Threat Detection & Response for AWS Applications (20)

Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
AWS Security
AWS Security AWS Security
AWS Security
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud Security
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...
AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...
AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementat...
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_Sentinel
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
 

More from Alert Logic

Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOpsAlert Logic
 
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanySecurity Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanyAlert Logic
 

More from Alert Logic (20)

Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOps
 
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanySecurity Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola Company
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Managed Threat Detection & Response for AWS Applications

  • 1. Jeremy Breland, Solution Architect, Alert Logic
  • 2. Alert Logic Security-as-a-Service We deliver our own security software + services in hybrid environments Hosted Data Center with an integrated multi-layer solution to protect enterprise apps & cloud workloads Web application attacks • SQL injection • Cross-site scripting • Other OWASP Top 10 Server & network activity • Brute force • Privilege escalation • Command and control Vulnerabilities across stack • Frameworks, CMSs • Middleware & OS’s • IaaS configurations ASSESS BLOCK DETECT COMPLYSecurity experts included SaaS security services AWS Other Clouds
  • 4. STORAGE DB NETWORKCOMPUTE Logical network segmentation Perimeter security services External DDoS, spoofing, and scanning prevented Hardened hypervisor System image library Root access for customer Secure coding and best practices Software and virtual patching Configuration management Access management Application-level attack monitoring Understand the Shared Responsibility Model Access management Patch management Configuration hardening Security monitoring Log analysis Network threat detection Security monitoring Configuration best practices CUSTOMER RESPONSIBILITY APPS CLOUD PROVIDER RESPONSIBILITY FOUNDATION SERVICES HOSTS NETWORKS
  • 5. Remember There Are Multiple Models…
  • 6. Remember There Are Multiple Models…
  • 7. Guideline to Risk Modeling Rank the Importance of Your Applications • Is it customer facing? • Does it have access to sensitive or controlled data? • How is the data segregated? Prioritize Remediations • Maintaining inventory of what's running and their use case • Enforcing a well-defined tagging strategy Where To Focus Limited Resources
  • 8. Best Practices to Securing Your AWS Account • Lock down the root account • Follow least privilege for AWS IAM Users and Roles • Ensure Amazon S3 ACLs and Bucket Policies are properly configured. • Enable a strong password policy and MFA requirement for AWS IAM users. • Enable AWS CloudTrail and AWS Config • Leverage encryption for services that have AWS KMS • Not a one time activity – Continuously monitor for changes.
  • 9. 60 Most Common AWS Configuration Remediations Unencrypted AMI Discovered Unencrypted EBS Volume S3 Logging not Enabled Unrestricted Outbound Access on All Ports User not configured to use MFA User Access Key not configured with Rotation IAM Policies are attached directly to User Dangerous User Privileged Access to S3 Dangerous IAM Role for S3 Dangerous User Privileged Access to RDS Disable Automatic Access Key Creation Dangerous User Privileged Access to DDB Dangerous User Privileged Access to IAM IAM Access Keys Unused for 90 Days ELB Listener Security (2 of 4) ELB Listener Security (1 of 4) Dangerous IAM Role for RDS RDS Encryption is not Enabled Dangerous IAM Role for DDB Unrestricted Inbound Access - Specific Ports 2 Dangerous IAM Role for IAM Unrestricted Inbound Access to SSH Port 22/tcp Unrestricted Inbound Access to HTTP Port 80/tcp Amazon S3 Bucket Permissions (2 of 2) Inactive user account Ensure AWS CloudTrail is Enabled in All Regions ELB Listener Security (4 of 4) Unrestricted Inbound Access Publicly Accessible RDS Database Instance Passwords not set to enforce complexity ACL permissions enabled for Authenticated Users in an S3 Bucket CloudTrail Logging Disabled Passwords not configured to expire Ensure Hardware Multi-Factor Authentication is Enabled for the Root Account Unrestricted Inbound Access to Windows RDP Port 3389/tcp Enable Amazon GuardDuty on AWS Account Unrestricted Inbound Access to PostgreSQL Port 5432/tcp Global View ACL permissions enabled in an S3 Bucket Unrestricted Inbound Access to mySQL Port 3306/tcp Unrestricted Inbound Access to NetBIOS over TCP/IP 137/udp/tcp, 138/udp or 139/udp/tcp Unrestricted Inbound Access to SMTP Port 25/tcp Root account not using MFA Unrestricted Inbound Access to FTP Port 21/tcp Unrestricted Inbound Access to DNS Port 53/tcp Unrestricted Inbound Access to SQLServer Port 1433,1434/tcp Unrestricted Inbound Access to FTP Port 20/tcp Unrestricted Inbound Access to VNC Port 5500,5900/tcp Unrestricted Inbound Access to MSQL Port 4333/tcp Unrestricted Inbound Access to SMTP over TLS/SSL Port 465/tcp Unrestricted Inbound Access to ElasticSearch Port 9300/tcp Unrestricted Inbound Access to CIFS/SMB over TCP 445/tcp Root Account Used Recently Unrestricted Inbound Access to Windows RPC Port 135/tcp Publicly Accessible AMI Discovered Unrestricted Inbound Access to Telnet Port 23/tcp Unencrypted Redshift Cluster Unrestricted Inbound Access to DNS Port 53/udp Publicly Accessible Redshift Cluster Nodes Dangerous use of Root Access Keys Unrestricted Inbound Access to CIFS/SMB over TCP 445/udp
  • 10. Monitor Activity and Identify Insecure Configurations Inventory the services and regions you are using. • What regions do you have VPCs in. • Which resources are accessible from the Internet. • Leverage AWS CloudTrail to identify new VPCs or service usage. • Define a consistent Tagging and Naming strategy for resources Ensure the AWS Services you’re using remain securely configured. • Disable non-secure ciphers on Elastic Load Balancing. • Remove Amazon S3 bucket permissions that allow global write or read. • Identify security groups or network ACLs that allow unrestricted access to sensitive ports.
  • 11. Monitor Activity and Identify Insecure Configurations (cont.) Identify and remediate vulnerabilities in AMIs • Patch your AMIs not your instances. • Maintain a list of trustedAMIs, restrict users from launching non-trusted images. • Scan instances frequently to identify new vulnerabilities. Scanning tools must be cloud aware • Don’t assume your instances will be running during scan windows. • Replace rather than patch ephemeral instances • Watch for inherited vulnerabilities from 3rd party plugins or open source packages
  • 12. Understand Your Compliance Responsibilities • If you have compliance requirements leverage the AWS Artifact service to understand what controls you are responsible for implementing. • Ensure that the AWS services you are leveraging are in-scope. Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager™ • 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others • 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public-facing web applications. • DS 5.10 Network Security • AI 3.2 Infrastructure resource protection and availability • 164.308(a)(1) Security Management Process • 164.308(a)(6) Security Incident Procedures Alert Logic Log Manager™ • 10.2 Automated audit trails • 10.3 Capture audit trails • 10.5 Secure logs • 10.6 Review logs at least daily • 10.7 Maintain logs online for three months • 10.7 Retain audit trail for at least one year • DS 5.5 Security Testing, Surveillance and Monitoring • 164.308 (a)(1)(ii)(D) Information System Activity Review • 164.308 (a)(6)(i) Login Monitoring • 164.312 (b) Audit Controls Alert Logic Threat Manager™ • 5.1.1 Monitor zero day attacks not covered by anti-virus • 6.2 Identify newly discovered security vulnerabilities • 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change • 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • DS5.9 Malicious Software Prevention, Detection and Correction • DS 5.6 Security Incident Definition • DS 5.10 Network Security • 164.308 (a)(1)(ii)(A) Risk Analysis • 164.308 (a)(1)(ii)(B) Risk Management • 164.308 (a)(5)(ii)(B) Protection from Malicious Software • 164.308 (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providingMonitoring, Protection, and Reporting
  • 13. Create, test, tune signatures & rules Research vulnerabilities, exploits, payloads Verify attacks & criticality Feed findings to analytics team Correlate, model attack progression Develop & tune detection analytics Assemble incident report & notify Assess scope & impact Create machine learning models Integrate intelligence on emerging threats Analytics Verified incident report • Explanation of threat • Evidence for criticality • Related events, incidents, affected resource IDs • Remediation advice Live help within 15 minutes of high-priority threat Analyze for incidents • Signatures & rules • Anomaly detection • Machine learning Build detection content for new threats Monitor and investigate 24x365 Escalate with live notifications and advice Data from 4K+ customers Incident Response Requires Tools and People
  • 14. Q&A – Additional Resources Alert Logic ActiveWatch Stay ahead of cyber threats without adding staff. Gain managed detection and response services through Alert Logic ActiveWatch Gartner's 2018 IDPS Magic Quadrant Places Alert Logic as Challenger Learn who the innovators and disruptors are in intrusion detection and response Speaker Jeremy Breland Solution Architect Alert Logic