GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Stephen Schmidt, Chief Information Security Officer at AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...Amazon Web Services
Zocdoc, an online healthcare scheduling service, receives more than 6 million patient visits monthly. In less than 12 months, Zocdoc became a cloud-first organization to meet their business goals. This digital transformation allowed for rapid innovation and the ability to deliver products that align with demands of the 21st-century patient. In this session, Brian Lozada, CISO at Zocdoc, and Jay Ball, Head of Application Security, explain how Zocdoc uses AWS security services to seamlessly and automatically monitor, audit, and enforce their security policies within all their AWS environments. They use AWS security services, such as AWS Config, Amazon GuardDuty, Amazon Inspector, and AWS Shield, while using AWS Lambda functions to augment their security team, all without slowing down their developers.
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
In this session, learn how LogMeIn moves quickly and stays secure through the power of automation on AWS. We walk through core AWS security building blocks, such as IAM, AWS CloudTrail, AWS Config, and Amazon CloudWatch. We dive deep into LogMeIn’s approach for empowering developers on AWS while also meeting required security controls.
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
According to Gartner, the IaaS market grew at a blistering 42.8% in 2017—twice as fast as SaaS. And with last year’s high-profile data exposures, the focus on bolstering IaaS security practices has increased. We’ve worked with AWS and hundreds of IaaS security professionals to develop a list of security practices specifically designed to protect AWS environments and the applications and data within them. In this session, you’ll discover: common yet preventable scenarios that can result in the loss of corporate data, security best practices for user and admin behavior monitoring, secure auditable configuration, Amazon S3 data loss and threat prevention, blueprints for how a solution-based approach (including bridging to your on-premises best practices) can provide IaaS visibility and control, step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements, and recommendations for creating a successful DevOps workflow that integrates security.
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Amazon Web Services
At AWS, we have begun using automated mathematical proof search methods to automate compliance certification. Our approach uses automated mathematical proof tools to find arguments that express, in a repeatable precise way, what controls are used, and why and how they are correctly implemented. In this chalk talk, learn how auditors can independently validate design and operating effectiveness using open-source and community-validated tools. This validation approach provides evidence of the operating effectiveness of a control at all times, for all operations. This approach can reduce costs and takes the time spent achieving compliance certification from months to seconds. This approach can also remove ambiguity from what it means to be compliant with a particular control.
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
Traditional data center environments have regarded the network boundary as a stable perimeter of defense, using gateway firewalls for effective protection. The public cloud, however, is exposing a plethora of hosted services directly to its users, bypassing traditional network filtering technologies, and effectively creating new perimeters around the various services and data element. Examples of these new perimeters include Amazon S3 buckets, Amazon EBS snapshots, and AWS Lambda functions. This session is brought to you by AWS partner, Dome9 Security Inc.
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
Managing that balance between running machine learning (ML) and deep learning algorithms and following approved security practices from your security organization is critical in keeping your data and your customers’ data safe. In this chalk talk, we introduce a common ML/deep learning flow using Amazon SageMaker, identify various points of data exchange with Amazon EMR and Amazon S3, and dive deep into the security and governance of the data and infrastructure. Learn about using security controls and building processes with services like AWS CloudTrail, AWS Config, Amazon CloudWatch Events, and AWS Lambda. Gain an understanding of the options and best practices for running ML and deep learning on AWS.Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...Amazon Web Services
Cloud-native and with security integrated early in the software development process, Nubank is the largest digital bank in the world outside of Asia. Demand for higher levels of service and value, constantly evolving technology capabilities, and stringent regulatory requirements are all powerful forces reshaping retail banking. In this session, Nubank CTO Edward Wible discusses how the company mixes engineering culture, security philosophy and structure, automation, and integration with AWS security services. Learn how to leverage the day-to-day software development workflow for extensive security and maximum engineering throughput while minimizing the operational pain of running a large infrastructure.
Stephen Schmidt, Chief Information Security Officer at AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...Amazon Web Services
Zocdoc, an online healthcare scheduling service, receives more than 6 million patient visits monthly. In less than 12 months, Zocdoc became a cloud-first organization to meet their business goals. This digital transformation allowed for rapid innovation and the ability to deliver products that align with demands of the 21st-century patient. In this session, Brian Lozada, CISO at Zocdoc, and Jay Ball, Head of Application Security, explain how Zocdoc uses AWS security services to seamlessly and automatically monitor, audit, and enforce their security policies within all their AWS environments. They use AWS security services, such as AWS Config, Amazon GuardDuty, Amazon Inspector, and AWS Shield, while using AWS Lambda functions to augment their security team, all without slowing down their developers.
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
In this session, learn how LogMeIn moves quickly and stays secure through the power of automation on AWS. We walk through core AWS security building blocks, such as IAM, AWS CloudTrail, AWS Config, and Amazon CloudWatch. We dive deep into LogMeIn’s approach for empowering developers on AWS while also meeting required security controls.
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
According to Gartner, the IaaS market grew at a blistering 42.8% in 2017—twice as fast as SaaS. And with last year’s high-profile data exposures, the focus on bolstering IaaS security practices has increased. We’ve worked with AWS and hundreds of IaaS security professionals to develop a list of security practices specifically designed to protect AWS environments and the applications and data within them. In this session, you’ll discover: common yet preventable scenarios that can result in the loss of corporate data, security best practices for user and admin behavior monitoring, secure auditable configuration, Amazon S3 data loss and threat prevention, blueprints for how a solution-based approach (including bridging to your on-premises best practices) can provide IaaS visibility and control, step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements, and recommendations for creating a successful DevOps workflow that integrates security.
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Amazon Web Services
At AWS, we have begun using automated mathematical proof search methods to automate compliance certification. Our approach uses automated mathematical proof tools to find arguments that express, in a repeatable precise way, what controls are used, and why and how they are correctly implemented. In this chalk talk, learn how auditors can independently validate design and operating effectiveness using open-source and community-validated tools. This validation approach provides evidence of the operating effectiveness of a control at all times, for all operations. This approach can reduce costs and takes the time spent achieving compliance certification from months to seconds. This approach can also remove ambiguity from what it means to be compliant with a particular control.
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
Traditional data center environments have regarded the network boundary as a stable perimeter of defense, using gateway firewalls for effective protection. The public cloud, however, is exposing a plethora of hosted services directly to its users, bypassing traditional network filtering technologies, and effectively creating new perimeters around the various services and data element. Examples of these new perimeters include Amazon S3 buckets, Amazon EBS snapshots, and AWS Lambda functions. This session is brought to you by AWS partner, Dome9 Security Inc.
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
Managing that balance between running machine learning (ML) and deep learning algorithms and following approved security practices from your security organization is critical in keeping your data and your customers’ data safe. In this chalk talk, we introduce a common ML/deep learning flow using Amazon SageMaker, identify various points of data exchange with Amazon EMR and Amazon S3, and dive deep into the security and governance of the data and infrastructure. Learn about using security controls and building processes with services like AWS CloudTrail, AWS Config, Amazon CloudWatch Events, and AWS Lambda. Gain an understanding of the options and best practices for running ML and deep learning on AWS.Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...Amazon Web Services
Cloud-native and with security integrated early in the software development process, Nubank is the largest digital bank in the world outside of Asia. Demand for higher levels of service and value, constantly evolving technology capabilities, and stringent regulatory requirements are all powerful forces reshaping retail banking. In this session, Nubank CTO Edward Wible discusses how the company mixes engineering culture, security philosophy and structure, automation, and integration with AWS security services. Learn how to leverage the day-to-day software development workflow for extensive security and maximum engineering throughput while minimizing the operational pain of running a large infrastructure.
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
In this session, we cover the most common cloud security questions that we hear from customers. We provide detailed answers for each question, distilled from our practical experience working with organizations around the world. This session is for everyone who is curious about the cloud, cautious about the cloud, or excited about the cloud.
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Amazon Web Services
In IT environments, identity is the key to governance and security. In this session, we discuss the challenges with identity in hybrid environments and some of the solutions. Topics include identity lifecycle management, single sign-on, multi-factor authentication, and dealing with multiple identity providers from different parties. We also cover the security requirements of a hybrid cloud environment: maintaining visbility, encryption, secure remote access, and compliance and auditing requirements.
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Amazon Web Services
Containers are becoming one of the new normal infrastructures for deploying applications. One of the challenges that customers face is how to secure their applications. Traditional security practices and tools are designed for applications running directly on the hosts, whereas containers are virtualized and multi-tenant. In this session, learn about techniques that can be used to secure hosts, containers themselves, and the applications hosted in individual containers. We look at using Amazon ECS with Amazon EC2, AWS Fargate, and Amazon EKS, and we discuss what techniques and best practices to employ as part of CI/CD processes and for running applications.
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
Join us for this hands-on workshop where you learn about a number of AWS services involved with threat detection and remediation as we walk through some real-world threat scenarios. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each hands-on scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch Events, Amazon SNS, Amazon Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector and, of course, Amazon GuardDuty.
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
This document discusses using AWS services for ingesting, storing, sharing, and analyzing video content. It describes how to stream live video from millions of devices using Amazon Kinesis Video Streams and then analyze the video using Amazon Rekognition. It also provides an example of building a system to detect faces on video streams from cameras using DeepLens and storing the results in databases like DynamoDB for further processing.
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.
The document discusses automating incident response and forensics in AWS. It focuses on two scenarios - detecting an insider threat based on an IAM access denied event, and responding to a compromised EC2 instance. For the insider threat, the presenter demonstrates how AWS services like CloudTrail, Lambda, and SNS can be used to detect the denied access and notify relevant parties. For the compromised instance, the presenter shows how Step Functions can automate isolating the instance and launching a "clean room" to forensically analyze the instance without further risk of compromise. The goal is to contain incidents quickly and gather information automatically without human intervention.
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...Amazon Web Services
In this session, we discuss how you should be building your runbooks and security incident report system (SIRS) using your company's real-world configuration and processes. Our goal is to give you an easier way to start your runbooks and create a SIRS. Now you can be the hero for your company by building a strategy and finding out how secure you are. You also learn more about why you should be running a DevSecOps pipeline and how it will help your team find threats in your production environment. Finally, learn how things are different in each level of environment and where your developers should be working.
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
Join us, and learn how we made AWS our backbone, modularized our software for the cloud, and gained an immediate surge in velocity. In this session, we walk you through some of the unexpected security challenges we faced and hopefully save you a few headaches. Discover what security issues you need to address, how to avoid costly unused instances in your deployments, and why your current security tools won’t help. We show you how a major transformation landed us on AWS, and we share how we overcame challenges and advanced our business while innovating in a new direction. This session is brought to you by AWS partner, Barracuda Networks Inc.
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Amazon Web Services
Operating a security practice on AWS brings many new challenges and opportunities that have not been addressed in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session, learn how your security team can leverage AWS Lambda as a tool to monitor, audit, and enforce your security policies within an AWS environment.
Detecting Credential Compromise in AWS (SEC389) - AWS re:Invent 2018Amazon Web Services
This talk discusses detecting compromised AWS credentials that are being used outside of an organization's environment. It describes challenges with detecting this using AWS CloudTrail event history and APIs due to limitations like pagination and rate limiting. The talk presents an approach that makes an assumption about how AWS works to overcome these challenges and enable full coverage detection within around 6 hours. It also covers preventing credential compromise by enforcing API access and protecting metadata.
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Amazon Web Services
Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...Amazon Web Services
SaaS presents developers with a unique blend of architectural challenges. Supporting a multi-tenant model often means re-thinking your approach to almost every layer of your architecture. Onboarding, security, data partitioning, tenant isolation, identity—these are areas that must be factored into how you design, build, and deploy your SaaS solution. Of course, the best way to wrap your mind around these SaaS architectural principles is to dig into a working example. In this workshop, we’ll expose you to the core concepts of SaaS architecture then dive into a reference SaaS architecture where you can see the moving parts of a SaaS solution in action. The goal here is to provide a series of activities that allow you to interact with a functional solution, introducing code and configuration that realizes and extends the capabilities of this SaaS environment. Through this combination of a brief lecture and hands-on exercises, you’ll get a healthy dose of SaaS best practices all through the lens of a working reference solution.
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
Deploying Microsoft products on AWS is fast, easy, and cost-effective. Before deploying these applications to production, it's helpful to have guidance on approaches for securing them. In this session, we outline the principles for protecting the environment of Microsoft applications hosted on AWS, with a focus on risk assessment, reducing attack surface, adhering to the principle of least privilege, and protecting data.
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Amazon Web Services
This document discusses GoDaddy's journey to migrate their infrastructure and applications to AWS over a 15-month period. It describes how they used AWS Service Catalog to standardize infrastructure deployment and provide self-service provisioning for their development teams. The migration involved 3 phases: an initial onboarding of 10 teams (Phase 1), a second round of onboarding (Phase 2), and ongoing onboarding while building out a self-service portal (Phase 3). By the end of Phase 3, GoDaddy had enabled self-service provisioning for their teams through the use of AWS Service Catalog.
The document discusses security best practices when using AWS. It highlights some common security anti-patterns to avoid, such as overcrowding AWS accounts, using personal AWS accounts, and relying only on manual technical auditing. It promotes practices like implementing least privilege access, continuous automated auditing using native AWS services, and adopting a DevSecOps approach to development that incorporates security testing and monitoring throughout the software development lifecycle.
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
The cloud offers a first-in-a-career opportunity to constantly optimize your costs as you grow and stay on the leading edge of innovation. By developing a cost-conscious culture and assigning the responsibility for efficiency to the appropriate business owners, you can deliver innovation efficiently and cost effectively. In this session, we share The Vanguard Group’s real-world experience of optimizing their costs, and we review a wide range of cost planning, monitoring, and optimization strategies.
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
The allure of the cloud is compelling and offers greater agility, elasticity, and reduced capex. Businesses seek to reap these benefits by migrating to AWS, all while enforcing corporate governance and security policies to minimize risk. To accomplish this objective, businesses must continuously monitor the performance of complex applications, which is not practical with point solutions, such as bytecode instrumentation. In this session, learn how NETSCOUT’s smart data platform enables continuous monitoring in hybrid cloud environments to minimize risk and control costs. Hear real-life examples of how businesses optimized their AWS migration, gaining visibility and deep insights into both the physical and virtual worlds, to maintain the continuity and security of the services throughout the migration process.This session is brought to you by AWS partner, NETSCOUT Systems.
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...Amazon Web Services
Enabling AWS CloudTrail for auditing purposes is often a corporate mandate, but do you know how to use CloudTrail events to improve your security and operational posture? Come learn how CloudTrail can help improve your operational monitoring and troubleshooting, security analysis, and compliance auditing processes. Discover best practices for setting up and using CloudTrail; explore use cases for data mining CloudTrail event data; learn how to set up alerts based on activity in your account; and learn about advanced use cases. Also learn how to implement data plane governance autoEnabling AWS CloudTrail for auditing purposes is often a corporate mandate, but do you know how to use CloudTrail events to improve your security and operational posture? Come learn how CloudTrail can help improve your operational monitoring and troubleshooting, security analysis, and compliance auditing processes. Discover best practices for setting up and using CloudTrail; explore use cases for data mining CloudTrail event data; learn how to set up alerts based on activity in your account; and learn about advanced use cases. Also learn how to implement data plane governance automation using data events from Amazon S3 and AWS Lambda.
mation using data events from Amazon S3 and AWS Lambda.
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional datacenter. However, many customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session we will review how to use automation, tools and techniques to harden and audit your AWS accounts and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Geordie Anderson, Security Specialist Solutions Architect, Amazon Web Services
Sean Donaghy, Senior Cyber Security Advisor, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Michael Davie, Security Engineer, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
In this session, we cover the most common cloud security questions that we hear from customers. We provide detailed answers for each question, distilled from our practical experience working with organizations around the world. This session is for everyone who is curious about the cloud, cautious about the cloud, or excited about the cloud.
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Amazon Web Services
In IT environments, identity is the key to governance and security. In this session, we discuss the challenges with identity in hybrid environments and some of the solutions. Topics include identity lifecycle management, single sign-on, multi-factor authentication, and dealing with multiple identity providers from different parties. We also cover the security requirements of a hybrid cloud environment: maintaining visbility, encryption, secure remote access, and compliance and auditing requirements.
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Amazon Web Services
Containers are becoming one of the new normal infrastructures for deploying applications. One of the challenges that customers face is how to secure their applications. Traditional security practices and tools are designed for applications running directly on the hosts, whereas containers are virtualized and multi-tenant. In this session, learn about techniques that can be used to secure hosts, containers themselves, and the applications hosted in individual containers. We look at using Amazon ECS with Amazon EC2, AWS Fargate, and Amazon EKS, and we discuss what techniques and best practices to employ as part of CI/CD processes and for running applications.
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
Join us for this hands-on workshop where you learn about a number of AWS services involved with threat detection and remediation as we walk through some real-world threat scenarios. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each hands-on scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch Events, Amazon SNS, Amazon Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector and, of course, Amazon GuardDuty.
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
This document discusses using AWS services for ingesting, storing, sharing, and analyzing video content. It describes how to stream live video from millions of devices using Amazon Kinesis Video Streams and then analyze the video using Amazon Rekognition. It also provides an example of building a system to detect faces on video streams from cameras using DeepLens and storing the results in databases like DynamoDB for further processing.
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.
The document discusses automating incident response and forensics in AWS. It focuses on two scenarios - detecting an insider threat based on an IAM access denied event, and responding to a compromised EC2 instance. For the insider threat, the presenter demonstrates how AWS services like CloudTrail, Lambda, and SNS can be used to detect the denied access and notify relevant parties. For the compromised instance, the presenter shows how Step Functions can automate isolating the instance and launching a "clean room" to forensically analyze the instance without further risk of compromise. The goal is to contain incidents quickly and gather information automatically without human intervention.
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...Amazon Web Services
In this session, we discuss how you should be building your runbooks and security incident report system (SIRS) using your company's real-world configuration and processes. Our goal is to give you an easier way to start your runbooks and create a SIRS. Now you can be the hero for your company by building a strategy and finding out how secure you are. You also learn more about why you should be running a DevSecOps pipeline and how it will help your team find threats in your production environment. Finally, learn how things are different in each level of environment and where your developers should be working.
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
Join us, and learn how we made AWS our backbone, modularized our software for the cloud, and gained an immediate surge in velocity. In this session, we walk you through some of the unexpected security challenges we faced and hopefully save you a few headaches. Discover what security issues you need to address, how to avoid costly unused instances in your deployments, and why your current security tools won’t help. We show you how a major transformation landed us on AWS, and we share how we overcame challenges and advanced our business while innovating in a new direction. This session is brought to you by AWS partner, Barracuda Networks Inc.
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Amazon Web Services
Operating a security practice on AWS brings many new challenges and opportunities that have not been addressed in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session, learn how your security team can leverage AWS Lambda as a tool to monitor, audit, and enforce your security policies within an AWS environment.
Detecting Credential Compromise in AWS (SEC389) - AWS re:Invent 2018Amazon Web Services
This talk discusses detecting compromised AWS credentials that are being used outside of an organization's environment. It describes challenges with detecting this using AWS CloudTrail event history and APIs due to limitations like pagination and rate limiting. The talk presents an approach that makes an assumption about how AWS works to overcome these challenges and enable full coverage detection within around 6 hours. It also covers preventing credential compromise by enforcing API access and protecting metadata.
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Amazon Web Services
Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.
Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...Amazon Web Services
SaaS presents developers with a unique blend of architectural challenges. Supporting a multi-tenant model often means re-thinking your approach to almost every layer of your architecture. Onboarding, security, data partitioning, tenant isolation, identity—these are areas that must be factored into how you design, build, and deploy your SaaS solution. Of course, the best way to wrap your mind around these SaaS architectural principles is to dig into a working example. In this workshop, we’ll expose you to the core concepts of SaaS architecture then dive into a reference SaaS architecture where you can see the moving parts of a SaaS solution in action. The goal here is to provide a series of activities that allow you to interact with a functional solution, introducing code and configuration that realizes and extends the capabilities of this SaaS environment. Through this combination of a brief lecture and hands-on exercises, you’ll get a healthy dose of SaaS best practices all through the lens of a working reference solution.
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
Deploying Microsoft products on AWS is fast, easy, and cost-effective. Before deploying these applications to production, it's helpful to have guidance on approaches for securing them. In this session, we outline the principles for protecting the environment of Microsoft applications hosted on AWS, with a focus on risk assessment, reducing attack surface, adhering to the principle of least privilege, and protecting data.
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Amazon Web Services
This document discusses GoDaddy's journey to migrate their infrastructure and applications to AWS over a 15-month period. It describes how they used AWS Service Catalog to standardize infrastructure deployment and provide self-service provisioning for their development teams. The migration involved 3 phases: an initial onboarding of 10 teams (Phase 1), a second round of onboarding (Phase 2), and ongoing onboarding while building out a self-service portal (Phase 3). By the end of Phase 3, GoDaddy had enabled self-service provisioning for their teams through the use of AWS Service Catalog.
The document discusses security best practices when using AWS. It highlights some common security anti-patterns to avoid, such as overcrowding AWS accounts, using personal AWS accounts, and relying only on manual technical auditing. It promotes practices like implementing least privilege access, continuous automated auditing using native AWS services, and adopting a DevSecOps approach to development that incorporates security testing and monitoring throughout the software development lifecycle.
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
The cloud offers a first-in-a-career opportunity to constantly optimize your costs as you grow and stay on the leading edge of innovation. By developing a cost-conscious culture and assigning the responsibility for efficiency to the appropriate business owners, you can deliver innovation efficiently and cost effectively. In this session, we share The Vanguard Group’s real-world experience of optimizing their costs, and we review a wide range of cost planning, monitoring, and optimization strategies.
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
The allure of the cloud is compelling and offers greater agility, elasticity, and reduced capex. Businesses seek to reap these benefits by migrating to AWS, all while enforcing corporate governance and security policies to minimize risk. To accomplish this objective, businesses must continuously monitor the performance of complex applications, which is not practical with point solutions, such as bytecode instrumentation. In this session, learn how NETSCOUT’s smart data platform enables continuous monitoring in hybrid cloud environments to minimize risk and control costs. Hear real-life examples of how businesses optimized their AWS migration, gaining visibility and deep insights into both the physical and virtual worlds, to maintain the continuity and security of the services throughout the migration process.This session is brought to you by AWS partner, NETSCOUT Systems.
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...Amazon Web Services
Enabling AWS CloudTrail for auditing purposes is often a corporate mandate, but do you know how to use CloudTrail events to improve your security and operational posture? Come learn how CloudTrail can help improve your operational monitoring and troubleshooting, security analysis, and compliance auditing processes. Discover best practices for setting up and using CloudTrail; explore use cases for data mining CloudTrail event data; learn how to set up alerts based on activity in your account; and learn about advanced use cases. Also learn how to implement data plane governance autoEnabling AWS CloudTrail for auditing purposes is often a corporate mandate, but do you know how to use CloudTrail events to improve your security and operational posture? Come learn how CloudTrail can help improve your operational monitoring and troubleshooting, security analysis, and compliance auditing processes. Discover best practices for setting up and using CloudTrail; explore use cases for data mining CloudTrail event data; learn how to set up alerts based on activity in your account; and learn about advanced use cases. Also learn how to implement data plane governance automation using data events from Amazon S3 and AWS Lambda.
mation using data events from Amazon S3 and AWS Lambda.
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional datacenter. However, many customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session we will review how to use automation, tools and techniques to harden and audit your AWS accounts and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Geordie Anderson, Security Specialist Solutions Architect, Amazon Web Services
Sean Donaghy, Senior Cyber Security Advisor, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Michael Davie, Security Engineer, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018Amazon Web Services
AWS Security Hub is a new AWS service that provides a single place to manage security and compliance across AWS accounts. It integrates with other security tools and allows users to view findings from multiple accounts. Security Hub is available now for free in preview and aims to provide a centralized view of security posture and issues across an organization on AWS.
This document outlines an agenda for a workshop on threat detection and remediation. It includes:
- Running a CloudFormation template to set up the initial environment.
- A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help.
- A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.
This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018Amazon Web Services
Learn how Symantec uses AWS to provide complete, integrated security solutions that monitor and protect companies and governments from hackers. Hear about lessons learned from how Symantec scaled up its infrastructure to analyze billions of logs every day to detect the world’s most sophisticated cyber attacks, and you’ll see how Symantec integrates with native AWS services, like Amazon GuardDuty, AWS Lambda, and AWS Systems Manager, into its own security solutions to provide even better security in the cloud. This session is brought to you by AWS partner, Symantec Corporation.
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Amazon Web Services
Large AWS environments have assets distributed across many accounts and regions. Ideally, asset inventory should be timely and provide an audit trail to document who made the changes and when. This is required for security teams to quickly react to insecure configurations and for DevOps tooling to manage infrastructure effectively. The traditional means of obtaining the timely and current state of AWS assets is to very frequently poll over the entire infrastructure, often tens of times per minute. This becomes increasingly difficult as AWS infrastructures grow in complexity. Additionally, polling for infrastructure changes provides no auditability context. In this session, learn how to inventory, track, and respond to AWS asset changes with seconds at scale.
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
Security is job zero at AWS. Come and learn how to build a modern security practice on AWS and supercharge it with AWS partners and serverless automation. Learn about the Security Perspectives found the AWS Well-Architected Framework, which equip your security program to not only keep your environment secure but also move fast. Learn advanced techniques to empower your teams with Amazon GuardDuty so you can elevate your team's ability to identify, protect, detect, respond, and recover from security events.
Learning Objectives:
- Learn how GuardDuty continuously monitors for unauthorized behavior to help protect AWS accounts and workloads
- Understand how GuardDuty uses machine learning to detect anomalous account and network activities
- See how a SOC team can triage threats from a single console and automate security responses
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Palo Alto Networks provides organizations with the visibility and automation needed to create and update security policies in your cloud environment in real time. Learn how you can gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Michael South, AWS Security Acceleration Business Development
Matt McLimans, Public Cloud Consultant Engineer, Palo Alto Networks
Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Amazon Web Services
Security on AWS is robust and feature rich, but how do you know what to do and how to start? This workshop covers how to start your AWS threat response automation platform using native AWS tools and OSS. We begin with how to collect and analyze all the different data sources in an AWS account. Next, we cover how to take that log data and automatically address risks identified from network intrusion, insider threats, or misconfigurations. We also cover preventative controls that can help block risk in the first place and alert you when drift occurs. Finally, we cover how to scale this all out to multiple accounts.
The AWS Shared Responsibility Model in PracticeAlert Logic
This document discusses the AWS shared responsibility model and how it divides security responsibilities between AWS and customers. It provides examples of how the responsibilities are divided for different types of AWS services, including infrastructure services, container services, and abstract services. It also promotes the security tools and services available in AWS that can help customers automate security tasks, gain visibility, and protect their infrastructure, data, and applications.
Do you work with too many tools? In this session, learn how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.
Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...Amazon Web Services
The document discusses automating the migration of applications and infrastructure from on-premises to AWS. It covers the benefits of automating discovery, migration, and tracking migrations. Examples of automation architectures are presented, including using AWS services like Application Discovery Service, AWS Migration Hub, and Lambda. The overall goal is to speed up migrations through repeatable, traceable automation.
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
The document discusses traditional on-premise security approaches using firewalls and their limitations. It then covers cloud security using tools like CloudTrail, VPC flow logs, and GuardDuty for continuous monitoring. GuardDuty detects threats and security findings can be responded to automatically using Lambda. The document concludes with an overview of DevSecOps which aims to integrate security practices into the entire software development lifecycle through automation, testing, and a shared culture of security.
The AWS Shared Responsibility Model in PracticeAlert Logic
The document discusses security in the cloud with Amazon Web Services (AWS). It highlights that AWS provides tools to automate security, inherit global controls, and scale with visibility and control. It also discusses the shared responsibility model where AWS manages security of the cloud infrastructure and customers manage security in the cloud. Finally, it provides examples of AWS security services for identity and access management, detective controls, infrastructure security, data protection, and incident response.
Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. In this session you'll learn how to keep your data safe and meet compliance requirements, being able to scale quickly and save money.
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Amazon Web Services
The document describes a simulated red team vs blue team security exercise on AWS. The red team is able to compromise the target AWS account by stealing credentials, reconnoitering resources, exploiting vulnerabilities, and exfiltrating data due to weaknesses in the initial account configuration such as single sign-on, open network access controls, and secrets embedded in code. The blue team recommendations include restricting access, encrypting secrets, automating deployments, monitoring activities, and segmenting networks.
Similar to Meeting Enterprise Security Requirements with AWS Native Security Services (SEC319) - AWS re:Invent 2018 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.