SlideShare a Scribd company logo

Automated NIST 800-53 High Impact Security Controls on AWS

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

You might think it’s impossible to achieve NIST 800-53 high impact controls in your environment but with AWS and Trend Micro you can achieve this seemingly impossible mission, even in hybrid environments. Learn how to leverage AWS and Trend Micro security controls to retain logs, control access to systems or monitor changes and more and how to automate everything using technologies like AWS CloudFormation. Join this session and get a peek at the inner workings of the AWS & Trend Micro Quick Start Reference Deployment Guide for NIST 800-53 that can help you quickly deliver high-impact controls in an automated, repeatable fashion.

Technology
1 of 34
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bryan Webster, Principal Architect, Trend Micro Brett Miller, Professional Services Consultant, AWS June 20, 2016 Mission (Not) Impossible: NIST 800-53 high impact controls on AWS
Why we’re here today • Learn how to implement NIST SP 800-53 (rev 4) High Impact security controls with AWS & partner technology • Provide reusable building blocks and sample code • Demonstrate automated deployment and integration of multiple technologies Mission:PossibleImpossible
What are the challenges of achieving NIST high impact security controls on AWS?
AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
Enterprise Accelerator for NIST SP 800-53 (rev 4) Works in Gov Cloud (US) & commercial AWS regions
Leveraging AWS services for NIST controls
AWS Identity & Access Management (IAM) What is configured? Base security, IAM and access configuration for AWS account Why? • Manage user access • Programmatically implement controls for machines, roles, groups, data access Control Families • Access Control • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
AWS CloudTrail What is configured? Define S3 bucket, versioning enabled, capture all events Why? • Automated audit of infrastructure and change management Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
Amazon SNS, AWS CloudWatch What is configured? Security alarms and notifications Why? • Automated exception notification and configurable alarms • Triggering incident response Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
VPC, NACL, Security Groups What is configured? Provides networking configuration for a standard management VPC, enforces traffic with NACL Why? • Programmatic delivery of network infrastructure and access controls Control Families • Access Control CREATE_IN_PROGRESSCREATE_COMPLETE
IAM, AWS CloudTrail, Amazon SNS, Amazon VPC, NACL Infrastructure security Cloud Infrastructure Operating System Data Applications FileSecurityNetwork Security Log Inspection and Application Scanning Anti-malware and Integrity Monitoring Intrusion prevention, Firewall
Anti-malware Integrity Monitoring Intrusion Prevention Log Inspection Web Reputation Host Firewall Trend Micro Deep Security • Seamlessly integrated with EC2 • Deploy as AMI, SaaS or software All in a single, host-based tool
Leveraging Deep Security for NIST controls
Management and Visibility What is configured? Deploys Deep Security Manager to AWS Why? • Visibility of EC2 resources • Single console with integrated threat information Applicable Controls • Access Control • Audit & Accountability • Incident Response • Risk Assessment • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
File Controls What is configured? Anti-Malware, Integrity Monitoring, Log Inspection Why? • Discover and block malicious code • Monitor files for changes • Inspect existing logs for indications of unusual activity Applicable Controls • Audit & Accountability • Configuration Management • System & Information Integrity Applicable Controls • Audit & Accountability • Security Assessment & Authorization • Configuration Management • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
Network Controls What is configured? Intrusion detection & prevention, Firewall Why? • Add additional stateful controls to enhance security groups and NACLs • Add layer 7 visibility and inspection Applicable Controls • Security Assessment & Authorization • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information IntegrityCREATE_IN_PROGRESSCREATE_COMPLETE
Automating NIST controls with AWS CloudFormation
Why use it? • Infrastructure as code • Repeatable • Audit baseline AWS CloudFormation
Third party integration with CloudFormation If you can’t automate 3rd party products with AWS CloudFormation They aren’t built for AWS
AWS + Trend Micro Enterprise Accelerator: NIST 800-53 High Impact Controls • Adds additional coverage for High Impact controls • Design philosophy • NIST SP 800-53 (r4) security controls best practices • Sample implementation for many different resource types and hundreds of controls • Plug and play sub-templates to fit your requirements
https://aws.amazon.com/quickstart/ Trend Micro Deep Security AWS Enterprise Accelerator - Compliance: NIST High Impact controls AWS Enterprise Accelerator: NIST High Impact controls
Access Control Audit & Accountability Configuration Management Contingency Planning Identification & Authentication Incident Response Maintenance Media Protection Physical & Environmental Protection Risk Assessment Security Assessment & Authorization System & Communications Protection System & Information Integrity System & Services Acquisition Major NIST SP 800-53 (rev4) Trend Micro + AWS coverage CustomerOverall Inherited Shared
Enterprise Accelerator: Quick Start CloudFormation Stack 2,500 lines of JSON code = 126 AWS Resources, 200+ API Actions Prevent Malicious code execution Block Remote Exploits Shield App Vulnerabilities Detect OS and App changes Deep Security Stack Deep Security Manager, Agents, and required AWS Infrastructure Amazon EC2 Instances, Availability Zones, Amazon RDS databases, Auto scaling ELB load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch VPCs, Subnets, Gateways, Route Tables, NACLs Users, Groups & Roles, CloudFormation access, and Service Catalog constraints
Additional Resources • Spreadsheet with High security controls mapping • Github repo • Templates • Deployment guide – tailor and deploy template https://docs.aws.amazon.com/quickstart/latest/accelerator-nist-high-impact/welcome.html aws.amazon.com/quickstart/
Question & Answer
trendmicro.com/aws

Recommended

Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Amazon Web Services
 
Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016
Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016
Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016Amazon Web Services
 
Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...
Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...
Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...Amazon Web Services
 
Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 

Recommended

Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Amazon Web Services
 
Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016
Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016
Migrating a US Army Application to the Cloud | AWS Public Sector Summit 2016Amazon Web Services
 
Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...
Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...
Leveraging Cloud Transformation to Build a DevOps Culture | AWS Public Sector...Amazon Web Services
 
Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Amazon Web Services
 
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Amazon Web Services
 
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016Amazon Web Services
 
Pre-launch Checklist for Going Production on AWS
Pre-launch Checklist for Going Production on AWS Pre-launch Checklist for Going Production on AWS
Pre-launch Checklist for Going Production on AWS Amazon Web Services
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSAmazon Web Services
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWSSuman Debnath
 
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...Amazon Web Services
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCAmazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
Migrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS CloudMigrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS Cloudjineshvaria
 
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...Amazon Web Services Korea
 
REAN Cloud DevOps Accelerators
REAN Cloud DevOps AcceleratorsREAN Cloud DevOps Accelerators
REAN Cloud DevOps AcceleratorsREAN Cloud
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudAmazon Web Services
 
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012Amazon Web Services
 
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)Amazon Web Services
 
Accelerating Enterprise Cloud Adoption Securely
Accelerating Enterprise Cloud Adoption SecurelyAccelerating Enterprise Cloud Adoption Securely
Accelerating Enterprise Cloud Adoption SecurelyREAN Cloud
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAmazon Web Services
 
Moving your SAP Environment to the Cloud
Moving your SAP Environment to the Cloud Moving your SAP Environment to the Cloud
Moving your SAP Environment to the Cloud REAN Cloud
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
 
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...Amazon Web Services
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Phase II 12.14.14
Phase II 12.14.14Phase II 12.14.14
Phase II 12.14.14haney888
 

More Related Content

What's hot

Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Amazon Web Services
 
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Amazon Web Services
 
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016Amazon Web Services
 
Pre-launch Checklist for Going Production on AWS
Pre-launch Checklist for Going Production on AWS Pre-launch Checklist for Going Production on AWS
Pre-launch Checklist for Going Production on AWS Amazon Web Services
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSAmazon Web Services
 
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...Amazon Web Services
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCAmazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
Migrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS CloudMigrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS Cloudjineshvaria
 
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...Amazon Web Services Korea
 
REAN Cloud DevOps Accelerators
REAN Cloud DevOps AcceleratorsREAN Cloud DevOps Accelerators
REAN Cloud DevOps AcceleratorsREAN Cloud
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudAmazon Web Services
 
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012Amazon Web Services
 
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)Amazon Web Services
 
Accelerating Enterprise Cloud Adoption Securely
Accelerating Enterprise Cloud Adoption SecurelyAccelerating Enterprise Cloud Adoption Securely
Accelerating Enterprise Cloud Adoption SecurelyREAN Cloud
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAmazon Web Services
 
Moving your SAP Environment to the Cloud
Moving your SAP Environment to the Cloud Moving your SAP Environment to the Cloud
Moving your SAP Environment to the Cloud REAN Cloud
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
 
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...Amazon Web Services
 

What's hot (20)

Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017
 
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
 
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
Next-Generation Security Operations with AWS | AWS Public Sector Summit 2016
 
Pre-launch Checklist for Going Production on AWS
Pre-launch Checklist for Going Production on AWS Pre-launch Checklist for Going Production on AWS
Pre-launch Checklist for Going Production on AWS
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWS
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSC
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
Migrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS CloudMigrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS Cloud
 
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
AWS Innovate 2016- Planning a Phased Cloud Migration Strategy - Abhishek Mah...
 
REAN Cloud DevOps Accelerators
REAN Cloud DevOps AcceleratorsREAN Cloud DevOps Accelerators
REAN Cloud DevOps Accelerators
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS Cloud
 
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
Best Practices: Operational Checklists for the AWS Cloud - AWS NYC Summit 2012
 
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
AWS re:Invent 2016: Develop Your Migration Toolkit (ENT312)
 
Accelerating Enterprise Cloud Adoption Securely
Accelerating Enterprise Cloud Adoption SecurelyAccelerating Enterprise Cloud Adoption Securely
Accelerating Enterprise Cloud Adoption Securely
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
 
Moving your SAP Environment to the Cloud
Moving your SAP Environment to the Cloud Moving your SAP Environment to the Cloud
Moving your SAP Environment to the Cloud
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
 
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
AWS re:Invent 2016: Simplify Cloud Migration with AWS Server Migration Servic...
 

Viewers also liked

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Phase II 12.14.14
Phase II 12.14.14Phase II 12.14.14
Phase II 12.14.14haney888
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...
Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...
Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...Amazon Web Services
 
Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...
Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...
Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...Amazon Web Services
 
AWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWS
AWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWSAWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWS
AWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWSAmazon Web Services
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
 
Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...
Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...
Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...Amazon Web Services
 
AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...
AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...
AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...Amazon Web Services
 
Customer Sharing: HTC - What is in AWS Cloud for me?
Customer Sharing: HTC - What is in AWS Cloud for me?Customer Sharing: HTC - What is in AWS Cloud for me?
Customer Sharing: HTC - What is in AWS Cloud for me?Amazon Web Services
 
AWS Summit Sydney 2014 | Running your First Application on AWS
AWS Summit Sydney 2014 | Running your First Application on AWSAWS Summit Sydney 2014 | Running your First Application on AWS
AWS Summit Sydney 2014 | Running your First Application on AWSAmazon Web Services
 
AWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your Business
AWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your BusinessAWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your Business
AWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your BusinessAmazon Web Services
 
AWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operative
AWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operativeAWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operative
AWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operativeAmazon Web Services
 
AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...
AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...
AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...Amazon Web Services
 
Wild rydes serverless website workshop
Wild rydes serverless website workshopWild rydes serverless website workshop
Wild rydes serverless website workshopAmazon Web Services
 
Getting Started with Amazon Aurora
Getting Started with Amazon AuroraGetting Started with Amazon Aurora
Getting Started with Amazon AuroraAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAmazon Web Services
 

Viewers also liked (20)

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Phase II 12.14.14
Phase II 12.14.14Phase II 12.14.14
Phase II 12.14.14
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...
Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...
Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...
 
Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...
Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...
Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...
 
AWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWS
AWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWSAWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWS
AWS Webcast - AWS Webinar Series for Education #2 - Getting Started with AWS
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
 
Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...
Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...
Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...
 
AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...
AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...
AWS Summit Sydney 2014 | Reduce Risk in eCommerce Projects through Outcome Ba...
 
Customer Sharing: HTC - What is in AWS Cloud for me?
Customer Sharing: HTC - What is in AWS Cloud for me?Customer Sharing: HTC - What is in AWS Cloud for me?
Customer Sharing: HTC - What is in AWS Cloud for me?
 
AWS Summit Sydney 2014 | Running your First Application on AWS
AWS Summit Sydney 2014 | Running your First Application on AWSAWS Summit Sydney 2014 | Running your First Application on AWS
AWS Summit Sydney 2014 | Running your First Application on AWS
 
AWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your Business
AWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your BusinessAWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your Business
AWS Summit Sydney 2014 | Moving to the Cloud. What does it Mean to your Business
 
AWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operative
AWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operativeAWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operative
AWS Enterprise Summit London | AWS as an Agile Enabler at The Co-operative
 
AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...
AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...
AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...
 
Wild rydes serverless website workshop
Wild rydes serverless website workshopWild rydes serverless website workshop
Wild rydes serverless website workshop
 
Getting Started with Amazon Aurora
Getting Started with Amazon AuroraGetting Started with Amazon Aurora
Getting Started with Amazon Aurora
 
Scmp aws digitalmedia_2013
Scmp aws digitalmedia_2013Scmp aws digitalmedia_2013
Scmp aws digitalmedia_2013
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical Track
 

Similar to Automated NIST 800-53 High Impact Security Controls on AWS

1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSAmazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 

Similar to Automated NIST 800-53 High Impact Security Controls on AWS (20)

1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Automated NIST 800-53 High Impact Security Controls on AWS

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bryan Webster, Principal Architect, Trend Micro Brett Miller, Professional Services Consultant, AWS June 20, 2016 Mission (Not) Impossible: NIST 800-53 high impact controls on AWS
  • 2. Why we’re here today • Learn how to implement NIST SP 800-53 (rev 4) High Impact security controls with AWS & partner technology • Provide reusable building blocks and sample code • Demonstrate automated deployment and integration of multiple technologies Mission:PossibleImpossible
  • 3. What are the challenges of achieving NIST high impact security controls on AWS?
  • 4. AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
  • 5. Enterprise Accelerator for NIST SP 800-53 (rev 4) Works in Gov Cloud (US) & commercial AWS regions
  • 6.
  • 7.
  • 9. AWS Identity & Access Management (IAM) What is configured? Base security, IAM and access configuration for AWS account Why? • Manage user access • Programmatically implement controls for machines, roles, groups, data access Control Families • Access Control • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
  • 10. AWS CloudTrail What is configured? Define S3 bucket, versioning enabled, capture all events Why? • Automated audit of infrastructure and change management Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
  • 11.
  • 12. Amazon SNS, AWS CloudWatch What is configured? Security alarms and notifications Why? • Automated exception notification and configurable alarms • Triggering incident response Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
  • 13. VPC, NACL, Security Groups What is configured? Provides networking configuration for a standard management VPC, enforces traffic with NACL Why? • Programmatic delivery of network infrastructure and access controls Control Families • Access Control CREATE_IN_PROGRESSCREATE_COMPLETE
  • 14.
  • 15. IAM, AWS CloudTrail, Amazon SNS, Amazon VPC, NACL Infrastructure security Cloud Infrastructure Operating System Data Applications FileSecurityNetwork Security Log Inspection and Application Scanning Anti-malware and Integrity Monitoring Intrusion prevention, Firewall
  • 16. Anti-malware Integrity Monitoring Intrusion Prevention Log Inspection Web Reputation Host Firewall Trend Micro Deep Security • Seamlessly integrated with EC2 • Deploy as AMI, SaaS or software All in a single, host-based tool
  • 17.
  • 18. Leveraging Deep Security for NIST controls
  • 19. Management and Visibility What is configured? Deploys Deep Security Manager to AWS Why? • Visibility of EC2 resources • Single console with integrated threat information Applicable Controls • Access Control • Audit & Accountability • Incident Response • Risk Assessment • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
  • 20. File Controls What is configured? Anti-Malware, Integrity Monitoring, Log Inspection Why? • Discover and block malicious code • Monitor files for changes • Inspect existing logs for indications of unusual activity Applicable Controls • Audit & Accountability • Configuration Management • System & Information Integrity Applicable Controls • Audit & Accountability • Security Assessment & Authorization • Configuration Management • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
  • 21. Network Controls What is configured? Intrusion detection & prevention, Firewall Why? • Add additional stateful controls to enhance security groups and NACLs • Add layer 7 visibility and inspection Applicable Controls • Security Assessment & Authorization • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information IntegrityCREATE_IN_PROGRESSCREATE_COMPLETE
  • 22.
  • 23. Automating NIST controls with AWS CloudFormation
  • 24. Why use it? • Infrastructure as code • Repeatable • Audit baseline AWS CloudFormation
  • 25. Third party integration with CloudFormation If you can’t automate 3rd party products with AWS CloudFormation They aren’t built for AWS
  • 26. AWS + Trend Micro Enterprise Accelerator: NIST 800-53 High Impact Controls • Adds additional coverage for High Impact controls • Design philosophy • NIST SP 800-53 (r4) security controls best practices • Sample implementation for many different resource types and hundreds of controls • Plug and play sub-templates to fit your requirements
  • 27. https://aws.amazon.com/quickstart/ Trend Micro Deep Security AWS Enterprise Accelerator - Compliance: NIST High Impact controls AWS Enterprise Accelerator: NIST High Impact controls
  • 28. Access Control Audit & Accountability Configuration Management Contingency Planning Identification & Authentication Incident Response Maintenance Media Protection Physical & Environmental Protection Risk Assessment Security Assessment & Authorization System & Communications Protection System & Information Integrity System & Services Acquisition Major NIST SP 800-53 (rev4) Trend Micro + AWS coverage CustomerOverall Inherited Shared
  • 29.
  • 30. Enterprise Accelerator: Quick Start CloudFormation Stack 2,500 lines of JSON code = 126 AWS Resources, 200+ API Actions Prevent Malicious code execution Block Remote Exploits Shield App Vulnerabilities Detect OS and App changes Deep Security Stack Deep Security Manager, Agents, and required AWS Infrastructure Amazon EC2 Instances, Availability Zones, Amazon RDS databases, Auto scaling ELB load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch VPCs, Subnets, Gateways, Route Tables, NACLs Users, Groups & Roles, CloudFormation access, and Service Catalog constraints
  • 31.
  • 32. Additional Resources • Spreadsheet with High security controls mapping • Github repo • Templates • Deployment guide – tailor and deploy template https://docs.aws.amazon.com/quickstart/latest/accelerator-nist-high-impact/welcome.html aws.amazon.com/quickstart/

Editor's Notes

  1. Mostly talking today about controls above the line Massively grey area – we don’t know what to do Delivering guidance and usage examples for configuration of services Technology that stretches assistance above the line
  2. Alarms and triggering incident response Unauthorized access Changes to security groups
  3. [if
  4. Top cell: Should read: Amazon EC2 Instances, Availability Zones, Amazon RDS Databases, and Auto Scaling ·         Second cell down: Should read: Elastic Load Balancing load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch ·         Bottom cell: Third line of text onward should read: and AWS Service Catalog constraints