Network security, Anti-DDoS and other Internet-side protections: Encryption in Transit (and when it’s needed), Shield, CloudFront and WAFn - Pop-up Loft TLV 2017
Architecting for resilience doesn’t stop at spreading EC2 and VPC-based environments across multiple Availability Zones. We discuss and demonstrate a number of protective measures which can be put in place between the Internet and your AWS environments to mitigate DDoS and other varieties of attack, and measures that can be deployed on-instance to protect EC2 environments. We also discuss whether encryption in transit is necessary within a VPC, and for customers who consider it to be, how to manage distribution of key material and other secret credentials in autoscaling environments.
At re:Invent 2016, we are launching AWS Shield, a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
The document discusses best practices for building DDoS resilient services using AWS technologies. It provides an overview of common DDoS attack types and threats. It then details several AWS services that can be used to detect and mitigate DDoS attacks, including Amazon CloudFront, Route 53, WAF, VPC, and EC2. It also discusses AWS' global network and how traffic is routed to improve resilience against large DDoS attacks.
Everything generates logs. Applications, infrastructure, security ... everything. As you use the Cloud, keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. We'll look at using AWS services to get the insights you need quickly and easily.
Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
Advanced Techniques for DDOS Mitigation and Web Application DefenseAmazon Web Services
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules.
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.
At re:Invent 2016, we are launching AWS Shield, a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
The document discusses best practices for building DDoS resilient services using AWS technologies. It provides an overview of common DDoS attack types and threats. It then details several AWS services that can be used to detect and mitigate DDoS attacks, including Amazon CloudFront, Route 53, WAF, VPC, and EC2. It also discusses AWS' global network and how traffic is routed to improve resilience against large DDoS attacks.
Everything generates logs. Applications, infrastructure, security ... everything. As you use the Cloud, keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. We'll look at using AWS services to get the insights you need quickly and easily.
Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
Advanced Techniques for DDOS Mitigation and Web Application DefenseAmazon Web Services
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules.
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
Learning Objectives:
- Discover how to secure your cloud infrastructure with Amazon CloudFront, AWS Shield and AWS WAF
- Learn how to offload security heavy-lifting to the AWS Edge
- Learn about the built-in security in Amazon CloudFront
- Get tips on how to develop an adaptive security strategy for your cloud
In this tech talk, you will learn how you can better defend your websites and cloud infrastructure from cyberattacks using edge services from AWS, such as Amazon CloudFront, AWS Shield and AWS WAF. You will go behind the scenes to see how edge services help mitigate common DDoS attacks, how to use advanced protocols and ciphers, and how to enforce end-to-end HTTPS connections. You will also learn how to use additional features like AWS WAF's IP and bot blocking to implement tailored and advanced protection.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...Amazon Web Services
Many organizations on their journey into the cloud require consistent and highly secure connectivity between their existing data center and AWS footprints. In this session, we walk through the different architecture options for establishing this connectivity using AWS Direct Connect and VPN. With each option, we evaluate the considerations and discuss risk, performance, encryption, and cost. As we walk through these options, we try to answer some of the most common questions that typically arise from organizations that tackle design and implementation. You'll learn how to make connectivity decisions that are suitable for your workloads, and how to best prepare against business impact in the event of failure.
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
Fed up with stop and go in your data center? Shift into overdrive and pull into the fast lane!
Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn in the Cloud.
The secret ingredient? Culture! Because “Cloud” is only one half of the digital transformation story: The other half is how your organization deals with cultural change as you transition from the old world of IT into building microservices on AWS with agile DevOps teams in a true „you build it you run it“ fashion.
Listen to stories from the trenches, powered by Amazon Kinesis, Amazon DynamoDB, AWS Lambda, Amazon ECS, Amazon API Gateway and much more, backed by AWS Partners, AWS Professional Services, and AWS Enterprise Support.
Key takeaways: How to become Cloud native, evolve your architecture step by step, drive cultural change across your teams, and manage your company’s transformation for the future.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
This document provides an overview of data encryption options in AWS. It discusses encryption at rest using AWS Key Management Service (KMS) and bringing your own keys. KMS allows customers to centralize control of encryption keys while integrating with many AWS services. It provides assurances around key security and auditing of key usage. Alternatives like AWS CloudHSM and do-it-yourself key management are also presented. The document emphasizes starting with a threat model and using least privilege access controls to properly secure data.
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
This document provides an overview of security best practices on AWS. It recommends taking a prescriptive approach to understand AWS security practices, build strong compliance foundations, integrate identity and access management, enable detective controls, establish network security, implement data protection, optimize change management, and automate security functions. The document highlights several native AWS security services and how they can help strengthen a customer's security posture.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits of the service. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
The AWS cloud infrastructure is architected to be one of the most flexible and secure cloud computing environments available today. By leveraging services such as EC2, you are able to build highly scalable and performant architectures. AWS also provides a rich set of services which help to remove much of the potentially undifferentiated heavy lifting associated to managing your EC2 based infrastructure. This session will introduce some of these services in the areas of Application Management, Database, Analytics, Security and Enterprise Applications.
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
As serverless architectures become more popular, AWS customers need a framework of patterns to help them deploy their workloads without managing servers or operating systems. This session introduces and describes four re-usable serverless patterns for web apps, stream processing, batch processing, and automation. For each, we provide a TCO analysis and comparison with its server-based counterpart. We also discuss the considerations and nuances associated with each pattern and have customers share similar experiences. The target audience is architects, system operators, and anyone looking for a better understanding of how serverless architectures can help them save money and improve their agility.
AWS re:Invent 2016: Searching Inside Video at Petabyte Scale Using Spot (WIN307)Amazon Web Services
Video is a "last-mile problem" for search technology. Unlike webpages, documents, and email, content in videos has traditionally been impossible to search. Recent advances in automated speech and text recognition, however, let businesses and universities search inside video assets as easily as inside textual content. In this session, you'll learn how Panopto is using AWS to solve the video-search problem at scale, while saving over 50% in operating costs by taking advantage of Spot instances. We discuss the cross-platform architecture that combines Windows and Linux to provide cost-effective video processing and search indexing. We also dive deep into scaling Spot elastically based on user demand, handling fallback situations when instances are revoked, and using the Spot bidding process to optimize cost structure. Finally, we discuss future plans to reduce operating costs even further through Spot fleets and grid processing.
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
1. The document discusses best practices for automating AWS resources using infrastructure as code. It recommends using AWS CloudFormation to define resources with templates and deploying infrastructure in a standardized, versioned manner.
2. AWS Service Catalog and AWS CloudFormation allow organizations to define approved templates and deploy IT services in a self-service way while enforcing constraints and access controls.
3. Automating health monitoring and remediation of AWS resources using AWS Personal Health Dashboard, AWS Health, and AWS Health Tools can help address operational issues continuously.
re:Invent recap session 2: Being well Architected in the cloudAmazon Web Services
The document discusses the AWS Well-Architected Framework which provides best practices for architecting systems on AWS. It covers the five pillars of the framework - security, reliability, performance efficiency, cost optimization, and operational excellence. For each pillar, it provides examples of questions to evaluate architectures and best practices for alignment with AWS recommendations.
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
This session is for IT pros working with compliance managers to deliver solutions that lower costs and still meet compliance demands. You will learn how to move large scale data stores to the cloud, while remaining compliant with existing regulations. Services mentioned: S3, Glacier and the Vault Lock feature, Snowball, ingestion services.
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
Historically, relationships between developers and security teams have been challenging. Security teams sometimes see developers as careless and ignorant of risk, while developers might see security teams as dogmatic barriers to productivity. Can technologies and approaches such as the cloud, APIs, and automation lead to happier developers and more secure systems? Netflix has had success pursuing this approach, by leaning into the fundamental cloud concept of self-service, the Netflix cultural value of transparency in decision making, and the engineering efficiency principle of facilitating a “paved road.”
This session explores how security teams can use thoughtful tools and automation to improve relationships with development teams while creating a more secure and manageable environment. Topics include Netflix’s approach to IAM entity management, Elastic Load Balancing and certificate management, and general security configuration monitoring.
Your security is our number one priority. In this session, we'll review best practices that will make your AWS platform even more secure. Using a number of services such as IAM, KMS, CloudTrail, Inspector, etc, we'll show you easy, concrete steps that you can take in minutes to significantly raise your security level.
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAmazon Web Services
AWS Shield is a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
Learning Objectives:
• Learn about the different types of DDoS protections AWS Shield offers
• Understand the difference between the Standard and Advanced tiers
• Hear how AWS WAF works with AWS Shield to provide a strong defense against DDoS attacks
• Learn how to get started with AWS Shield
Bigger and more sophisticated distributed denial of service (DDoS) attacks are targeting the Internet’s Domain Name System (DNS) causing significant downtime to websites and application. Amazon Route 53, the AWS DNS service, integrates tightly with AWS Shield, the AWS service that provides managed DDoS protection, to safeguard your web applications and protect against large scale attacks. Techniques Amazon Route 53 employs to thwart DDoS attacks including Anycast Striping, Shuffle Sharding and a global network of 56 points of presence. Mitigation strategies AWS Shield provides including inline mitigations, visibility and cost protection.
Learning Objectives:
• Learn how Amazon Route 53 scales against DDoS attacks
• Learn about the advanced features like Anycast Striping and traffic shaping mitigates DDoS risks
• Learn how always-on inline mitigation techniques protects against advanced attacks
• Learn how AWS Shield integrates with Amazon Route53 to monitor traffic signatures and undertakes deterministic packet filtering to minimize application downtime
• Learn why customers should use Amazon Route 53 and AWS Shield to protect against DNS DDoS attacks
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
Learning Objectives:
- Discover how to secure your cloud infrastructure with Amazon CloudFront, AWS Shield and AWS WAF
- Learn how to offload security heavy-lifting to the AWS Edge
- Learn about the built-in security in Amazon CloudFront
- Get tips on how to develop an adaptive security strategy for your cloud
In this tech talk, you will learn how you can better defend your websites and cloud infrastructure from cyberattacks using edge services from AWS, such as Amazon CloudFront, AWS Shield and AWS WAF. You will go behind the scenes to see how edge services help mitigate common DDoS attacks, how to use advanced protocols and ciphers, and how to enforce end-to-end HTTPS connections. You will also learn how to use additional features like AWS WAF's IP and bot blocking to implement tailored and advanced protection.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...Amazon Web Services
Many organizations on their journey into the cloud require consistent and highly secure connectivity between their existing data center and AWS footprints. In this session, we walk through the different architecture options for establishing this connectivity using AWS Direct Connect and VPN. With each option, we evaluate the considerations and discuss risk, performance, encryption, and cost. As we walk through these options, we try to answer some of the most common questions that typically arise from organizations that tackle design and implementation. You'll learn how to make connectivity decisions that are suitable for your workloads, and how to best prepare against business impact in the event of failure.
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
Fed up with stop and go in your data center? Shift into overdrive and pull into the fast lane!
Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn in the Cloud.
The secret ingredient? Culture! Because “Cloud” is only one half of the digital transformation story: The other half is how your organization deals with cultural change as you transition from the old world of IT into building microservices on AWS with agile DevOps teams in a true „you build it you run it“ fashion.
Listen to stories from the trenches, powered by Amazon Kinesis, Amazon DynamoDB, AWS Lambda, Amazon ECS, Amazon API Gateway and much more, backed by AWS Partners, AWS Professional Services, and AWS Enterprise Support.
Key takeaways: How to become Cloud native, evolve your architecture step by step, drive cultural change across your teams, and manage your company’s transformation for the future.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
This document provides an overview of data encryption options in AWS. It discusses encryption at rest using AWS Key Management Service (KMS) and bringing your own keys. KMS allows customers to centralize control of encryption keys while integrating with many AWS services. It provides assurances around key security and auditing of key usage. Alternatives like AWS CloudHSM and do-it-yourself key management are also presented. The document emphasizes starting with a threat model and using least privilege access controls to properly secure data.
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
This document provides an overview of security best practices on AWS. It recommends taking a prescriptive approach to understand AWS security practices, build strong compliance foundations, integrate identity and access management, enable detective controls, establish network security, implement data protection, optimize change management, and automate security functions. The document highlights several native AWS security services and how they can help strengthen a customer's security posture.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits of the service. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
The AWS cloud infrastructure is architected to be one of the most flexible and secure cloud computing environments available today. By leveraging services such as EC2, you are able to build highly scalable and performant architectures. AWS also provides a rich set of services which help to remove much of the potentially undifferentiated heavy lifting associated to managing your EC2 based infrastructure. This session will introduce some of these services in the areas of Application Management, Database, Analytics, Security and Enterprise Applications.
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
As serverless architectures become more popular, AWS customers need a framework of patterns to help them deploy their workloads without managing servers or operating systems. This session introduces and describes four re-usable serverless patterns for web apps, stream processing, batch processing, and automation. For each, we provide a TCO analysis and comparison with its server-based counterpart. We also discuss the considerations and nuances associated with each pattern and have customers share similar experiences. The target audience is architects, system operators, and anyone looking for a better understanding of how serverless architectures can help them save money and improve their agility.
AWS re:Invent 2016: Searching Inside Video at Petabyte Scale Using Spot (WIN307)Amazon Web Services
Video is a "last-mile problem" for search technology. Unlike webpages, documents, and email, content in videos has traditionally been impossible to search. Recent advances in automated speech and text recognition, however, let businesses and universities search inside video assets as easily as inside textual content. In this session, you'll learn how Panopto is using AWS to solve the video-search problem at scale, while saving over 50% in operating costs by taking advantage of Spot instances. We discuss the cross-platform architecture that combines Windows and Linux to provide cost-effective video processing and search indexing. We also dive deep into scaling Spot elastically based on user demand, handling fallback situations when instances are revoked, and using the Spot bidding process to optimize cost structure. Finally, we discuss future plans to reduce operating costs even further through Spot fleets and grid processing.
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
1. The document discusses best practices for automating AWS resources using infrastructure as code. It recommends using AWS CloudFormation to define resources with templates and deploying infrastructure in a standardized, versioned manner.
2. AWS Service Catalog and AWS CloudFormation allow organizations to define approved templates and deploy IT services in a self-service way while enforcing constraints and access controls.
3. Automating health monitoring and remediation of AWS resources using AWS Personal Health Dashboard, AWS Health, and AWS Health Tools can help address operational issues continuously.
re:Invent recap session 2: Being well Architected in the cloudAmazon Web Services
The document discusses the AWS Well-Architected Framework which provides best practices for architecting systems on AWS. It covers the five pillars of the framework - security, reliability, performance efficiency, cost optimization, and operational excellence. For each pillar, it provides examples of questions to evaluate architectures and best practices for alignment with AWS recommendations.
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
This session is for IT pros working with compliance managers to deliver solutions that lower costs and still meet compliance demands. You will learn how to move large scale data stores to the cloud, while remaining compliant with existing regulations. Services mentioned: S3, Glacier and the Vault Lock feature, Snowball, ingestion services.
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
Historically, relationships between developers and security teams have been challenging. Security teams sometimes see developers as careless and ignorant of risk, while developers might see security teams as dogmatic barriers to productivity. Can technologies and approaches such as the cloud, APIs, and automation lead to happier developers and more secure systems? Netflix has had success pursuing this approach, by leaning into the fundamental cloud concept of self-service, the Netflix cultural value of transparency in decision making, and the engineering efficiency principle of facilitating a “paved road.”
This session explores how security teams can use thoughtful tools and automation to improve relationships with development teams while creating a more secure and manageable environment. Topics include Netflix’s approach to IAM entity management, Elastic Load Balancing and certificate management, and general security configuration monitoring.
Your security is our number one priority. In this session, we'll review best practices that will make your AWS platform even more secure. Using a number of services such as IAM, KMS, CloudTrail, Inspector, etc, we'll show you easy, concrete steps that you can take in minutes to significantly raise your security level.
Security best practices on AWS - Pop-up Loft TLV 2017
Similar to Network security, Anti-DDoS and other Internet-side protections: Encryption in Transit (and when it’s needed), Shield, CloudFront and WAFn - Pop-up Loft TLV 2017
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAmazon Web Services
AWS Shield is a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
Learning Objectives:
• Learn about the different types of DDoS protections AWS Shield offers
• Understand the difference between the Standard and Advanced tiers
• Hear how AWS WAF works with AWS Shield to provide a strong defense against DDoS attacks
• Learn how to get started with AWS Shield
Bigger and more sophisticated distributed denial of service (DDoS) attacks are targeting the Internet’s Domain Name System (DNS) causing significant downtime to websites and application. Amazon Route 53, the AWS DNS service, integrates tightly with AWS Shield, the AWS service that provides managed DDoS protection, to safeguard your web applications and protect against large scale attacks. Techniques Amazon Route 53 employs to thwart DDoS attacks including Anycast Striping, Shuffle Sharding and a global network of 56 points of presence. Mitigation strategies AWS Shield provides including inline mitigations, visibility and cost protection.
Learning Objectives:
• Learn how Amazon Route 53 scales against DDoS attacks
• Learn about the advanced features like Anycast Striping and traffic shaping mitigates DDoS risks
• Learn how always-on inline mitigation techniques protects against advanced attacks
• Learn how AWS Shield integrates with Amazon Route53 to monitor traffic signatures and undertakes deterministic packet filtering to minimize application downtime
• Learn why customers should use Amazon Route 53 and AWS Shield to protect against DNS DDoS attacks
Understand AWS best practices for Distributed Denial of Service (DDoS) resiliency and how AWS Shield can assist you to protect your business. Uncover how this tool safeguards web applications running on AWS, and how always-on detection and automatic inline mitigations minimize application downtime and latency.
AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry.
Speaker: Brian Wagner, Security Consultant, Professional Services, AWS
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
This document provides an overview of techniques for mitigating distributed denial of service (DDoS) attacks and defending web applications. It discusses various types of threats including DDoS, application attacks, and bad bots. It then describes AWS services for protection including AWS Shield for DDoS mitigation, AWS VPC for network segmentation, and AWS WAF for web application firewall capabilities. The presentation includes demos of these services blocking different attack types like HTTP floods, bots and scrapers, and security automation approaches.
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
This document provides an overview and summary of advanced techniques for DDoS mitigation and web application defense using AWS services like AWS Shield, Amazon VPC, and AWS WAF. It begins with an introduction and overview of common security threats. It then discusses AWS Shield for DDoS protection, including Standard and Advanced tiers. The document reviews using Amazon VPC for network segmentation and security groups. It also explains AWS WAF for web application firewall capabilities like preconfigured rules, APIs for automation, and a flexible rule language. Examples and demos of these services are provided.
"In this session, we will address the current threat landscape, present DDoS attacks that we have seen on AWS, and discuss the methods and technologies we use to protect AWS services. You will leave this session with a better understanding of:
DDoS attacks on AWS as well as the actual threats and volumes that we typically see.
What AWS does to protect our services from these attacks.
How this all relates to the AWS Shared Responsibility Model."
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. This session will show you how to use Lambda functions to automate event response and integrate with your security operations tools. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as Amazon Virtual Private Cloud, Amazon Web Application Firewall, Amazon Shield, and more. You will also learn how to monitor and gain deep visibility into your AWS environment by using highly-scaled solutions such as AWS CloudTrail and AWS CloudWatch. Learn More: https://aws.amazon.com/government-education/
This document discusses cloud-native DDoS attack mitigation and provides an overview of how AWS services can help. It describes the evolution from on-premise to cloud-routed to cloud-native DDoS mitigation strategies. It also outlines AWS Shield Standard and Advanced protections that provide automatic DDoS protection for AWS resources. The presentation aims to help users prepare resilient architectures, monitor applications for issues, and respond to DDoS events through demonstrations of AWS services like WAF, CloudFront, Route 53, and more.
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
This document provides an overview of DDoS solutions from a customer perspective. It discusses different types of DDoS attacks and the need for multiple protection tools. It describes two common deployment models for scrubbing centers: DNS redirection and BGP. AlwaysOn protection is generally better than on-demand AlwaysAvailable protection. While scrubbing services can mitigate large attacks, they are not a complete solution and other measures are needed to deal with initial attack waves. Preparation including a response team and plan can help organizations effectively respond to DDoS attacks.
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
This document discusses mitigating DDoS attacks on AWS. It outlines five common DDoS attack vectors: UDP reflection attacks, UDP floods, TCP SYN floods, web application layer attacks, and DNS query floods. It then discusses four AWS use cases for DDoS mitigation: protecting common web applications, highly resilient web applications, video game development applications, and voice communication applications. The document provides details on how AWS security services like AWS WAF, CloudFront, and Route 53 can help detect and mitigate DDoS attacks. It also includes a case study of how Crownpeak implemented DDoS resiliency for the Bank of New York Mellon websites.
This document discusses distributed denial of service (DDoS) attack mitigation strategies. It provides an overview of different types of DDoS attacks and threats. It then outlines the evolution of DDoS mitigation approaches, including on-premise mitigation, cloud-routed mitigation, and cloud-native mitigation. The document focuses on Amazon Web Services' (AWS) cloud-native approach using AWS Shield for DDoS protection. It describes AWS Shield Standard Protection and AWS Shield Advanced Protection, as well as how to build a DDoS-resilient architecture on AWS.
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionAndy Ellis
The document describes Radware's hybrid cloud WAF service, which provides fully-managed web application and DDoS protection for enterprises with applications in both cloud and on-premise environments. The service uses Radware's security technologies to integrate cloud and on-premise defenses, providing comprehensive detection and mitigation of web attacks, SQL injections, cross-site scripting, and DDoS attacks across hybrid infrastructures. It offers three service tiers with varying levels of protection and management features to suit different customer needs.
The enterprise perimeter is disappearing. Migration to the cloud means a more distributed network infrastructure. Transition of web based applications to the cloud renders on premise mitigation tools ineffective against web attacks and requires organizations to protect applications both on premise and in-the-cloud.
Introducing Radware's Hybrid Cloud WAF Service - a fully-managed, always on service that integrates cloud-based with on premise protection against a broad range of attack vectors.
Visit here http://www.radware.com/social/hybridcloudwaf/ to read "The Dawn of Hybrid Cloud WAF" and to learn how the industry's first hybrid cloud-based WAF service addresses today's most challenging web-based cyber-attacks.
The document discusses cloud-native DDoS attack mitigation strategies on AWS. It outlines three pillars of protection: built-in protection for all AWS customers against common network and transport layer attacks, optional advanced DDoS protection with AWS Shield Advanced, and tools like AWS WAF and VPC for customized application-layer protections. True stories are presented showing how AWS services like CloudFront and Shield helped customers migrate mitigation from on-premises to the cloud and defend against large sophisticated attacks.
The document discusses trends in denial of service (DoS) attacks from Q1 2023. Some key points:
- Israel emerged as the top targeted country for HTTP DDoS attacks, surpassing the US. Gaming/gambling was the most targeted industry in several regions.
- Finland was the largest source of HTTP attack traffic, while Vietnam was the largest source of network layer attacks.
- DNS amplification became the most common attack vector, comprising 30% of attacks, followed by SYN floods at 22% and UDP-based attacks at 21%.
The document analyzes recent shifts in target countries/industries and attack vectors used in DoS attacks in the first quarter of 2023.
Learning Objectives:
- Learn how to use AWS Shield to build scalable DDoS defense into your applications
- Learn how to monitor your applications on the AWS Cloud and detect DDoS attempts
- Learn how to respond to in-progress DDoS attempts
HaltDos is a high throughput, high performance software based network appliance that can stay updated with evolving technology and threats without requiring hardware replacements. With its multi-layered and multi-vector approach, it can defend against a wide range of DDoS attacks within seconds to ensure high uptime of your website/web services.
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
This document provides an overview of distributed denial of service (DDoS) attacks and best practices for building DDoS resiliency on Amazon Web Services (AWS). It describes common infrastructure layer attacks like SYN floods and application layer attacks like HTTP floods. It also outlines mitigation techniques like using AWS infrastructure and services that are DDoS resilient by design, implementing defense at the infrastructure and application layers, reducing attack surfaces, obfuscating AWS resources, and improving visibility and support. The paper includes a reference architecture that leverages these techniques to help protect application availability against DDoS attacks.
Similar to Network security, Anti-DDoS and other Internet-side protections: Encryption in Transit (and when it’s needed), Shield, CloudFront and WAFn - Pop-up Loft TLV 2017 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
What is an RPA CoE? Session 2 – CoE RolesDianaGray10
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Network security, Anti-DDoS and other Internet-side protections: Encryption in Transit (and when it’s needed), Shield, CloudFront and WAFn - Pop-up Loft TLV 2017
6. Types of DDoS attacks
Volumetric DDoS attacks
Congest networks by flooding them with
more traffic than they are able to handle
(e.g., UDP reflection attacks)
7. Types of DDoS attacks
State-exhaustion DDoS attacks
Abuse protocols to stress systems like
firewalls, IPS, or load balancers (e.g., TCP
SYN flood)
8. Types of DDoS attacks
Application-layer DDoS attacks
Use well-formed but malicious requests to
circumvent mitigation and consume
application resources (e.g., HTTP GET, DNS
query floods)
9. DDoS attack trends
Volumetric State exhaustion Application layer
65%
Volumetric
18%
State exhaustion
18%
Application layer
10. Volumetric State exhaustion Application layer
65%
Volumetric
18%
State exhaustion
18%
Application layer
DDoS attack trends
SSDP reflection attacks are very
common
Reflection attacks have clear signatures,
but can consume available bandwidth.
11. Volumetric State exhaustion Application layer
65%
Volumetric
18%
State exhaustion
18%
Application layer
DDoS attack trends
Other common volumetric attacks:
NTP reflection, DNS reflection,
Chargen reflection, SNMP reflection
12. Volumetric State exhaustion Application layer
65%
Volumetric
18%
State exhaustion
18%
Application layer
DDoS attack trends SYN floods can look like real
connection attempts
And on average, they are larger in
volume. They can prevent real users
from establishing connections.
13. Volumetric State exhaustion Application layer
65%
Volumetric
18%
State exhaustion
18%
Application layer
DDoS attack trends
DNS query floods are real DNS requests
These can continue for hours and exhaust the
available resources of the DNS server.
14. Volumetric State exhaustion Application layer
65%
Volumetric
18%
State exhaustion
18%
Application layer
DDoS attack trends
Other common application
layer attacks:
HTTP GET flood, Slowloris
16. Challenges in mitigating DDoS attacks
Difficult to enable
Complex set-up Provision bandwidth
capacity
Application re-architecture
17. Challenges in mitigating DDoS attacks
Manual involvement
Operator involvement to
initiate mitigation
Re-route traffic via distant
scrubbing location
Increased time to
mitigate
Traditional
Datacenter
18. Challenges in mitigating DDoS attacks
Traffic re-routing = Increased latency for users
Traditional
Datacenter
21. At AWS, our goal has always been to …
Remove undifferentiated
heavy-lifting
Automatically protected
against common attacks
Ensure availability
AWS services are highly
available
22. DDoS protections built into AWS
Integrated into the AWS global infrastructure
Always-on, fast mitigation without external routing
Redundant Internet connectivity in AWS data centers
23. DDoS protections built into AWS
Protection against most common
infrastructure attacks
SYN/ACK Floods, UDP Floods,
Refection attacks etc.
No additional cost
DDoS mitigation
systems
DDoS Attack
Users
24. Customers keep asking …
Does AWS protect me
from DDoS attacks?
What about large
DDoS attacks?
How can I get visibility
when I get attacked?
Does AWS protect
me from application
layer attacks?
Scaling for
DDoS attacks
is expensive.
I want to talk to
DDoS experts.
26. AWS Shield
Standard Protection Advanced Protection
Available to ALL AWS customers at
No Additional Cost
Paid service that provides additional
protections, features and benefits.
27. AWS Shield
AWS Integration
DDoS protection
without infrastructure
changes
Affordable
Don’t force unnecessary
trade-offs between cost and
availability
Flexible
Customize protections
for your applications
Always-On Detection
and Mitigation
Minimize impact on application
latency
Four key pillars…
29. AWS Shield Standard
Layer 3/4 protection
Automatic detection & mitigation
Protection from most common
attacks (SYN/UDP Floods, Reflection
Attacks, etc.)
Built into AWS services
Layer 7 protection
AWS WAF for Layer 7 DDoS attack
mitigation
Self-service & pay-as-you-go
30. AWS Shield Standard
Better protection than ever for your applications running on AWS
• Improved mitigations using proprietary BlackWatch systems
• Additional mitigation capacity
• Commitment to continuously improve detection and mitigation
• Still at no additional cost
33. AWS Shield Advanced
Available today in …
US East (N. Virginia) us-east-1
US West (Oregon) us-west-2
EU (Ireland) eu-west-1
Asia Pacific (Tokyo) ap-northeast-1
34. AWS Shield Advanced
Announcing AWS WAF for Application Load Balancer
Application Load BalancerAWS WAF
Valid users
Attackers
X
35. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
36. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
37. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
38. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
39. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
40. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
42. Always-on monitoring and detection
Signature based detection
Heuristics-based
anomaly detection
Baselining
43. Always-on monitoring and detection
Detects anomalies based on attributes such as:
• Source IP
• Source ASN
• Traffic levels
• Validated sources
Heuristics-based anomaly detection
44. Always-on monitoring and detection
Continuously baselining normal traffic patterns
• HTTP Requests per second
• Source IP Address
• URLs
• User-Agents
Baselining
45. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
50. Low suspicion attributes
Normal packet or request header
Traffic composition and volume is typical
given its source
Traffic valid for its destination
High suspicion attributes
• Suspicious packet or request headers
• Entropy in traffic by header attribute
• Entropy in traffic source and volume
• Traffic source has a poor reputation
• Traffic invalid for its destination
• Request with cache-busting attributes
Layer 3/4 infrastructure protection
Traffic prioritization based on scoring
51. Layer 3/4 infrastructure protection
• Inline inspection and scoring
• Preferentially discard lower priority (attack) traffic
• False positives are avoided and legitimate viewers are protected
Traffic prioritization based on scoring
High-suspicion
packets dropped
Low-suspicion
packets retained
52. Layer 3/4 infrastructure protection
• See this in action at
https://www.youtube.com/watch?v=w9fSW6qMktA&feature=youtu.be&lis
t=PLhr1KZpdzukfYBoBNGKS3axyHW9-JClQb
Traffic prioritization based on scoring
53. Layer 3/4 infrastructure protection
• Distributed scrubbing and bandwidth
capacity
• Automated routing policies to absorb large
attacks
• Manual traffic engineering
Advanced routing policies
54. Layer 3/4 infrastructure protection
• Advanced routing capabilities
• Additional mitigation capacity
Additional protections against larger and more sophisticated
attacks
61. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
62. Attack notification and reporting
Attack monitoring
and detection
• Real-time notification of attacks via Amazon CloudWatch
• Near real-time metrics and packet captures for attack forensics
• Historical attack reports
63. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
64. 24x7 access to DDoS Response Team
Critical and urgent priority cases are
answered quickly and routed directly
to DDoS experts
Complex cases can be escalated to
the AWS DDoS Response Team
(DRT), who have deep experience in
protecting AWS as well as
Amazon.com and its subsidiaries
65. 24x7 access to DDoS Response Team
Before Attack
Proactive consultation and
best practice guidance
During Attack
Attack mitigation
After Attack
Post-mortem
analysis
66. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
68. • No commitment
• No additional cost
AWS DDoS Shield: Pricing
• 1 year subscription commitment
• Monthly base fee: $3,000
• Data transfer fees
Data Transfer Price ($ per GB)
CloudFront ELB
First 100 TB $0.025 0.050
Next 400 TB $0.020 0.040
Next 500 TB $0.015 0.030
Next 4 PB $0.010 Contact Us
Above 5 PB Contact Us Contact Us
Standard Protection Advanced Protection
69. For protection against most
common DDoS attacks, and
access to tools and best
practices to build a DDoS
resilient architecture on AWS.
AWS DDoS Shield: How to choose
For additional protection against
larger and more sophisticated
attacks, visibility into attacks,
AWS cost protection, Layer 7
mitigations, and 24X7 access to
DDoS experts for complex cases.
Standard Protection Advanced Protection
70. You get it automatically
AWS Shield: Getting started
Enable via the AWS Console
Standard Protection Advanced Protection
72. AWS WAF
• Not the world's intrinsically-smartest WAF
• Understands XSS, SQLi, outssize packets
But:
• Located in CloudFront – so, closest to the Threat Actors
• Highly programmable (by customers as well as our nice DRT folk)
• ...
73. Enhancing AWS WAF Smartness, Option 1
• "Lambdafy All The Things!"
• https://aws.amazon.com/blogs/security/how-to-import-ip-address-
reputation-lists-to-automatically-update-aws-waf-ip-blacklists/
• aka "write a Lambda function to":
• periodically query well-known Realtime Blackhole Lists (Spamhaus et al)
• transform the list contents into AWS WAF rules
• populate your AWS WAF instances with them
• Pick another property, apply the same principles...
74. Enhancing AWS WAF Smartness, Option 2
• ...or have an AWS Marketplace product do it for you!
• Currently, Imperva, Alert Logic, Trend Micro have AWS WAF
integrations
• (others are working on it)
• Trend Micro have open-sourced their integration code:
• https://github.com/deep-security/aws-waf
76. Where and Why?
Across the Internet: of course
• https session termination
• in ELB / ALB?
• in CloudFront?
• in EC2 instances?
• Within a VPC...?
• HIPAA mandates it for in-scope services
• PCI-DSS doesn't
• Control 4 says "encrypt across public networks"
• Audit reports assert a VPC isn't a public network...
77. Options
• DIY (with S3 and KMS)
• EC2 Systems Manager Parameter Store
• Note:
• "The Magic's in the Scoping"
• In the following, KMS isn't in-scope for HIPAA and EC2 Systems
Manager Parameter Store and Run Command have yet to integrate
into our audit cycles at time of writing, but they don't touch PHI / CVV /
PAN / other data defined as sensitive...!
89. Parameter Store
• Centrally store and find configuration and access data
• Repeatable, automatable management (e.g. SQL
connection strings)
• Granular access control – view, use and edit values per
parameter
• Encrypt sensitive data at rest in-store using your own AWS
KMS keys
90. Parameter Store – Getting started
• Parameter: Key-value pair
• Secure Strings: Encrypt sensitive parameters with your
own KMS or default account encryption key
• Reuse: In Documents and easily reference at runtime
across EC2 Systems Manager using {{ssm:parameter-
name}}
• Access Control: Create an IAM policy to control access
to specific parameter