The document provides an overview of AWS cloud security concepts, including the shared responsibility model and identity and access management (IAM). It discusses how AWS is responsible for security of the cloud, including physical and network security of data centers, while customers are responsible for security in the cloud, such as operating systems and applications. The document also describes IAM principles for authentication, authorization, and auditing using tools like IAM users, policies, and CloudTrail.
Many organizations face hurdles in migrating to the cloud, including challenges in learning and adopting new tools, skills, and processes. They also seek a way to continue to optimize their existing IT investments. VMware Cloud on Amazon Web Services (AWS) is an integrated hybrid-cloud service that can help your company overcome these obstacles. It enables you to run business-critical applications — without having to re-architect or convert them — across VMware vSphere-based workloads, either on-premises or on AWS. In this workshop, we will talk about how VMware Cloud on AWS helps simplify and accelerate the migration process.
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Amazon Web Services
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and manage the encryption keys used to encrypt your data. In this session, we will dive deep into best practices learned by implementing AWS KMS at AWS’ largest enterprise clients. We will review the different capabilities described in the AWS Cloud Adoption Framework (CAF) Security Perspective and how to implement these recommendations using AWS KMS. In addition to sharing recommendations, we will also provide examples that will help you protect sensitive information on the AWS Cloud.
Bring the VMware Software-Defined Data Center to Amazon Web Services with VMware Cloud. In this webinar we will dive into the compute, network and storage architecture of the VMware Cloud on AWS solution. We will look at real-world, live applications running in VMware Cloud on AWS which integrate with native AWS services such as S3 and Amazon Relational Database Service. We’ll discuss common deployment scenarios including Hybrid Cloud Architectures and Disaster Recovery and explore how the TCO of these implementations differ in VMware Cloud as compared to on-premises implementations.
Module 2 AWS Foundational Services - AWSome Day Online Conference Amazon Web Services
Module 2: AWS Infrastructure – Compute, Storage and Networking
This module will cover:
- Modern Data Center Design Models
- Amazon Elastic Cloud Compute (EC2) concepts including instance types and families, AMIs and meta and user data
- Storage Concepts including Amazon Simple Storage Service (S3)
- Networking Concepts
- Amazon Virtual Private Cloud (VPC) concepts
Many organizations face hurdles in migrating to the cloud, including challenges in learning and adopting new tools, skills, and processes. They also seek a way to continue to optimize their existing IT investments. VMware Cloud on Amazon Web Services (AWS) is an integrated hybrid-cloud service that can help your company overcome these obstacles. It enables you to run business-critical applications — without having to re-architect or convert them — across VMware vSphere-based workloads, either on-premises or on AWS. In this workshop, we will talk about how VMware Cloud on AWS helps simplify and accelerate the migration process.
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Amazon Web Services
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and manage the encryption keys used to encrypt your data. In this session, we will dive deep into best practices learned by implementing AWS KMS at AWS’ largest enterprise clients. We will review the different capabilities described in the AWS Cloud Adoption Framework (CAF) Security Perspective and how to implement these recommendations using AWS KMS. In addition to sharing recommendations, we will also provide examples that will help you protect sensitive information on the AWS Cloud.
Bring the VMware Software-Defined Data Center to Amazon Web Services with VMware Cloud. In this webinar we will dive into the compute, network and storage architecture of the VMware Cloud on AWS solution. We will look at real-world, live applications running in VMware Cloud on AWS which integrate with native AWS services such as S3 and Amazon Relational Database Service. We’ll discuss common deployment scenarios including Hybrid Cloud Architectures and Disaster Recovery and explore how the TCO of these implementations differ in VMware Cloud as compared to on-premises implementations.
Module 2 AWS Foundational Services - AWSome Day Online Conference Amazon Web Services
Module 2: AWS Infrastructure – Compute, Storage and Networking
This module will cover:
- Modern Data Center Design Models
- Amazon Elastic Cloud Compute (EC2) concepts including instance types and families, AMIs and meta and user data
- Storage Concepts including Amazon Simple Storage Service (S3)
- Networking Concepts
- Amazon Virtual Private Cloud (VPC) concepts
by Erin McGill, Partner Solutions Architect, AWS
By packaging software into standardized units, containers give code everything it needs to run, ensuring consistency from your laptop all the way into production. But once you have your code ready to ship, how do you run and scale it in the cloud? In this session, you will learn about your options for running containers on AWS and the integrated AWS services that you can take advantage of to run and scale containerized applications.
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Amazon Web Services
Deep dive into how Amazon ECS can enable secure, natively addressable, and highly performant network interfaces for containers using the recently launched the awsvpc task networking mode. In this session, we focus on how CNI plugins were integrated with the Amazon ECS container agent and discuss the backend changes necessary to enable elastic network interface provisioning for tasks. Shakeel Sorathia, VP of engineering at FOX Digital, discusses best practices for working with Amazon ECS to enable such use cases as network isolation and IP-based routing for service discovery.
VMware Cloud on AWS: Technical Deep Dive - SRV341 - Chicago AWS SummitAmazon Web Services
VMware Cloud on AWS helps customers leverage existing infrastructure investments while providing the scalability, agility, and security of AWS. In this session, learn about the technical details of VMware Cloud on AWS as well as design considerations for integrating your VMware Cloud on AWS software-defined data centers (SDDCs) with native AWS services or your on-premises data centers, or both. We also cover the connectivity options available and dive deep on the networking architecture.
How Western Union Implemented Security Measures at Scale on AWS with Dome9 Amazon Web Services
How do you enhance the security of your AWS environment and maintain it even as you rapidly grow your footprint and scale operations? This was the question that the security and operations teams at Western Union faced as they built out their presence on the AWS Cloud. They discovered that Dome9 Arc delivered visibility and control over their cloud assets, as well as proactive compliance management.
Introduction to the AWS Shared Security Responsibility Model and some of the technical features and security processes that you can take advantage of to ensure that you applications are more secure in the AWS Cloud.
Technical 201: Moving Enterprise Windows Workloads to AWS
The cloud is the new norm for organizations of all sizes. In this session you will learn how to create an entire Microsoft Enterprise environment in AWS that includes AWS Active Directory Service, Simple System Management (SSM) service, MS Exchange and SharePoint. These will further integrate with new end user productivity services such as AWS WorkSpaces, AWS WorkDocs, and AWS WorkMail.
Speaker: Dr Peter Stanski, Solutions Architect, Amazon Web Services
Exciting world of Amazon container services with AWS Fargate and Amazon EKSAmazon Web Services
With a mission to make containers the first class citizen in the cloud, AWS brings you a range of services to help run your containerized workloads. AWS Fargate is a compute engine for deploying and managing containers, which frees you from having to manage any of the underlying infrastructure. With AWS Fargate, you no longer have to provision, configure, scale, or update clusters of virtual machines to run containers. We also have Amazon Elastic Container Service for Kubernetes (Amazon EKS), which makes it easy to run Kubernetes on AWS at scale in production, without having to manage the Kubernetes control plane. In this session, learn how you can use AWS container services to deploy and manage your docker containers. Learn what we're doing to make AWS an even better place to run containers, and watch a live demonstration of AWS Fargate and Amazon EKS in action.
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...Amazon Web Services
AWS Fargate makes running containerized workloads on AWS easier than ever before. In this session, we provide a technical background for using Fargate with your existing containerized services. We include best practices for building images, configuring task definitions, task networking, secrets management, and monitoring.
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017Amazon Web Services
VMWare Cloud on AWS allows your teams to migrate existing assets to the AWS Cloud quickly by using tools you are already familiar with. VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. This session uses practical, real world customer deployment examples to dives deep on hybrid cloud network connectivity, data protection best practices, and AWS native service integrations. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and AWS hybrid cloud solution.
This advanced technical session covers architecture patterns for different workloads, IAM policy tips & tricks, and how to implement security automation and forensics. Be prepared for a technically deep session on AWS security.
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from one to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
Your application is exposed to a variety of threats from common distributed attacks to sophisticated zero-day vectors. Learn how to architect beyond the region and take advantage of the AWS Edge Network and upgrade your security posture with easy to deploy solutions that scale. At this session you will learn how to I ensure your application will withstand malicious threats and DDoS attacks, what role does architecture play in your security posture, and how professional services and partners like Flux7 can help.
Many Windows shops want to move to the cloud, but are overwhelmed by the numerous options. In this talk we will take a look at how to move your Active Directory environment into AWS and provide some tips and tricks on how to make the most of the options available.
If you want to deliver videos to all consumers on all devices, building such workloads is complex, time consuming, and expensive. Now, it is fast and easy to implement video-on-demand workflows on AWS and distribute video content to a global audience. Companies, small or large and in various industries, can deliver streaming video without complex professional video tools. In this session, learn how to build complex video workflows entirely in code using AWS services.
La sicurezza nel cloud, per AWS, è una priorità. I clienti che scelgono di utilizzare i servizi AWS traggono vantaggio da un'architettura di data center e di rete progettata per soddisfare i requisiti delle organizzazioni più esigenti a livello di sicurezza.Durante questa sessione vedremo quali sono gli strumenti che AWS mette a disposizione dei propri clienti per rendere le proprie applicazioni e i propri dati sicuri.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
by Erin McGill, Partner Solutions Architect, AWS
By packaging software into standardized units, containers give code everything it needs to run, ensuring consistency from your laptop all the way into production. But once you have your code ready to ship, how do you run and scale it in the cloud? In this session, you will learn about your options for running containers on AWS and the integrated AWS services that you can take advantage of to run and scale containerized applications.
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Amazon Web Services
Deep dive into how Amazon ECS can enable secure, natively addressable, and highly performant network interfaces for containers using the recently launched the awsvpc task networking mode. In this session, we focus on how CNI plugins were integrated with the Amazon ECS container agent and discuss the backend changes necessary to enable elastic network interface provisioning for tasks. Shakeel Sorathia, VP of engineering at FOX Digital, discusses best practices for working with Amazon ECS to enable such use cases as network isolation and IP-based routing for service discovery.
VMware Cloud on AWS: Technical Deep Dive - SRV341 - Chicago AWS SummitAmazon Web Services
VMware Cloud on AWS helps customers leverage existing infrastructure investments while providing the scalability, agility, and security of AWS. In this session, learn about the technical details of VMware Cloud on AWS as well as design considerations for integrating your VMware Cloud on AWS software-defined data centers (SDDCs) with native AWS services or your on-premises data centers, or both. We also cover the connectivity options available and dive deep on the networking architecture.
How Western Union Implemented Security Measures at Scale on AWS with Dome9 Amazon Web Services
How do you enhance the security of your AWS environment and maintain it even as you rapidly grow your footprint and scale operations? This was the question that the security and operations teams at Western Union faced as they built out their presence on the AWS Cloud. They discovered that Dome9 Arc delivered visibility and control over their cloud assets, as well as proactive compliance management.
Introduction to the AWS Shared Security Responsibility Model and some of the technical features and security processes that you can take advantage of to ensure that you applications are more secure in the AWS Cloud.
Technical 201: Moving Enterprise Windows Workloads to AWS
The cloud is the new norm for organizations of all sizes. In this session you will learn how to create an entire Microsoft Enterprise environment in AWS that includes AWS Active Directory Service, Simple System Management (SSM) service, MS Exchange and SharePoint. These will further integrate with new end user productivity services such as AWS WorkSpaces, AWS WorkDocs, and AWS WorkMail.
Speaker: Dr Peter Stanski, Solutions Architect, Amazon Web Services
Exciting world of Amazon container services with AWS Fargate and Amazon EKSAmazon Web Services
With a mission to make containers the first class citizen in the cloud, AWS brings you a range of services to help run your containerized workloads. AWS Fargate is a compute engine for deploying and managing containers, which frees you from having to manage any of the underlying infrastructure. With AWS Fargate, you no longer have to provision, configure, scale, or update clusters of virtual machines to run containers. We also have Amazon Elastic Container Service for Kubernetes (Amazon EKS), which makes it easy to run Kubernetes on AWS at scale in production, without having to manage the Kubernetes control plane. In this session, learn how you can use AWS container services to deploy and manage your docker containers. Learn what we're doing to make AWS an even better place to run containers, and watch a live demonstration of AWS Fargate and Amazon EKS in action.
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...Amazon Web Services
AWS Fargate makes running containerized workloads on AWS easier than ever before. In this session, we provide a technical background for using Fargate with your existing containerized services. We include best practices for building images, configuring task definitions, task networking, secrets management, and monitoring.
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017Amazon Web Services
VMWare Cloud on AWS allows your teams to migrate existing assets to the AWS Cloud quickly by using tools you are already familiar with. VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. This session uses practical, real world customer deployment examples to dives deep on hybrid cloud network connectivity, data protection best practices, and AWS native service integrations. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and AWS hybrid cloud solution.
This advanced technical session covers architecture patterns for different workloads, IAM policy tips & tricks, and how to implement security automation and forensics. Be prepared for a technically deep session on AWS security.
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from one to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
Your application is exposed to a variety of threats from common distributed attacks to sophisticated zero-day vectors. Learn how to architect beyond the region and take advantage of the AWS Edge Network and upgrade your security posture with easy to deploy solutions that scale. At this session you will learn how to I ensure your application will withstand malicious threats and DDoS attacks, what role does architecture play in your security posture, and how professional services and partners like Flux7 can help.
Many Windows shops want to move to the cloud, but are overwhelmed by the numerous options. In this talk we will take a look at how to move your Active Directory environment into AWS and provide some tips and tricks on how to make the most of the options available.
If you want to deliver videos to all consumers on all devices, building such workloads is complex, time consuming, and expensive. Now, it is fast and easy to implement video-on-demand workflows on AWS and distribute video content to a global audience. Companies, small or large and in various industries, can deliver streaming video without complex professional video tools. In this session, learn how to build complex video workflows entirely in code using AWS services.
La sicurezza nel cloud, per AWS, è una priorità. I clienti che scelgono di utilizzare i servizi AWS traggono vantaggio da un'architettura di data center e di rete progettata per soddisfare i requisiti delle organizzazioni più esigenti a livello di sicurezza.Durante questa sessione vedremo quali sono gli strumenti che AWS mette a disposizione dei propri clienti per rendere le proprie applicazioni e i propri dati sicuri.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Amazon Web Services
This module covers how AWS approaches securing the cloud, along with the AWS Shared Responsibility Model, AWS Access Control and Management, AWS Security Compliance Programs, and resources available to you in better understanding AWS Cloud security options.
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
Securing your data platforms in job zero. Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to innovate and release enhancements to encryption-specific services, and expand the encryption capabilities in new services to make encryption easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.
In this session, we will explore common use cases for (server based or generally load balanced) workloads in AWS and how they compare with the on-prem deployment patterns. you will learn the architectural patterns and line of thinking for deploying security perimeters and segmentation across a multiple account/vpc strategy, Edge security. also, you how you can make sure the pattern you develop will be applied uniformly across your current and future environments.
This workshop is an introduction to security-related services on AWS. We will discuss security services on AWS and also walk through how to import third-party security solutions from the AWS marketplace. This Workshop will include a demo and some customer case studies.
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe.
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
Auditors and security staff can improve their security capabilities by learning how to code. In this workshop, they have the opportunity to start coding for security using AWS CLI, Amazon CloudWatch metrics, Python boto3 (one-liner or AWS Lambda), AWS Config rules, and so on. Throughout the workshop, participants try to solve several security and audit activity issues using AWS services. To join, participants should have a Python 3.x environment on their laptop. While it’s important to know AWS security fundamentals and have some experience applying them, coding experience isn’t necessary.
Artificial Intelligence (AI) is transforming the world around us. At Amazon.com, we use Artificial Intelligence to improve customer experience, grow its business and optimize its operations. In this session, two local startups will share about their journey on building an AI company and their vision on how their technology is going to disrupt the world.
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
Securing Your Customers Data From Day One
Speaker: Bruce Wang
Security by design principles include implement a strong identity foundation, enabling traceability, applying security at all layers, automating security best practices, protecting data (in transit and at rest) , preparing for security event
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: operating systems, services and applications control responsibilities, the automation of security baselines, the configuration of security, and the auditing of controls for AWS customer infrastructure. You'll learn key principles of how to build a secure organization and protect your customers' data. Don't wait until your first security incident before putting these best practices in place.
Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
AWS Summit Milano 2019 - Sicurezza in AWS automazione e best practice - Antonio Duma, Solutions Architect, AWS | Carmela Gambardella, Solutions Architect AWS
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Start the session off with this question to engage the audience, and spark discussion. Get a sense of where their understanding of cloud security is. This will also give you (the presenter) a sense of the areas to focus on during the presentation
There’s a shared responsibility to accomplish security and compliance objectives in AWS cloud. There are some elements that AWS takes responsibility for, and others that the customer must address. The outcome of the collaborative approach is positive results seen by customers around the world.
We look after the security OF the cloud, and you look after your security IN the cloud.
Segway to talk about FedRAMP potentially and share your experiences from around the world!
This is a quick quiz to keep the audience engaged, and test their understanding of the AWS Shared Responsibility Model which is one of the most important take-aways we want attendees to have.
If they get any answer wrong, use that opportunity to further clarify why the answer is a wrong one.
This is a quick quiz to keep the audience engaged, and test their understanding of the AWS Shared Responsibility Model which is one of the most important take-aways we want attendees to have.
If they get any answer wrong, use that opportunity to further clarify why the answer is a wrong one.
IAM allows you to implement a comprehensive access control on AWS resources.
IAM is giving you the ability to Authenticate, Authorize, Log all access.
-> Authenticate, including regular credentials or with strong authentication for your privilege users (or everybody), as well authenticate an other AWS accounts or even trust other Identity Providers
-> Authorize with granularity who can do what. Therefore you can implement Least Privilege and Segregation of Duties.
-> And finally, Log every allow and deny in CloudTrail, for troubleshoot or audit purposes.
Basically when you think Access control with AWS resources then think IAM… Every time.
Key takeaway here is: Identities for Applications and Operating Systems are outside of the scope of AWS IAM
Temporary credentials duration lasts from 15 minutes to 12 hours
The key takeaway here is that you use different approaches to login to the Console vs API access.
Account Owner
Can do anything
IAM Policies
User Level
Resource Level
A username for each user
Groups to manage multiple users
Centralized access control
Optional provisions:
Password for console access
Policies to control access to AWS APIs
Two methods to sign API calls:
X.509 certificate
Access Key ID + Secret Access Key
Multifactor Authentication
LDAP Directories:
EC2 instances access on-premise directory servers via VPN.
Directory servers replicated to AWS as read-only or read/write directory servers on EC2 instance(s).
Create federation via one-way trust or Active Directory Federation Services.
Leverage AWS Directory Services for Samba-based directory services.
Use this question as a conversation starter to discuss the value of encryption, why it’s not just for financial services and healthcare, and how AWS not only provides for encryption, but makes it easier.
For customers with HIPAA compliance requirements. Keep hidden otherwise.
This slide is not about teaching what encryption is or the differences between transit and rest. It is about mentioning that not only do we provide our customers the ability to encrypt their data as it sits and flows through and in/out of our environment, but that we provide many services and features that make it easier. You should call out KMS, CloudHSM, VGW, EBS encryption, ELB SSL offloading, RDS Oracle TDE, MSSQL TDE, S3 object encryption, etc.
If the customer is currently not encrypting data (either in transit or at rest), this might be a good place to discuss the differences and emphasis the need to do so under the shared responsibility model.
Provision trusted SSL/TLS certificates from AWS for use with AWS resources:
Elastic Load Balancing
Amazon CloudFront distributions
AWS handles the muck
Key pair and CSR generation
Managed renewal and deployment
Domain validation (DV) through email
Available through AWS Management console, CLI, or API
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect your data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
Integrated with AWS SDKs and AWS services:
S3, EBS, AWS Import/Export Snowball, RDS, Redshift, CodeCommit, CloudTrail, EMR, Kinesis Firehose, Elastic Transcoder, SES, WorkSpaces, WorkMail
Centralized control.
Easy and automatic key rotation (KMS keeps track of old keys for decryption)
*New Feature*: Bring your own keys to KMS
The most important part about the CloudHSM service is that you and only you control the keys stored on the HSM. Because of the properties of the HSM that we discussed earlier, separation of duties and physical protection of the keys, and third party validation, you can trust that the HSM is securely storing your keys so that you and only you have access to the keys.
AWS manages and monitors the HSM appliances, but does not have access to the keys. In fact, if you lose the access to your credentials, AWS can’t help you recover your key material. You can recover from your own backup if you have a backup with the required credentials.
The CloudHSM appliances are inside your VPC, so you can use familiar network security groups and ACLs to limit access to the HSM.
We use SafeNet Luna SA HSMs with the service today.
CloudHSM customers are using it to protect master keys for database encryption such as Oracle TDE or MS SQL Server TDE, With Apache to protect the private key used to set up SSL connections, for Digital Rights Management (DRM), and for document signing.
You can find out more about CloudHSM at aws.amazon.com/cloudhsm
Inspector is an automated security assessment service to help improve the security and compliance of applications deployed on AWS.
Let’s talk about why we built the WAF based on customer feedback.
WAF was initially a CDN offering, but now integrates with ELB as well
WAFs help protect web sites & applications against attacks that cause data breaches and downtime.
General WAF use cases
Protect from SQL Injection (SQLi) and Cross Site Scripting (XSS)
Prevent Web Site Scraping, Crawlers, and BOTs
Mitigate DDoS (HTTP/HTTPS floods)
Gartner reports that main driver of WAF purchase (25-30%) is PCI compliance
Who made the API call?
When was the API call made?
What was the API call?
Which resources were acted up on in the API call?
Where was the API call made from and made to?
Stored durably in S3
Discuss ways to consume CloudTrail logs (Console, CLI, Splunk, SumoLogic, AlertLogic, Loggly, DataDog, etc.)
You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly.
No Agents! Just Turn it on. No really, Ill wait.
Enable per ENI, per Subnet or per VPC
All network traffic data is logged to CloudWatch logs so you get durable storage but also all the analysis features such as filter queries and metric creation
And then Create Alarms on those metrics
Collected, processed and stored in ~10 minute capture windows into Cloudwatch Logs
Or roll your own real time network dashboard with the new Amazon Elasticsearch Service
Also based on a CloudWatch Logs Subscription filter that tees Flow Log data into a Kinesis stream and a stream reader then takes data and puts it into Elasticsearch
See Jeff’s blog post where he details how to setup this VPC Flow Dashboard in a few clicks
AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
Use Cases:
Security analysis: Am I safe?
Audit compliance: Where is the evidence?
Change management: What will this change affect?
Troubleshooting: What has changed?
Discovery: What resources exist?
A Config Rule represents desired configurations for a resource and is evaluated against configuration changes on the relevant resources, as recoded by AWS Config. The results of evaluating a rule against the configuration of a resource are available on a dashboard. Using Config Rules, you can assess your overall compliance and risk status from a configuration perspective, view compliance trends over time and pinpoint which configuration change caused a resource to drift out of compliance with a rule.
Notes: This slide is very similar to the previous one. It adds the concept of Config Rules. It should be noted that although the “Changing Resources” are moved off the page with the animation, they are still important and not being replaced. We’re just making room. It’s probably a good idea to read all the Config Rule faqs from the public page to make sure you’re comfortable discussing the different elements.
Discuss the Four Pillars of being Well Architected and how TA helps you with this.
These are the reasons most of our customers use AWS.
Give some examples of some of the checks in at least two pillars.
Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides customers with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks.
Amazon Macie utilizes machine learning to automatically classify and provide visibility to understand where important business data exists across an AWS environment. Features include: automated content classification, data access and context about whether a user account or group of user accounts are exhibiting unusual behavior.
Amazon Macie starts by identifying and protecting the data that attackers are likely to target. Amazon Macie automatically learns jargon, internal project names, and estimates the business value for each object and file across a company's network within S3. For large organizations, this can be hundreds of millions of documents.
AWS Security Partners offer hundreds of industry-leading products that are equivalent, identical to, or integrate with existing controls in your on-premises environments. These products complement the existing AWS services to enable you to deploy a comprehensive security architecture and a more seamless experience across your cloud and on-premises environments.
Infrastructure Security
Designed to identify and protect your applications and data from cyber-attacks and other advanced threats vectors.
Logging & Monitoring
Maintain visibility and auditability of activity in your application infrastructure, while providing policy-driven alerting, and reporting.
Identity & Access Control
Help define and manage access policies to enforce business governance including, user authentication, SSO, and enforcement.
Configuration & Vulnerability Analysis
Help inspect your application deployments for security risks and vulnerabilities, while providing priorities and advice to assist with for remediation.
Data Protection
Assist with safeguarding your data from unauthorized disclosure and modification, through encryption, key management, and policy-driven controls.
Discuss the importance of hardening the EC2 instances.
Discuss the lifecycle of creating an instance, hardening, and then creating a reusable AMI again. Stress the importance of AMI management and bootstrapping.
Your security posture is determined by the “whole” of the mechanisms you employ.
This slide should serve as a review, but be sure to address any questions here.
The main point of this slide is to introduce the fact that AWS takes security very seriously. We dedicate an entire section of our website to the Security and Compliance Center to communicate with our customers providing things like:
Security and Compliance whitepapers
Security best practice whitepapers
Security bulletins
Requests for customer penetration testing
This presentation is a brief overview of the information on this site, please be aware of it and check out the site for more details and information.