SlideShare a Scribd company logo
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Pop-up Loft
2018 re:Invent Recap: Security
Bill Reid
Leader, North American Security and Compliance Solution Architecture
December 2018 San Francisco Loft
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
WARNING: Obligatory Eye Chart. Do not attempt to read it all.
We’ll take it step by step. #LargerFonts
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ROBOTICS
AWS RoboMaker
Build robotic applications easily using Robot
OS
Announcements At-a-Glance
TRANSFER and MIGRATION
AWS Transfer for SFTP
AWS DataSync
Copy, move, sync large amounts of data
between on-prem & AWS
NETWORKING and CONTENT DELIVERY
AWS Global Accelerator
Performance and availability for your global
user base
AWS Transit Gateway
Interconnect on-premises networks and VPCs
at scale
AWS Elemental MediaConnect
Broadcast quality video transport
Elastic Fabric Adapter
Run HPC workloads with high inter-node
communications
AWS Cloud Map
Map of your cloud complete with friendly
names
AWS App Mesh
Monitor and control microservices
COMPUTE
EC2 Spot Instance
Use spot instance in auto-scale groups
AWS Outposts
Bring AWS services to any data center or on-
premises
CodeDeploy ECR as a Source Action
ECS supports Blue/Green Deployments
EC2 A1 Arm Instance
EC2 C5n Instance
EC2 P3Dn Instance
Firecracker
AWS License Manager
Lightsail Tagging
Lightsail Export to EC2
Hibernation for EC2 Instances
IoT
AWS IoT SiteWise
Collect telemetry data into cloud
AWS IoT Events
Event detection and action logic for IoT
AWS IoT Things Graph
represent Things such as devices and services
as Models
AWS IoT Service Delivery Designations
Core, Greengrass, Analytics Partners in IoT
Service Delivery
Amazon FreeRTOS
Operating system for microcontrollers
SATELLITE
AWS Ground Station
Process satellite data and downlink from the
cloud
DATABASE
Dynamo Transactional APIs
All-or-nothing queries for mission critical
logic
Amazon Timestream
Time-series database for IoT and operational
apps
Amazon Quantum
Fully managed ledger database
DynamoDB on Demand
Remove capacity planning, Pay by the
request
Amazon RDS on VMware
Run RDS on VMware vSphere
Aurora Global Database
Replicate updates globally from single region
MARKETPLACE
AWS Private Marketplace
Create a private catalog of pre-approved
products
AWS Marketplace for SageMaker
Build machine learning apps using ready
made models
AWS Marketplace for Containers
Find contain products in AWS marketplace
MANAGEMENT and GOVERNANCE
CloudWatch Automatic Dashboards
Pre-built best practices dashboards for
CloudWatch
CloudWatch Logs Insights
Log analytics service for CloudWatch logs
AWS Well Architected Partner Program
Training partners to deliver Well Architected
reviews
AWS Control Tower
Automates setup of baseline environments
STORAGE
S3 Batch Operations
Manage billions of objects using APIs or
console
S3 Intelligent Tiering
Automatically optimize pricing based on S3
based on access frequency
S3 Object Lock
Write once, read many object locking for S3
S3 Glacial Deep Archive
Lowest price storage tier - for long term
S3 PUT to Glacier
four new features to reduce your storage
costs
Amazon FSx for Windows File Server
Fully managed Microsoft Windows file
system
Amazon FSx for Lustre
Fully managed Lustre file system
AWS Snowball Edge Compute Optimized
Run compute-intensive application offline
EBS doubles peak IOPS
EFS Infrequent Access
EFS Multi-VPC Access
ANALYTICS
Amazon Kinesis Data Analytics for Java
Apps
Analyze streaming data, gain insights,
respond real-time
AWS Lake Formation
Setup secure data lakes in days
SECURITY, IDENTITY, COMPLIANCE
AWS Security Hub
Unified security management with actionable
prompts
BLOCKCHAIN
Blockchain on AWS
Fully managed Blockchain network in
minutes
MACHINE LEARNING
Comprehend Medical
Scan and extract unstructured medical data
with ML
AWS Ground Truth
Build quality training sets using AI labeling
Amazon Elastic Inference
Add GPU to any EC2 or SageMaker instance
AWS Inferentia
Custom inference chip for inferencing
workloads
Amazon Textract
Extract text and data from virtually any
document
Amazon DeepRacer
Learn Reinforcement Learning (RL) easily
Amazon Personalize
Managed recommendations engine
Amazon Forecast
Accurate time-series forecasting service
SageMaker Neo
Train model once, run them anywhere
Dynamic Training with Apache MXNet on
AWS
MOBILE
AWS Amplify Console
Continuous deployment and hosting for
modern web apps
DEVELOPER TOOLS
AWS Tools for PyCharm
AWS Toolkits for Visual Studio Code, IntelliJ,
and PyCharm
Ruby Support for Lambda
AWS Lambda as a Target for App Load
Balancer
AWS Lambda Layers
Amazon Managed Streaming for Kafka
AWS Well Architected Tool
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Transit Gateway
Networking
General Availability
A new service that allows customers to interconnect
thousands of Virtual Private Clouds (VPCs) and on-premises networks
VPN connection
VPN connectionCustomer gateway Amazon VPC Amazon VPCVPC peering
AWS Direct
Connect GatewayVPC peering VPC peeringVPC peering
VPN connection Amazon VPC
Amazon VPC
VPC peering
Transit
gateway
Amazon VPC
Amazon VPC
Amazon VPC
Amazon VPC
AWS direct
connect gateway
Customer
gateway
VPN
connection
Network topology today After Transit Gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
Amazon S3 Glacier Deep Archive
Storage
Limited Preview
Secure, durable, and extremely low-cost storage service for long term data archival
Fully
managed
without tape
burden
Less than 1/10
of 1 cent/GB/
month
Designed for
99.999999999
% durability
Recover
data in
hours
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
CloudWatch Logs Insights
Management Tools
General Availability
Pay-as-you-go log analytics service for CloudWatch
Purpose-built
for log diving
Resolve operational
problems faster
Connect the dots
between logs and
metrics
Fully
managed
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Transfer for SFTP
Storage
General Availability
Fully managed service makes it easy to integrate SFTP-based file transfers into AWS
Move your existing SFTP workflows to AWS in 3 steps
Seamless
migration
of existing
workflows
Data available for
archiving and
processing in S3
Simple
to use
Cost
effective
Fully managed,
highly available,
and elastically
scalable
1 2 3
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
KMS Custom Key Store
Security
General Availability
Create a dedicated, single-tenant key store in KMS using AWS CloudHSM
• Increases the level of control over encryption keys that
protect your data across AWS
• Helps you meet mandates to manage keys using hardware
security modules (HSMs) under your control
• Satisfy those requirements and leverage the AWS KMS
integrations offered across dozens of AWS services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Resource Access Manager
Security
General Availability
Simple, secure service to share AWS resources
eliminating the need to
provision duplicate resources in every account
AWS IAM policies to
govern the consumption of shared resources, and AWS
CloudWatch and AWS CloudTrail to provide visibility
efficiently using your resources
across different departments
Share Route 53 Resolver Rules, License Manager Config, Transit Gateways and Subnets
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
Private Marketplace
AWS Marketplace Software
General Availability
Build a private marketplace that includes
approved vendors and software from AWS Marketplace
Ensure your AWS users are purchasing and launching software that
meets the company’s procurement, legal, and security controls
Customize your private marketplace with company branding, such
as logo, color, and messaging
Define and control permissions for your users in AWS
Private Marketplace
Always know when products are added or removed through
notifications from AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Control Tower
Management Tools
Limited Preview
Set-up a multi-account environment in a single location to govern AWS workloads
Automate the creation of a landing zone with best practice blueprints
AWS Control Tower automates the set-up of a well-architected multi-account environment with best practices,
and guides you through a step-by-step process to customize it to your organization
Guardrails for policy enforcement
Control Tower offers curated guardrails. Guardrails are high-level rules that provide on-going governance for
your overall AWS environment
Dashboard for continuous visibility
The Control Tower dashboard gives you continuous visibility into your AWS environment. You can view the
number of organizational units and accounts provisioned, guardrails enabled, and the compliance status of
your enabled guardrails
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Well-Architected Tool
Management Tools
General Availability
A tool to help review the state of cloud workloads
and compare them to the latest AWS architectural best practices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Marketplace for Containers
AWS Marketplace Software
General Availability
Container products available in AWS Marketplace
Choose from more than 160 curated
and trusted container products in AWS
Marketplace and run them on AWS
Container product images
are verified and scanned
Products are available with free, bring your own
license, and usage-based pricing models
Deploy container products on
Amazon ECS, AWS Fargate, or EKS
AWS Marketplace
for Containers
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing
AWS Security Hub
Security
Public Beta
Centrally view and manage security alerts & automate compliance checks
• Enabled in minutes to aggregate security findings from AWS
and Partner services across your accounts
• Quickly assess security and compliance in one location and
take action on findings
• Built-in and customizable insights help you track security
issues that are unique to your environment
• Improve compliance with automated, continuous account-
level configuration and compliance checks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Problem statement
1
Large volume of
alerts and the
need to prioritize
3
Dozens of security
tools with
different data
formats
2
Ensure that your
AWS
infrastructure
meets compliance
requirements
1
PrioritizationMultiple formats VisibilityCompliance
Lack of a single
pane of glass
across security
and compliance
tools
4
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Hub overview
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Rollout plans and pricing
AWS Security Hub is available today as a
public preview service
Available at no additional cost except for AWS
Config costs for new AWS Config users
Open to everyone
Get started in a few clicks
Goal is to iterate on latest features with customers
before releasing as generally available (GA)
Full API/CLI/SDK support
C++, Go, Java, JS, .Net, PHP, Python, Ruby
Supported Regions (15)
Asia Pacific (Mumbai)
Asia Pacific (Seoul)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)
Canada (Central)
EU (Frankfurt
EU (Ireland)
EU (London)
EU (Paris)
South America (Sao Paulo)
US East (N. Virginia)
US East (Ohio)
US West (N. California)
US West (Oregon)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Some of our current users
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrations
Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integration examples — Armor
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A few clicks to enable Security Hub
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simple multi-account setup
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Automated compliance checks
43 fully automated,
nearly continuous
checks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Insights help identify resources that require attention
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customizable response and remediation actions
Event (event-
based)
Rule
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key takeaways
Collect and process security findings from multiple accounts within a region
Evaluate your compliance against regulatory and best practice frameworks
Identify and prioritize the most important issues by grouping and correlating
security findings with Insights
Understand and manage your overall AWS security and compliance posture
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next steps
Try the preview: https://console.aws.amazon.com/securityhub/
Learn more: https://aws.amazon.com/security-hub/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security, Identity, and Compliance Recorded Sessions
SEC201-R Security Framework Shakedown: Chart Your Journey with AWS Best Practices (YouTube)
SEC202-R Top Cloud Security Myths - Dispelled! (YouTube)
SEC203-R A Practitioner's Guide to Securing Your Cloud (Like an Expert) (YouTube)
SEC301 The Theory and Math Behind Data Privacy and Security Assurance (YouTube)
SEC302 How LogMeIn Automates Governance and Empowers Developers at Scale (YouTube)
SEC303 Architecting Security & Governance across your AWS Landing Zone (YouTube)
SEC304 AWS Secrets Manager: Best Practices for Managing, Retrieving, Rotating Secrets at Scale (YouTube)
SEC310 0x32 Shades of #7f7f7f: The Tension Between Absolutes and Ambiguity in Security (YouTube)
SEC316-R Become an IAM Policy Master in 60 Minutes or Less (YouTube)
SEC319 Meeting Enterprise Security Requirements with AWS Native Security Services (YouTube)
SEC320 Policy Verification and Enforcement at Scale with AWS (YouTube)
SEC321-R How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as Code (YouTube)
SEC322-R Using AWS Lambda as a Security Team (YouTube)
SEC324 IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accounts (YouTube)
SEC325-R Data Protection: Encryption, Availability, Resiliency, and Durability (YouTube)
SEC326 Orchestrate Perimeter Security Across Distributed Applications (YouTube)
SEC327 AWS Security in Your Sleep: Build End-to-End Automation for IR Workflows (YouTube)
SEC389 Netflix: Detecting Credential Compromise in AWS (YouTube)
SEC391 Netflix: Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (YouTube)
SEC392 Netflix Cloud Forensics (YouTube)
SEC401-R Mastering Identity at Every Layer of the Cake (YouTube)
SEC402-R AWS, I Choose You: Pokemon's Battle against the Bots (YouTube)
SEC403 Five New Security Automations Using AWS Security Services & Open Source (YouTube)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Keynote
SEC305-L Leadership Session: AWS Security
Stephen Schmidt, Chief Information Security Officer at AWS, addressed the current state of security in the
cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in
terms of security, identity, and compliance tooling. (YouTube)
Steve Schmidt
Vice President
and CISO for AWS
Michele Iacovone
SVP, Chief Information
Security & Fraud Officer,
Intuit
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Coming in 2019: AWS re:Inforce
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS re:Inforce – The Cloud Security Conference
Join us for AWS re:Inforce, our first conference dedicated to cloud
security!
Dates: June 25-26, 2019
Venue & location: Boston Conference and Exhibit Center in Boston, MA
Price: $1,099
Details available on the AWS Security Blog.
Sign up to receive more information on the re:Inforce website.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
OK Deep Breath. Anything else?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
From reactive to proactive
Pace of innovation: 1800+ updates
Meets pace of protection: 239 security updates
… through automation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon GuardDuty adds three new threat detections
UnauthorizedAccess:EC2/TorClient
UnauthorizedAccess:EC2/TorRelay
CryptoCurrency:EC2/BitcoinTool.B.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Processes an average
92.7million/sec
flow log records
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon GuardDuty = CloudTrail Optimization =
Automatic Cost Savings
• Travel company | 44% reduction in GuardDuty spend
• Financial services company | 82% reduction
• Automotive company | 79% reduction
• Social media company | 86% reduction
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Now offers agentless
network assessments
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Resource-based
policies
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Store the compliance
history of AWS resources
evaluated by Config
rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon S3: Block Public Access
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon S3: Block Public Access
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Now: Compliance certifications at launch
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Pop-up Loft
aws.amazon.com/activate
Everything and Anything Startups
Need to Get Started on AWS

More Related Content

What's hot

AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
Amazon Web Services
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Amazon Web Services
 
Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018
Amazon Web Services
 
AWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies
AWS Webinar Series - Cost Optimisation Levers, Tools, and StrategiesAWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies
AWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies
Amazon Web Services
 
Deep Dive on Serverless Application Development
Deep Dive on Serverless Application DevelopmentDeep Dive on Serverless Application Development
Deep Dive on Serverless Application Development
Amazon Web Services
 
Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls
Amazon Web Services
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Amazon Web Services
 
GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS Lambda
Aleksandr Maklakov
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate
Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Amazon Web Services
 
01 aw some day_main track_aws basics
01 aw some day_main track_aws basics01 aw some day_main track_aws basics
01 aw some day_main track_aws basics
Amazon Web Services Germany GmbH
 
Immersion Day - Well Architected Workshop - June 2019
Immersion Day - Well Architected Workshop - June 2019Immersion Day - Well Architected Workshop - June 2019
Immersion Day - Well Architected Workshop - June 2019
Amazon Web Services
 
SAP Modernization with AWS
SAP Modernization with AWSSAP Modernization with AWS
SAP Modernization with AWS
Amazon Web Services
 
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
Amazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
Amazon Web Services
 
AWS business essentials
AWS business essentials AWS business essentials
AWS business essentials
Amazon Web Services
 
AWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less OperationsAWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less Operations
Amazon Web Services
 

What's hot (20)

AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
 
Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018
 
AWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies
AWS Webinar Series - Cost Optimisation Levers, Tools, and StrategiesAWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies
AWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies
 
Deep Dive on Serverless Application Development
Deep Dive on Serverless Application DevelopmentDeep Dive on Serverless Application Development
Deep Dive on Serverless Application Development
 
Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
 
GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS Lambda
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
01 aw some day_main track_aws basics
01 aw some day_main track_aws basics01 aw some day_main track_aws basics
01 aw some day_main track_aws basics
 
Immersion Day - Well Architected Workshop - June 2019
Immersion Day - Well Architected Workshop - June 2019Immersion Day - Well Architected Workshop - June 2019
Immersion Day - Well Architected Workshop - June 2019
 
SAP Modernization with AWS
SAP Modernization with AWSSAP Modernization with AWS
SAP Modernization with AWS
 
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 
AWS business essentials
AWS business essentials AWS business essentials
AWS business essentials
 
AWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less OperationsAWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less Operations
 

Similar to re:Invent Recap: Security Week at the SF Loft

[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker
[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker
[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker
Amazon Web Services Korea
 
AWS Service Drill Downs
AWS Service Drill DownsAWS Service Drill Downs
AWS Service Drill Downs
Amazon Web Services
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
 
Primeros pasos con arquitecturas serverless
Primeros pasos con arquitecturas serverlessPrimeros pasos con arquitecturas serverless
Primeros pasos con arquitecturas serverless
Amazon Web Services
 
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Amazon Web Services
 
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
Amazon Web Services
 
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
Amazon Web Services
 
Reply Labcamp Rome - AWS Zombie - Serverless and Microservices
Reply Labcamp Rome - AWS Zombie - Serverless and MicroservicesReply Labcamp Rome - AWS Zombie - Serverless and Microservices
Reply Labcamp Rome - AWS Zombie - Serverless and Microservices
Andrea Mercanti
 
Monitoring on Amazon AWS Cloud
Monitoring on Amazon AWS Cloud Monitoring on Amazon AWS Cloud
Monitoring on Amazon AWS Cloud
8KMiles Software Services
 
AWS re:Invent re:Cap 2015
AWS re:Invent re:Cap 2015AWS re:Invent re:Cap 2015
AWS re:Invent re:Cap 2015
Mark Bate
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
Amazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
Amazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
Amazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
Amazon Web Services
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Amazon Web Services
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
Bhuvaneswari Subramani
 
Day 2 Intro AWS.pptx
Day 2 Intro AWS.pptxDay 2 Intro AWS.pptx
Day 2 Intro AWS.pptx
HariBabloo1
 
Cloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & SecurityCloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & Security
Nantha Kumar Rajasekaren
 
AWS Reinvent Recap 2018
AWS Reinvent Recap 2018 AWS Reinvent Recap 2018
AWS Reinvent Recap 2018
PolarSeven Pty Ltd
 
Re cap2018
Re cap2018Re cap2018
Re cap2018
Richard Harvey
 

Similar to re:Invent Recap: Security Week at the SF Loft (20)

[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker
[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker
[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker
 
AWS Service Drill Downs
AWS Service Drill DownsAWS Service Drill Downs
AWS Service Drill Downs
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
 
Primeros pasos con arquitecturas serverless
Primeros pasos con arquitecturas serverlessPrimeros pasos con arquitecturas serverless
Primeros pasos con arquitecturas serverless
 
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
 
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
 
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
 
Reply Labcamp Rome - AWS Zombie - Serverless and Microservices
Reply Labcamp Rome - AWS Zombie - Serverless and MicroservicesReply Labcamp Rome - AWS Zombie - Serverless and Microservices
Reply Labcamp Rome - AWS Zombie - Serverless and Microservices
 
Monitoring on Amazon AWS Cloud
Monitoring on Amazon AWS Cloud Monitoring on Amazon AWS Cloud
Monitoring on Amazon AWS Cloud
 
AWS re:Invent re:Cap 2015
AWS re:Invent re:Cap 2015AWS re:Invent re:Cap 2015
AWS re:Invent re:Cap 2015
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
 
Day 2 Intro AWS.pptx
Day 2 Intro AWS.pptxDay 2 Intro AWS.pptx
Day 2 Intro AWS.pptx
 
Cloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & SecurityCloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & Security
 
AWS Reinvent Recap 2018
AWS Reinvent Recap 2018 AWS Reinvent Recap 2018
AWS Reinvent Recap 2018
 
Re cap2018
Re cap2018Re cap2018
Re cap2018
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

re:Invent Recap: Security Week at the SF Loft

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved Pop-up Loft 2018 re:Invent Recap: Security Bill Reid Leader, North American Security and Compliance Solution Architecture December 2018 San Francisco Loft
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved WARNING: Obligatory Eye Chart. Do not attempt to read it all. We’ll take it step by step. #LargerFonts
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ROBOTICS AWS RoboMaker Build robotic applications easily using Robot OS Announcements At-a-Glance TRANSFER and MIGRATION AWS Transfer for SFTP AWS DataSync Copy, move, sync large amounts of data between on-prem & AWS NETWORKING and CONTENT DELIVERY AWS Global Accelerator Performance and availability for your global user base AWS Transit Gateway Interconnect on-premises networks and VPCs at scale AWS Elemental MediaConnect Broadcast quality video transport Elastic Fabric Adapter Run HPC workloads with high inter-node communications AWS Cloud Map Map of your cloud complete with friendly names AWS App Mesh Monitor and control microservices COMPUTE EC2 Spot Instance Use spot instance in auto-scale groups AWS Outposts Bring AWS services to any data center or on- premises CodeDeploy ECR as a Source Action ECS supports Blue/Green Deployments EC2 A1 Arm Instance EC2 C5n Instance EC2 P3Dn Instance Firecracker AWS License Manager Lightsail Tagging Lightsail Export to EC2 Hibernation for EC2 Instances IoT AWS IoT SiteWise Collect telemetry data into cloud AWS IoT Events Event detection and action logic for IoT AWS IoT Things Graph represent Things such as devices and services as Models AWS IoT Service Delivery Designations Core, Greengrass, Analytics Partners in IoT Service Delivery Amazon FreeRTOS Operating system for microcontrollers SATELLITE AWS Ground Station Process satellite data and downlink from the cloud DATABASE Dynamo Transactional APIs All-or-nothing queries for mission critical logic Amazon Timestream Time-series database for IoT and operational apps Amazon Quantum Fully managed ledger database DynamoDB on Demand Remove capacity planning, Pay by the request Amazon RDS on VMware Run RDS on VMware vSphere Aurora Global Database Replicate updates globally from single region MARKETPLACE AWS Private Marketplace Create a private catalog of pre-approved products AWS Marketplace for SageMaker Build machine learning apps using ready made models AWS Marketplace for Containers Find contain products in AWS marketplace MANAGEMENT and GOVERNANCE CloudWatch Automatic Dashboards Pre-built best practices dashboards for CloudWatch CloudWatch Logs Insights Log analytics service for CloudWatch logs AWS Well Architected Partner Program Training partners to deliver Well Architected reviews AWS Control Tower Automates setup of baseline environments STORAGE S3 Batch Operations Manage billions of objects using APIs or console S3 Intelligent Tiering Automatically optimize pricing based on S3 based on access frequency S3 Object Lock Write once, read many object locking for S3 S3 Glacial Deep Archive Lowest price storage tier - for long term S3 PUT to Glacier four new features to reduce your storage costs Amazon FSx for Windows File Server Fully managed Microsoft Windows file system Amazon FSx for Lustre Fully managed Lustre file system AWS Snowball Edge Compute Optimized Run compute-intensive application offline EBS doubles peak IOPS EFS Infrequent Access EFS Multi-VPC Access ANALYTICS Amazon Kinesis Data Analytics for Java Apps Analyze streaming data, gain insights, respond real-time AWS Lake Formation Setup secure data lakes in days SECURITY, IDENTITY, COMPLIANCE AWS Security Hub Unified security management with actionable prompts BLOCKCHAIN Blockchain on AWS Fully managed Blockchain network in minutes MACHINE LEARNING Comprehend Medical Scan and extract unstructured medical data with ML AWS Ground Truth Build quality training sets using AI labeling Amazon Elastic Inference Add GPU to any EC2 or SageMaker instance AWS Inferentia Custom inference chip for inferencing workloads Amazon Textract Extract text and data from virtually any document Amazon DeepRacer Learn Reinforcement Learning (RL) easily Amazon Personalize Managed recommendations engine Amazon Forecast Accurate time-series forecasting service SageMaker Neo Train model once, run them anywhere Dynamic Training with Apache MXNet on AWS MOBILE AWS Amplify Console Continuous deployment and hosting for modern web apps DEVELOPER TOOLS AWS Tools for PyCharm AWS Toolkits for Visual Studio Code, IntelliJ, and PyCharm Ruby Support for Lambda AWS Lambda as a Target for App Load Balancer AWS Lambda Layers Amazon Managed Streaming for Kafka AWS Well Architected Tool
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Transit Gateway Networking General Availability A new service that allows customers to interconnect thousands of Virtual Private Clouds (VPCs) and on-premises networks VPN connection VPN connectionCustomer gateway Amazon VPC Amazon VPCVPC peering AWS Direct Connect GatewayVPC peering VPC peeringVPC peering VPN connection Amazon VPC Amazon VPC VPC peering Transit gateway Amazon VPC Amazon VPC Amazon VPC Amazon VPC AWS direct connect gateway Customer gateway VPN connection Network topology today After Transit Gateway
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing Amazon S3 Glacier Deep Archive Storage Limited Preview Secure, durable, and extremely low-cost storage service for long term data archival Fully managed without tape burden Less than 1/10 of 1 cent/GB/ month Designed for 99.999999999 % durability Recover data in hours
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing CloudWatch Logs Insights Management Tools General Availability Pay-as-you-go log analytics service for CloudWatch Purpose-built for log diving Resolve operational problems faster Connect the dots between logs and metrics Fully managed
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Transfer for SFTP Storage General Availability Fully managed service makes it easy to integrate SFTP-based file transfers into AWS Move your existing SFTP workflows to AWS in 3 steps Seamless migration of existing workflows Data available for archiving and processing in S3 Simple to use Cost effective Fully managed, highly available, and elastically scalable 1 2 3
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing KMS Custom Key Store Security General Availability Create a dedicated, single-tenant key store in KMS using AWS CloudHSM • Increases the level of control over encryption keys that protect your data across AWS • Helps you meet mandates to manage keys using hardware security modules (HSMs) under your control • Satisfy those requirements and leverage the AWS KMS integrations offered across dozens of AWS services
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Resource Access Manager Security General Availability Simple, secure service to share AWS resources eliminating the need to provision duplicate resources in every account AWS IAM policies to govern the consumption of shared resources, and AWS CloudWatch and AWS CloudTrail to provide visibility efficiently using your resources across different departments Share Route 53 Resolver Rules, License Manager Config, Transit Gateways and Subnets
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing Private Marketplace AWS Marketplace Software General Availability Build a private marketplace that includes approved vendors and software from AWS Marketplace Ensure your AWS users are purchasing and launching software that meets the company’s procurement, legal, and security controls Customize your private marketplace with company branding, such as logo, color, and messaging Define and control permissions for your users in AWS Private Marketplace Always know when products are added or removed through notifications from AWS
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Control Tower Management Tools Limited Preview Set-up a multi-account environment in a single location to govern AWS workloads Automate the creation of a landing zone with best practice blueprints AWS Control Tower automates the set-up of a well-architected multi-account environment with best practices, and guides you through a step-by-step process to customize it to your organization Guardrails for policy enforcement Control Tower offers curated guardrails. Guardrails are high-level rules that provide on-going governance for your overall AWS environment Dashboard for continuous visibility The Control Tower dashboard gives you continuous visibility into your AWS environment. You can view the number of organizational units and accounts provisioned, guardrails enabled, and the compliance status of your enabled guardrails
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Well-Architected Tool Management Tools General Availability A tool to help review the state of cloud workloads and compare them to the latest AWS architectural best practices
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Marketplace for Containers AWS Marketplace Software General Availability Container products available in AWS Marketplace Choose from more than 160 curated and trusted container products in AWS Marketplace and run them on AWS Container product images are verified and scanned Products are available with free, bring your own license, and usage-based pricing models Deploy container products on Amazon ECS, AWS Fargate, or EKS AWS Marketplace for Containers
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Security Hub Security Public Beta Centrally view and manage security alerts & automate compliance checks • Enabled in minutes to aggregate security findings from AWS and Partner services across your accounts • Quickly assess security and compliance in one location and take action on findings • Built-in and customizable insights help you track security issues that are unique to your environment • Improve compliance with automated, continuous account- level configuration and compliance checks
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Problem statement 1 Large volume of alerts and the need to prioritize 3 Dozens of security tools with different data formats 2 Ensure that your AWS infrastructure meets compliance requirements 1 PrioritizationMultiple formats VisibilityCompliance Lack of a single pane of glass across security and compliance tools 4
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Hub overview
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rollout plans and pricing AWS Security Hub is available today as a public preview service Available at no additional cost except for AWS Config costs for new AWS Config users Open to everyone Get started in a few clicks Goal is to iterate on latest features with customers before releasing as generally available (GA) Full API/CLI/SDK support C++, Go, Java, JS, .Net, PHP, Python, Ruby Supported Regions (15) Asia Pacific (Mumbai) Asia Pacific (Seoul) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Canada (Central) EU (Frankfurt EU (Ireland) EU (London) EU (Paris) South America (Sao Paulo) US East (N. Virginia) US East (Ohio) US West (N. California) US West (Oregon)
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Some of our current users
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Partner integrations Firewalls Vulnerability SOAR SIEM Endpoint Compliance MSSP Other
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Partner integration examples — Armor
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A few clicks to enable Security Hub
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Simple multi-account setup
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated compliance checks 43 fully automated, nearly continuous checks
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Insights help identify resources that require attention
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customizable response and remediation actions Event (event- based) Rule
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key takeaways Collect and process security findings from multiple accounts within a region Evaluate your compliance against regulatory and best practice frameworks Identify and prioritize the most important issues by grouping and correlating security findings with Insights Understand and manage your overall AWS security and compliance posture
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next steps Try the preview: https://console.aws.amazon.com/securityhub/ Learn more: https://aws.amazon.com/security-hub/
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security, Identity, and Compliance Recorded Sessions SEC201-R Security Framework Shakedown: Chart Your Journey with AWS Best Practices (YouTube) SEC202-R Top Cloud Security Myths - Dispelled! (YouTube) SEC203-R A Practitioner's Guide to Securing Your Cloud (Like an Expert) (YouTube) SEC301 The Theory and Math Behind Data Privacy and Security Assurance (YouTube) SEC302 How LogMeIn Automates Governance and Empowers Developers at Scale (YouTube) SEC303 Architecting Security & Governance across your AWS Landing Zone (YouTube) SEC304 AWS Secrets Manager: Best Practices for Managing, Retrieving, Rotating Secrets at Scale (YouTube) SEC310 0x32 Shades of #7f7f7f: The Tension Between Absolutes and Ambiguity in Security (YouTube) SEC316-R Become an IAM Policy Master in 60 Minutes or Less (YouTube) SEC319 Meeting Enterprise Security Requirements with AWS Native Security Services (YouTube) SEC320 Policy Verification and Enforcement at Scale with AWS (YouTube) SEC321-R How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as Code (YouTube) SEC322-R Using AWS Lambda as a Security Team (YouTube) SEC324 IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accounts (YouTube) SEC325-R Data Protection: Encryption, Availability, Resiliency, and Durability (YouTube) SEC326 Orchestrate Perimeter Security Across Distributed Applications (YouTube) SEC327 AWS Security in Your Sleep: Build End-to-End Automation for IR Workflows (YouTube) SEC389 Netflix: Detecting Credential Compromise in AWS (YouTube) SEC391 Netflix: Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (YouTube) SEC392 Netflix Cloud Forensics (YouTube) SEC401-R Mastering Identity at Every Layer of the Cake (YouTube) SEC402-R AWS, I Choose You: Pokemon's Battle against the Bots (YouTube) SEC403 Five New Security Automations Using AWS Security Services & Open Source (YouTube)
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Keynote SEC305-L Leadership Session: AWS Security Stephen Schmidt, Chief Information Security Officer at AWS, addressed the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling. (YouTube) Steve Schmidt Vice President and CISO for AWS Michele Iacovone SVP, Chief Information Security & Fraud Officer, Intuit
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Coming in 2019: AWS re:Inforce
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS re:Inforce – The Cloud Security Conference Join us for AWS re:Inforce, our first conference dedicated to cloud security! Dates: June 25-26, 2019 Venue & location: Boston Conference and Exhibit Center in Boston, MA Price: $1,099 Details available on the AWS Security Blog. Sign up to receive more information on the re:Inforce website.
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved OK Deep Breath. Anything else?
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. From reactive to proactive Pace of innovation: 1800+ updates Meets pace of protection: 239 security updates … through automation
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty adds three new threat detections UnauthorizedAccess:EC2/TorClient UnauthorizedAccess:EC2/TorRelay CryptoCurrency:EC2/BitcoinTool.B.
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Processes an average 92.7million/sec flow log records
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty = CloudTrail Optimization = Automatic Cost Savings • Travel company | 44% reduction in GuardDuty spend • Financial services company | 82% reduction • Automotive company | 79% reduction • Social media company | 86% reduction
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Now offers agentless network assessments
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resource-based policies
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Store the compliance history of AWS resources evaluated by Config rules
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3: Block Public Access
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3: Block Public Access
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Now: Compliance certifications at launch
  • 45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved Pop-up Loft aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS