The document presents an overview of AWS security tools and highlights the shared responsibility model for cloud security, emphasizing that 95% of cloud security failures will be the customer's fault. It discusses trends in AWS security, including the integration of automation and threat hunting, as well as frameworks such as non-repudiation and the CIA triad. Various AWS security tools like Amazon GuardDuty, AWS WAF, and AWS Secrets Manager are also introduced as part of the security landscape.

1. CONFIDENTIAL DO NOT DISTRIBUTE
TAKING CONTROL OF YOUR
SHARED RESPONSIBILITY WITH
AWS NATIVE SECURITY TOOLS
RYAN SMITH
@RYANCSMITH222
2
Product Owner
MAY 22, 2017

2. CONFIDENTIAL DO NOT DISTRIBUTE
Agenda
01 Security in AWS 101
02 Overview of the Tools
03 AWS Security in Action
2

3. CONFIDENTIAL DO NOT DISTRIBUTE
SECURITY IN AWS 101
3

4. CONFIDENTIAL DO NOT DISTRIBUTE
2017 Cyber Security Challenges
40%
910BN Record breaches in the last 10 years.
3.8M RECORD BREACHES
https://www.bloomberg.com/news/articles/2017-01-19/data-
breaches-hit-record-in-2016-as-dnc-wendy-s-co-hacked
INCREASE IN HACKS 2015-2016
$4M
Per Ponemon Institute.
Cost of Breaches: http://www-03.ibm.com/security/data-breach/
$4M AVERAGE COST OF DATA BREACH
Healthcare companies lose an average of
$355 per each stolen record
AVERAGE HEALTHCARE LOSS
$355
Of the large organizations that were breached over 70%
were deemed to be “compliant” while the breach
occurred
COMPLIANCE IMPACT
>70%
3.8M
910BN
99
Days
Dwell
“Sophisticated intelligence integration, automation,
and threat hunting should be the end-state goal for
organizations facing significant business risks and
exposure to cyber attacks. “
Per Mandiant M-Trends 2017 report
4

5. CONFIDENTIAL DO NOT DISTRIBUTE 5
https://aws.amazon.com/compliance/shared-responsibility-model/
That means the biggest threat to your cloud is
“you don’t know what you don’t know.”
Top Strategic Predictions for 2016 and Beyond – Gartner 2016
95%OF CLOUD SECURITY FAILURES
THROUGH 2020 WILL BE THE
CUSTOMERS FAULT.
http://www.gartner.com/newsroom/id/3143718
Security in AWS is a Shared Responsibility

6. CONFIDENTIAL DO NOT DISTRIBUTE
Models of Security
There are 3 general models of security that are good to follow in AWS:
 Non-Repudiation – you should never be able to deny that you did something in a
cloud environment.
 AAA Model – Authentication checks IAM for login user roles; Authorizations is your
permissions for your IAM roles; Accounting is the audit trail of activity in the platform –
this is CloudTrail.
 CIA Framework/Triad Model – Confidentiality (data encryption, IAM, 2FA). Availability
(redundancy, HA clusters, availability zones). Integrity (file permissions, version and
access control, checksum, certificate managers, encryption, etc.
6

7. CONFIDENTIAL DO NOT DISTRIBUTE
Trends in How AWS Does Security
There are a couple of trends in how AWS is approaching security:
 Security is at the Forefront – look at how big the security category is in their tooling;
announcements at ReInvent of Amazon GuardDuty and SF Summits this year with
AWS Firewall Manager and AWS Secrets Manager point to AWS seeing security as
market driver and differentiator
 Security in the Model of the Cloud – AWS will focus on services that are simple to
enable, deploy, and build into your consumption billing constructs.
 Tools will Remain Frameworks – They will look at security and compliance problems
as infrastructure-as-code solutions. Developers, partners, and customers will be able to
use these infrastructure-as-code frameworks to have security-as-code and compliance-
as-code.
7

8. CONFIDENTIAL DO NOT DISTRIBUTE
OVERVIEW OF THE TOOLS
8

9. CONFIDENTIAL DO NOT DISTRIBUTE 9
Armor Diagram v.2
Amazon Macie

10. CONFIDENTIAL DO NOT DISTRIBUTE
Amazon GuardDuty
10

11. CONFIDENTIAL DO NOT DISTRIBUTE
 43 Findings; Various Types:
• Persistence
• Recon
• Cryptocurrency
• Trojan
• Unauthorized Access
 2 Recommended Remediation Paths
• Compromised Instance
• Compromised Credentials
Amazon GuardDuty
11

12. CONFIDENTIAL DO NOT DISTRIBUTE
AWS WAF (Web Application Firewall)
12

13. CONFIDENTIAL DO NOT DISTRIBUTE
AWS WAF (Web Application Firewall)
13

14. CONFIDENTIAL DO NOT DISTRIBUTE
AWS Firewall Manager
14

15. CONFIDENTIAL DO NOT DISTRIBUTE
Amazon Inspector
15

16. CONFIDENTIAL DO NOT DISTRIBUTE
Amazon Inspector
16

17. CONFIDENTIAL DO NOT DISTRIBUTE
AWS Secrets Manager
17

18. CONFIDENTIAL DO NOT DISTRIBUTE
AWS SECURITY IN ACTION
18

19. CONFIDENTIAL DO NOT DISTRIBUTE 19
Armor Diagram v.2
Securing Your S3 Buckets with AWS Config

20. CONFIDENTIAL DO NOT DISTRIBUTE 20
Armor Diagram v.2
Amazon Inspector for Vulnerability Management

21. CONFIDENTIAL DO NOT DISTRIBUTE 21
Armor Diagram v.2
SaaS and PrivateLink

22. CONFIDENTIAL DO NOT DISTRIBUTE
Continuous Feedback Loop
Incident Context
Incident
Response
Playbooks and
Orchestration
Countermeasures
CONTINOUS RESPONSE REAL-TIME
VISIBILITY
Armor Management
Portal (AMP)
API Toolset
22
Local Network
[any device or appliance]
Armor Services
Host
[applications, OS, DBs]
Cloud Native
[Cloudtrail, etc.]
[FIM, IDS, VS, AM]
DATA SOURCES
REDUNDANT /
LIGHTWEIGHT
AGENT
Armor Agent
and Collector
Services
Metadata/Segmentation
Long-Term
Logging
Log
Ingestion/
Datalake
PROTECTION /
DETECTION
Correlation
Machine Learning
Behavior
Analytics
THREAT INTELLIGENCE
3rd Party Threat
Feeds
Armor
Threat Feeds
and Hunting
Community
Insights
The Spartan Platform
Armor Diagram v.2
Armor Anywhere
How Armor Uses AWS’ Native Tooling to Provide Security

23. CONFIDENTIAL DO NOT DISTRIBUTE
THANK YOU