SlideShare a Scribd company logo

Secure and Automate AWS Deployments with Next Generation Security

Amazon Web Services
Amazon Web Services
1 of 50
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Anshul Srivastava, Solutions Architect AWS MENA RaEd Abudayyeh Cloud Security Lead (Palo Alto), Emerging Markets Secure and Automate AWS Deployments with Next Generation Security
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Why is traditional threat detection so hard? Skills shortageSignal to noiseLarge datasets
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Get the humans away from the data
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS CloudTrail Track user activity and API usage Threat detection: Log data inputs VPC Flow Logs IP traffic to/from network interfaces in your VPC CloudWatch Logs Monitor apps using log data, store & access log files DNS Logs Log of DNS queries in a VPC when using the VPC DNS resolver
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS CloudTrail
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detect with VPC Flow Logs AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start & end time Accept or reject
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon CloudWatch Logs subscriptions • Real-time feed of log events • Delivered to an AWS Lambda function or Amazon Kinesis Data Streams • Supports custom processing, analysis, loading into other systems • Cross-account data sharing for centralized log processing
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads Threat detection: Machine learning Amazon Macie Machine learning−powered security service to discover, classify, & protect sensitive data
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. What can Amazon GuardDuty detect? RDP brute force RAT installed Exfiltrate temp IAM creds over DNS Probe API with temp creds Attempt to compromise account Malicious or suspicious IP Unusual ports DNS exfiltration Unusual traffic volume Connect to blacklisted site Recon Anonymizing proxy Temp credentials used off-instance Unusual ISP caller Bitcoin activity Unusual instance launch
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon GuardDuty threat detection and notification
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detecting known threats Threat intelligence • Feeds: o AWS Security o Commercial - CrowdStrike, Proofpoint o Open source o Customer provided - "format": "[TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE]", • Known malware-infected hosts • Anonymizing proxies • Sites hosting malware and hacker tools • Cryptocurrency mining pools and wallets
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detecting unknown threats Anomaly detection • Algorithms to detect unusual behavior o Inspecting signal patterns for signatures o Profiling normal activity and looking at deviations o Machine learning classifiers
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Finding types Recon • Port probe on unprotected port • Outbound port scans • Callers from anonymizing proxies Backdoor • Spambot or C&C activity • Exfiltration over DNS channel • Suspicious domain request Trojan • Domain generation algorithm (DGA) domain request • Blackhole traffic • Drop point Unauthorized Access • Unusual ISP caller • SSH/RDP brute force Stealth • Password policy change • AWS CloudTrail logging disabled • Amazon GuardDuty disabled in member account Cryptocurrency • Communication with bitcoin DNS pools • Cryptocurrency related DNS calls • Connections to bitcoin mining pool
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Multi-account support Account B Account C Security team account Account A CloudWatch Events Amazon GuardDuty Amazon GuardDuty Amazon GuardDuty Amazon GuardDuty
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Visibility to answer the tough questions • What data do I have in the cloud? • Where is it located? • Where does my sensitive data exist? • What’s sensitive about the data? • What PII/PHI is possibly exposed? • How is data being shared and stored? • How and where is my data accessed? • How can I classify data in near-real time? • How do I build workflow remediation for my security and compliance needs?
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon Macie Understand your data Natural language processing (NLP) Understand data access Predictive user behavior analytics (UBA)
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. PII and personal data Source code SSL certificates, private keys iOS and Android app signing keys Database backups OAuth and cloud SaaS API Keys Macie content classification
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. • Use behavioral analytics to baseline normal behavior patterns • Contextualize by value of data being accessed Macie user behavior analytics (UBA) Large increase in viewed content—possible indicator of early stage reconnaissance
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. 0. Feature extraction from event data 1. Map into user time series 2. Cluster peer groups 3. Predict user activity, update models 4. Identify anomalies 5. Attempt to explain statistically 6. Alert and narrative explanation created Normal accesses Macie user behavior analytics (UBA)
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. • Works on Amazon S3 bucket and object policies • Use AWS Lambda to approve or automatically remediate overly permissive policies o Delete the object o Revoke access—bucket or object o Update IAM policies o Suspend user • Prioritize by PII impact and data loss prevention (DLP) risk Discover and alert on global permissions
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Threat detection: Triggers Amazon CloudWatch Events Delivers a near real-time stream of system events that describe changes in AWS resources AWS Config Rules Continuously tracks your resource configuration changes and if they violate any of the conditions in your rules
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Config Rules A continuous recording and assessment service Changing resources AWS Config AWS Config Rules History snapshot Notifications API access Normalized • How are my resources configured over time? • Is a change that just occurred to a resource, compliant?
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon CloudWatch Events { "source": [ "aws.guardduty" ] } CloudWatch Event GuardDuty findings Lambda function
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Threat remediation: Network AWS Shield Advanced Managed service providing DDoS protection against and visibility into large, sophisticated attacks, plus access to DDoS experts
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. DDoS Targeted attacks Reflection and amplification Layer 3 & 4 floods Slowloris SSL abuse HTTP floods Bots and probes SQL injection XSS RFI/LFI Application exploits Certificate hijacking Spear phishing CSRF Authorization exploits Web Application Firewall AWS WAF Amazon CloudFront Elastic Load Balancing AWS Shield Amazon Inspector Amazon Macie AWS Certificate Manager AWS Marketplace: IDS/IPS, Anti-malware Spectrum of attacks
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. DDoS Response Team HTTP floods Bad bots Suspicious IPs Border network Network-layer mitigations AWS services Web-layer mitigations Customer resources DDoS Detect- ion Internet Internet- layer mitigations DDoS SSL Attacks Slowloris Malformed HTTP Large-scale attacks SYN floods Reflection attacks Suspicious sources Defense in depth DDoS response team (DRT) Sophisticated Laye 7 attacks
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Shield: DDoS attack detection Data sources: 1. Network-layer telemetry from routers 2. AWS services • Amazon S3 • Amazon CloudFront • Amazon Route 53 • AWS WAF
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Always-on monitoring and detection Signature-based detection Heuristics-based anomaly detection Baselining
© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. • Inline inspection and scoring • Preferentially discard lower priority (attack) traffic • False positives are avoided and legitimate viewers are protected Traffic prioritization based on: High-suspicion packets dropped Low-suspicion packets retained Layer 3/4 infrastructure protection
RaEd Abudayyeh Cloud Security Lead, Emerging Markets Secure and Automate AWS Deployments with Next Generation Security.
PALO ALTO NETWORKS APPS 3rd PARTY APPS CUSTOMER APPS SECURITY OPERATING PLATFORM LOGGING SERVICE THREAT INTEL DATA NETWORK ENDPOINT CLOUD APPLICATION FRAMEWORK
LEADERSHIP IN CYBERSECURITY 63% of the Global 2K are Palo Alto Networks customers 29% year over year revenue growth* 85 of Fortune 100 rely on Palo Alto Networks #1 in Enterprise Security 54,000+ customers in 150+ countries Revenue trend 40% CAGR FY14 - FY18 FY14 FY15 FY16 FY17 FY18 • Q4FY2018. Fiscal year ends July 31. • Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q18, 14 June 2018
CONSISTENT PREVENTION EVERYWHERE SaaS PHYSICAL NETWORK PRIVATE CLOUD IaaS PaaS MOBILE 33 | © 2018 Palo Alto Networks. All Rights Reserved.
SHARED RESPONSIBILT Y
AWS SECURITY = A SHARED RESPONSIBILITY AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Encryption Key Management Client & Server Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers are responsible for their security IN the Cloud AWS looks after the security OF the platform
CLOUD USAGE TYPES SAASPRIVATE PHYSICAL IAA S PAAS
SECURING THE CLOUD IS HARD Fragmented Security Human Error Manual Security
“A Public Cloud Risk Model: Accepting Cloud Risk Is OK, Ignoring Cloud Risk Is Tragic,” Gartner, November 2, 2016 TRIVIA QUESTION! 95% Through 2020 Of cloud security failures will be the customer fault
SAASPRIVATE PHYSICAL SECURING THE PUBLIC CLOUD IAAS PAAS
HOST Continuous security & compliance INLINE Protect and segment cloud workloads API-BASED Secure OS & app within workloads OURVISION FOR CLOUD SECURITY
EV WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server THREE KEY SECURITY ELEMENTS INLINE Protect and Segment Cloud Workloads API HOST Secure OS & App Within Workloads API Continuous Security & Compliance On-Premises Virtual Private Cloud (VPC) Evident Traps VM-Series NGFW
WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server PROTECT AND SEGMENT CLOUD WORKLOADS VM-SERIES On-Premises Application visibility and workload segmentation Auto-scale based on triggers Prevent outbound and inbound attacks Virtual Private Cloud (VPC)
CONTINUOUS MONITORING AND COMPLIANCE EVIDENT API Is MFA Enabled? Is any sensitive data exposed? What services are running? Who has access to this resource? Evident Discover and Monitor Resources Compliance Reporting Secure Storage Services EV
APP WORKLOAD Lightweight Agent Real-time Exploit and Malware Protection Protects Unpatched Workloads WORKLOAD PROTECTION TRAPS Multi-method Attack Prevention Traps Advanced Endpoint Protections
PLATFORM AUTOMATION URL Filtering CLOUD- DELIVERED SECURITY SERVICES WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server API 3rd party feeds Customer data Amazon GuardDuty MineMeld Threat Prevention Malware Analysis EV Evident Traps VM-Series NGFW
IAA S PAAS LET’S TALK SAAS SECURITY PRIVATE PHYSICAL SAAS
SAAS SECURITY APPROACHES SaaS Native Security Limited Scope CASB Vendors Limited Security Legacy Content Security Limited Context
OUR APPROACH TO SAAS SECURITY Remote Users Branc h Headquarters Unmanaged Devices Managed Devices GlobalProtect Cloud Service NGFW Aperture A PI Sanctioned Tolerated Unsanctioned SaaS application visibility and granular enforcement delivered inline Monitor in-cloud activity and protect data with Aperture
PHYSICAL NETWORK MOBILE PRIVATE CLOUD CONSISTENT & FRICTIONLESS PREVENTION EVERYWHERE IAAS SAAS PAAS
Thank you!

Recommended

Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS SummitAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitAmazon Web Services
 
Modernize Your Threat Detection and Remediation Process Using Cloud Services
Modernize Your Threat Detection and Remediation Process Using Cloud ServicesModernize Your Threat Detection and Remediation Process Using Cloud Services
Modernize Your Threat Detection and Remediation Process Using Cloud ServicesAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWSAmazon Web Services
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
 

Recommended

Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS SummitAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitAmazon Web Services
 
Modernize Your Threat Detection and Remediation Process Using Cloud Services
Modernize Your Threat Detection and Remediation Process Using Cloud ServicesModernize Your Threat Detection and Remediation Process Using Cloud Services
Modernize Your Threat Detection and Remediation Process Using Cloud ServicesAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWSAmazon Web Services
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
GDPR and Automation Overview
GDPR and Automation OverviewGDPR and Automation Overview
GDPR and Automation OverviewAmazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty LabAmazon Web Services
 
Security@Scale
Security@ScaleSecurity@Scale
Security@ScaleAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfAmazon Web Services
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
Automating Incident Response and Forensics
Automating Incident Response and ForensicsAutomating Incident Response and Forensics
Automating Incident Response and ForensicsAmazon Web Services
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and EncryptionRichard Harvey
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 
SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and MitigationAmazon Web Services
 

More Related Content

What's hot

Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfAmazon Web Services
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
Automating Incident Response and Forensics
Automating Incident Response and ForensicsAutomating Incident Response and Forensics
Automating Incident Response and ForensicsAmazon Web Services
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and EncryptionRichard Harvey
 

What's hot (20)

Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
GDPR and Automation Overview
GDPR and Automation OverviewGDPR and Automation Overview
GDPR and Automation Overview
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your Applications
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdf
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths Dispelled
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
Automating Incident Response and Forensics
Automating Incident Response and ForensicsAutomating Incident Response and Forensics
Automating Incident Response and Forensics
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes Everywhere
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & Remediation
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and Encryption
 

Similar to Secure and Automate AWS Deployments with Next Generation Security

Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 
SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and MitigationAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksAmazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitAmazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon Web Services
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesAmazon Web Services
 
Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Amazon Web Services
 
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 

Similar to Secure and Automate AWS Deployments with Next Generation Security (20)

Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS
 
SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and Remediation
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniques
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation Techniques
 
Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
 
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Secure and Automate AWS Deployments with Next Generation Security

  • 1. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Anshul Srivastava, Solutions Architect AWS MENA RaEd Abudayyeh Cloud Security Lead (Palo Alto), Emerging Markets Secure and Automate AWS Deployments with Next Generation Security
  • 2. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Why is traditional threat detection so hard? Skills shortageSignal to noiseLarge datasets
  • 3. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Get the humans away from the data
  • 4. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS CloudTrail Track user activity and API usage Threat detection: Log data inputs VPC Flow Logs IP traffic to/from network interfaces in your VPC CloudWatch Logs Monitor apps using log data, store & access log files DNS Logs Log of DNS queries in a VPC when using the VPC DNS resolver
  • 5. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS CloudTrail
  • 6. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detect with VPC Flow Logs AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start & end time Accept or reject
  • 7. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon CloudWatch Logs subscriptions • Real-time feed of log events • Delivered to an AWS Lambda function or Amazon Kinesis Data Streams • Supports custom processing, analysis, loading into other systems • Cross-account data sharing for centralized log processing
  • 8. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads Threat detection: Machine learning Amazon Macie Machine learning−powered security service to discover, classify, & protect sensitive data
  • 9. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. What can Amazon GuardDuty detect? RDP brute force RAT installed Exfiltrate temp IAM creds over DNS Probe API with temp creds Attempt to compromise account Malicious or suspicious IP Unusual ports DNS exfiltration Unusual traffic volume Connect to blacklisted site Recon Anonymizing proxy Temp credentials used off-instance Unusual ISP caller Bitcoin activity Unusual instance launch
  • 10. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon GuardDuty threat detection and notification
  • 11. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detecting known threats Threat intelligence • Feeds: o AWS Security o Commercial - CrowdStrike, Proofpoint o Open source o Customer provided - "format": "[TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE]", • Known malware-infected hosts • Anonymizing proxies • Sites hosting malware and hacker tools • Cryptocurrency mining pools and wallets
  • 12. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detecting unknown threats Anomaly detection • Algorithms to detect unusual behavior o Inspecting signal patterns for signatures o Profiling normal activity and looking at deviations o Machine learning classifiers
  • 13. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Finding types Recon • Port probe on unprotected port • Outbound port scans • Callers from anonymizing proxies Backdoor • Spambot or C&C activity • Exfiltration over DNS channel • Suspicious domain request Trojan • Domain generation algorithm (DGA) domain request • Blackhole traffic • Drop point Unauthorized Access • Unusual ISP caller • SSH/RDP brute force Stealth • Password policy change • AWS CloudTrail logging disabled • Amazon GuardDuty disabled in member account Cryptocurrency • Communication with bitcoin DNS pools • Cryptocurrency related DNS calls • Connections to bitcoin mining pool
  • 14. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Multi-account support Account B Account C Security team account Account A CloudWatch Events Amazon GuardDuty Amazon GuardDuty Amazon GuardDuty Amazon GuardDuty
  • 15. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Visibility to answer the tough questions • What data do I have in the cloud? • Where is it located? • Where does my sensitive data exist? • What’s sensitive about the data? • What PII/PHI is possibly exposed? • How is data being shared and stored? • How and where is my data accessed? • How can I classify data in near-real time? • How do I build workflow remediation for my security and compliance needs?
  • 16. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon Macie Understand your data Natural language processing (NLP) Understand data access Predictive user behavior analytics (UBA)
  • 17. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. PII and personal data Source code SSL certificates, private keys iOS and Android app signing keys Database backups OAuth and cloud SaaS API Keys Macie content classification
  • 18. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. • Use behavioral analytics to baseline normal behavior patterns • Contextualize by value of data being accessed Macie user behavior analytics (UBA) Large increase in viewed content—possible indicator of early stage reconnaissance
  • 19. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. 0. Feature extraction from event data 1. Map into user time series 2. Cluster peer groups 3. Predict user activity, update models 4. Identify anomalies 5. Attempt to explain statistically 6. Alert and narrative explanation created Normal accesses Macie user behavior analytics (UBA)
  • 20. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. • Works on Amazon S3 bucket and object policies • Use AWS Lambda to approve or automatically remediate overly permissive policies o Delete the object o Revoke access—bucket or object o Update IAM policies o Suspend user • Prioritize by PII impact and data loss prevention (DLP) risk Discover and alert on global permissions
  • 21. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Threat detection: Triggers Amazon CloudWatch Events Delivers a near real-time stream of system events that describe changes in AWS resources AWS Config Rules Continuously tracks your resource configuration changes and if they violate any of the conditions in your rules
  • 22. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Config Rules A continuous recording and assessment service Changing resources AWS Config AWS Config Rules History snapshot Notifications API access Normalized • How are my resources configured over time? • Is a change that just occurred to a resource, compliant?
  • 23. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Amazon CloudWatch Events { "source": [ "aws.guardduty" ] } CloudWatch Event GuardDuty findings Lambda function
  • 24. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Threat remediation: Network AWS Shield Advanced Managed service providing DDoS protection against and visibility into large, sophisticated attacks, plus access to DDoS experts
  • 25. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. DDoS Targeted attacks Reflection and amplification Layer 3 & 4 floods Slowloris SSL abuse HTTP floods Bots and probes SQL injection XSS RFI/LFI Application exploits Certificate hijacking Spear phishing CSRF Authorization exploits Web Application Firewall AWS WAF Amazon CloudFront Elastic Load Balancing AWS Shield Amazon Inspector Amazon Macie AWS Certificate Manager AWS Marketplace: IDS/IPS, Anti-malware Spectrum of attacks
  • 26. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. DDoS Response Team HTTP floods Bad bots Suspicious IPs Border network Network-layer mitigations AWS services Web-layer mitigations Customer resources DDoS Detect- ion Internet Internet- layer mitigations DDoS SSL Attacks Slowloris Malformed HTTP Large-scale attacks SYN floods Reflection attacks Suspicious sources Defense in depth DDoS response team (DRT) Sophisticated Laye 7 attacks
  • 27. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Shield: DDoS attack detection Data sources: 1. Network-layer telemetry from routers 2. AWS services • Amazon S3 • Amazon CloudFront • Amazon Route 53 • AWS WAF
  • 28. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Always-on monitoring and detection Signature-based detection Heuristics-based anomaly detection Baselining
  • 29. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. • Inline inspection and scoring • Preferentially discard lower priority (attack) traffic • False positives are avoided and legitimate viewers are protected Traffic prioritization based on: High-suspicion packets dropped Low-suspicion packets retained Layer 3/4 infrastructure protection
  • 30. RaEd Abudayyeh Cloud Security Lead, Emerging Markets Secure and Automate AWS Deployments with Next Generation Security.
  • 31. PALO ALTO NETWORKS APPS 3rd PARTY APPS CUSTOMER APPS SECURITY OPERATING PLATFORM LOGGING SERVICE THREAT INTEL DATA NETWORK ENDPOINT CLOUD APPLICATION FRAMEWORK
  • 32. LEADERSHIP IN CYBERSECURITY 63% of the Global 2K are Palo Alto Networks customers 29% year over year revenue growth* 85 of Fortune 100 rely on Palo Alto Networks #1 in Enterprise Security 54,000+ customers in 150+ countries Revenue trend 40% CAGR FY14 - FY18 FY14 FY15 FY16 FY17 FY18 • Q4FY2018. Fiscal year ends July 31. • Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q18, 14 June 2018
  • 33. CONSISTENT PREVENTION EVERYWHERE SaaS PHYSICAL NETWORK PRIVATE CLOUD IaaS PaaS MOBILE 33 | © 2018 Palo Alto Networks. All Rights Reserved.
  • 35. AWS SECURITY = A SHARED RESPONSIBILITY AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Encryption Key Management Client & Server Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers are responsible for their security IN the Cloud AWS looks after the security OF the platform
  • 37. SECURING THE CLOUD IS HARD Fragmented Security Human Error Manual Security
  • 38. “A Public Cloud Risk Model: Accepting Cloud Risk Is OK, Ignoring Cloud Risk Is Tragic,” Gartner, November 2, 2016 TRIVIA QUESTION! 95% Through 2020 Of cloud security failures will be the customer fault
  • 40. HOST Continuous security & compliance INLINE Protect and segment cloud workloads API-BASED Secure OS & app within workloads OURVISION FOR CLOUD SECURITY
  • 41. EV WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server THREE KEY SECURITY ELEMENTS INLINE Protect and Segment Cloud Workloads API HOST Secure OS & App Within Workloads API Continuous Security & Compliance On-Premises Virtual Private Cloud (VPC) Evident Traps VM-Series NGFW
  • 42. WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server PROTECT AND SEGMENT CLOUD WORKLOADS VM-SERIES On-Premises Application visibility and workload segmentation Auto-scale based on triggers Prevent outbound and inbound attacks Virtual Private Cloud (VPC)
  • 43. CONTINUOUS MONITORING AND COMPLIANCE EVIDENT API Is MFA Enabled? Is any sensitive data exposed? What services are running? Who has access to this resource? Evident Discover and Monitor Resources Compliance Reporting Secure Storage Services EV
  • 44. APP WORKLOAD Lightweight Agent Real-time Exploit and Malware Protection Protects Unpatched Workloads WORKLOAD PROTECTION TRAPS Multi-method Attack Prevention Traps Advanced Endpoint Protections
  • 45. PLATFORM AUTOMATION URL Filtering CLOUD- DELIVERED SECURITY SERVICES WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server API 3rd party feeds Customer data Amazon GuardDuty MineMeld Threat Prevention Malware Analysis EV Evident Traps VM-Series NGFW
  • 46. IAA S PAAS LET’S TALK SAAS SECURITY PRIVATE PHYSICAL SAAS
  • 47. SAAS SECURITY APPROACHES SaaS Native Security Limited Scope CASB Vendors Limited Security Legacy Content Security Limited Context
  • 48. OUR APPROACH TO SAAS SECURITY Remote Users Branc h Headquarters Unmanaged Devices Managed Devices GlobalProtect Cloud Service NGFW Aperture A PI Sanctioned Tolerated Unsanctioned SaaS application visibility and granular enforcement delivered inline Monitor in-cloud activity and protect data with Aperture