Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Palo Alto Networks provides organizations with the visibility and automation needed to create and update security policies in your cloud environment in real time. Learn how you can gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Michael South, AWS Security Acceleration Business Development
Matt McLimans, Public Cloud Consultant Engineer, Palo Alto Networks
Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
Over the last 7 years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of Security at Alert Logic, and Zach Vinduska, VP of IT Infrastructure and Security at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 Security Operations Center can help you quickly detect threats, verify them as incidents, and support you in responding quickly and effectively.
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
In an accreditation system, it’s critical to balance the needs for cloud service provider (CSP) security assurance and ensuring an efficient path towards cloud adoption and use. In this session, we share best practices from observing and learning from our participation in a number of government CSP accreditation programs. Information from this session benefits decision makers and cloud users in gaining a broad knowledge of the global CSP accreditation systems that are in operation today. Attendees also gain a deeper understanding of their respective strengths and opportunities for excellence, in addition to how to apply them in their own cloud journey.
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
"How do you establish and maintain consistent security and governance across your dynamic AWS environments, with visibility and control of your security posture? Zohar Alon, Head of Cloud Product Line at Check Point and former CEO of Dome9, discusses security best practices as you scale across VPCs, accounts and regions. He covers considerations and recommendations for network, control plane and identities when building your cloud security strategy.
Understand how security orchestration and active protection tools secure your cloud journey. Discover new ways to leverage traffic analysis for security intelligence, threat detection and auto-remediation."
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
In this webinar, we will show you how Inovalon, a healthcare focused technology consulting firm headquartered in Bowie, M.D. deploys cloud-based platforms on AWS that meet strict HIPAA security requirements, all while minimizing security, administration and infrastructure costs. By using the Sophos UTM Auto Scaling security solution and a shared security AWS architecture, the Inovalon security team is able to centrally deploy and manage an ingress security layer for each client VPC across multiple AWS accounts.
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Amazon Web Services
In this session, we define cloud governance and explain its role in achieving security, compliance, and architecture best practices. Using real-world case studies from Fortune 100 enterprises, we demonstrate how governance automation is being used to accelerate the migration and ongoing operations of hundreds of enterprise applications, all while increasing visibility and control for the enterprise.
In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend.
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
Risk assessment associated with digital identity is at the core of any digital business transformation. Companies strive to provide their customers with the best possible service, but at the same time, they struggle with the challenges of digital identity risk. IBM Trusteer is a SaaS solution that is meeting the challenge head-on. In this talk, we present two stories. We look at some identity proofing techniques, and we also examine some of the tools and processes that are keeping Trusteer’s cloud safe and secure. This session also explores use cases involving IBM tools that are deployed in an AWS environment.
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
Learn about how AWS security built a security knowledge management platform to distribute guidance at the scale of the AWS organization using Amazon API Gateway, AWS Lambda, Amazon RDS, and Amazon S3. This platform defines the AWS security bar and empowers AWS with the knowledge that is needed to build secure products and protect customer data. In this session, we look at how the content is consumed by tools and how it powers automated threat modeling for security reviews.
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
Over the last 7 years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of Security at Alert Logic, and Zach Vinduska, VP of IT Infrastructure and Security at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 Security Operations Center can help you quickly detect threats, verify them as incidents, and support you in responding quickly and effectively.
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
In an accreditation system, it’s critical to balance the needs for cloud service provider (CSP) security assurance and ensuring an efficient path towards cloud adoption and use. In this session, we share best practices from observing and learning from our participation in a number of government CSP accreditation programs. Information from this session benefits decision makers and cloud users in gaining a broad knowledge of the global CSP accreditation systems that are in operation today. Attendees also gain a deeper understanding of their respective strengths and opportunities for excellence, in addition to how to apply them in their own cloud journey.
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
"How do you establish and maintain consistent security and governance across your dynamic AWS environments, with visibility and control of your security posture? Zohar Alon, Head of Cloud Product Line at Check Point and former CEO of Dome9, discusses security best practices as you scale across VPCs, accounts and regions. He covers considerations and recommendations for network, control plane and identities when building your cloud security strategy.
Understand how security orchestration and active protection tools secure your cloud journey. Discover new ways to leverage traffic analysis for security intelligence, threat detection and auto-remediation."
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
In this webinar, we will show you how Inovalon, a healthcare focused technology consulting firm headquartered in Bowie, M.D. deploys cloud-based platforms on AWS that meet strict HIPAA security requirements, all while minimizing security, administration and infrastructure costs. By using the Sophos UTM Auto Scaling security solution and a shared security AWS architecture, the Inovalon security team is able to centrally deploy and manage an ingress security layer for each client VPC across multiple AWS accounts.
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Amazon Web Services
In this session, we define cloud governance and explain its role in achieving security, compliance, and architecture best practices. Using real-world case studies from Fortune 100 enterprises, we demonstrate how governance automation is being used to accelerate the migration and ongoing operations of hundreds of enterprise applications, all while increasing visibility and control for the enterprise.
In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend.
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
Risk assessment associated with digital identity is at the core of any digital business transformation. Companies strive to provide their customers with the best possible service, but at the same time, they struggle with the challenges of digital identity risk. IBM Trusteer is a SaaS solution that is meeting the challenge head-on. In this talk, we present two stories. We look at some identity proofing techniques, and we also examine some of the tools and processes that are keeping Trusteer’s cloud safe and secure. This session also explores use cases involving IBM tools that are deployed in an AWS environment.
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
Learn about how AWS security built a security knowledge management platform to distribute guidance at the scale of the AWS organization using Amazon API Gateway, AWS Lambda, Amazon RDS, and Amazon S3. This platform defines the AWS security bar and empowers AWS with the knowledge that is needed to build secure products and protect customer data. In this session, we look at how the content is consumed by tools and how it powers automated threat modeling for security reviews.
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
Speaker: Andrew Kane, AWS
Level: 300/400
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as AWS Web Application Firewall, AWS Shield, AWS CloudWatch, and more. You will also learn how to use Lambda functions to automate event response and integrate with your security operations tools.
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
"DevOps practices help push applications faster into production through better collaboration and automated testing. During that process, security is often seen as an inhibitor to speed. The challenge for many organizations is delivering applications at a fast pace while embedding security at the speed of DevOps. In this session, learn how products and customers in the AWS Marketplace help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
"DevSecOps is driving the use of security testing throughout the application lifecycle, from initial development to product monitoring. Application security testing is unlike other forms of security in that it directly impacts the daily routines of developers. John Maski, the former director of DevSecOps at AT&T, discusses securing CI/CD pipelines in enterprise environments and “shifting left” with security. He reveals best practices gained from moving AT&T’s primary DevOps practice to a DevSecOps practice using static and dynamic application security testing. You’ll discover why strong executive sponsorship, a cultural shift, and solid cross-organization teaming are critical and how they can be the way forward to your own DevSecOps success.
"
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
- Cloud security is just security. An evolution
- 3 Stages of Digital Transformation
- A new security model
- Security model in AWS
- Automate with integrated services
- AWS security solutions
- Barriers and common seen practices
- “Unboxing” cloud network security
- Cloud-Native Network Security Service
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
"Cloud first" and "cloud native" are the new mindsets for many IT & business teams operating on AWS. In this new world, security functions need to scale for rapidly growing AWS accounts and VPCs in the organization. In this session, we show you how to build a world-class security operations organization with the same "cloud native" mindset using AWS tools. By the end of this session, you will understand how to run a lean and clean SecOps center for a fast-paced organization. The key objective of this session is to transform the security team from "no” to everything, to "know” everything. By knowing everything, you will sleep better.
Developers want to build quickly and deliver powerful application experiences to every user. In this session, we show how you can enable agile development while securing your entire application footprint. Akamai’s intelligent edge security solutions surround and extend your entire architecture for a single policy that’s adaptive, integrated, and consistently secure. Combine that with the power of AWS, and you have a total edge ecosystem that’s unparalleled in its ability to deliver and protect amazing experiences everywhere. Don’t just build—build better with Akamai.
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements.
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security.
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
Walk through the threat landscape, looking at what has happened over the last year. Learn about the best tools to have in your architecture currently and in the future to help you detect and deal with the threats of this year and the next. Identify where these threats are coming from, and learn how to detect them more easily. The information in this session is provided by various teams and sources.
Architect proper segmentation for PCI DSS workloads on AWS - GRC306 - AWS re:...Amazon Web Services
In this session, we discuss how to successfully architect for proper segmentation involving PCI DSS workloads running on AWS. We show you how the segmentation strategies and controls are different from those designed in a traditional on-premises environment, keeping in mind the unique characteristic of the AWS platform.
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Amazon Web Services
Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
"Administrators need to enable developers to move quickly when building applications on AWS while also controlling access to meet security needs. In this session, we demonstrate how administrators put permissions guardrails in place that enable them to grant broader access for their applications and developers. Then, we demonstrate how administrators can analyze activity to dial in access controls as applications and developers settle into common patterns. Finally, we show how to simulate permissions changes to understand and assess their impact. This session expects that participants are knowledgeable about IAM permission policies and AWS Organizations.
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
"This workshop provides the opportunity for you get familiar with AWS security services and learn how to use them to identify and remediate threats in your environment. Learn how to use Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub to investigate threats during and after an attack, set up a notification and response pipeline, and add additional protections to improve your environment’s security posture.
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Amazon Web Services
This non-technical two-hour Internet of Things (IoT) tabletop exercise benefits business and technology leaders and regulators in the Energy, Oil and Gas, Transportation, Healthcare, Financial, and Manufacturing sectors. Through discussion of a simulated cyber IoT incident, you explore required capabilities and processes. You learn how to leverage AWS for security, high availability, incident response, and continuity of operations for systems that include IoT. You also discuss the advantages of cloud security and resiliency over traditional on-premises environments to understand your opportunities. Finally, the effectiveness of international cybersecurity frameworks in improving an organization’s posture is highlighted. No laptops required.
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
This session is an opportunity for regulators and policymakers to share their knowledge about addressing cultural, organizational, policy, and regulatory hurdles with the security of cloud services for organizations in regulated industries (e.g., Healthcare, Financial Services, and Telecommunications). Presenters walk you through their experiences with adopting cloud services and the ways that they establish the environment in relation to policy to ensure that their specific criteria and requirements for security are addressed.
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy.
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
In this session, we discuss the contention between traditional network security practices and the agile development processes typically associated with cloud computing. We also introduce new approaches used by Fortinet customers that help cloud teams and security teams share a common language and secure their business more effectively—without introducing additional friction and operational overhead.
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
Capital One innovates by leveraging AWS managed services such as AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), Amazon RDS for SQL Server and EC2 to deploy critical Windows workloads securely in an automated fashion. In this session, attendees will learn how Capital One uses AWS Managed Microsoft AD with their on-premises domain to provide secure and highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. You also learn security best practices for setting up AWS Managed Microsoft AD including implementing MFA, AD Trust options, AWS account isolation, security log collection, and more. In addition, we detail how Capital One uses AWS Managed Microsoft AD and Lambda Functions to simplify and automate Windows workload deployments across multiple AWS accounts and Amazon VPCs.
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
Speaker: Andrew Kane, AWS
Level: 300/400
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as AWS Web Application Firewall, AWS Shield, AWS CloudWatch, and more. You will also learn how to use Lambda functions to automate event response and integrate with your security operations tools.
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
"DevOps practices help push applications faster into production through better collaboration and automated testing. During that process, security is often seen as an inhibitor to speed. The challenge for many organizations is delivering applications at a fast pace while embedding security at the speed of DevOps. In this session, learn how products and customers in the AWS Marketplace help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
"DevSecOps is driving the use of security testing throughout the application lifecycle, from initial development to product monitoring. Application security testing is unlike other forms of security in that it directly impacts the daily routines of developers. John Maski, the former director of DevSecOps at AT&T, discusses securing CI/CD pipelines in enterprise environments and “shifting left” with security. He reveals best practices gained from moving AT&T’s primary DevOps practice to a DevSecOps practice using static and dynamic application security testing. You’ll discover why strong executive sponsorship, a cultural shift, and solid cross-organization teaming are critical and how they can be the way forward to your own DevSecOps success.
"
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
- Cloud security is just security. An evolution
- 3 Stages of Digital Transformation
- A new security model
- Security model in AWS
- Automate with integrated services
- AWS security solutions
- Barriers and common seen practices
- “Unboxing” cloud network security
- Cloud-Native Network Security Service
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
"Cloud first" and "cloud native" are the new mindsets for many IT & business teams operating on AWS. In this new world, security functions need to scale for rapidly growing AWS accounts and VPCs in the organization. In this session, we show you how to build a world-class security operations organization with the same "cloud native" mindset using AWS tools. By the end of this session, you will understand how to run a lean and clean SecOps center for a fast-paced organization. The key objective of this session is to transform the security team from "no” to everything, to "know” everything. By knowing everything, you will sleep better.
Developers want to build quickly and deliver powerful application experiences to every user. In this session, we show how you can enable agile development while securing your entire application footprint. Akamai’s intelligent edge security solutions surround and extend your entire architecture for a single policy that’s adaptive, integrated, and consistently secure. Combine that with the power of AWS, and you have a total edge ecosystem that’s unparalleled in its ability to deliver and protect amazing experiences everywhere. Don’t just build—build better with Akamai.
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements.
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security.
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
Walk through the threat landscape, looking at what has happened over the last year. Learn about the best tools to have in your architecture currently and in the future to help you detect and deal with the threats of this year and the next. Identify where these threats are coming from, and learn how to detect them more easily. The information in this session is provided by various teams and sources.
Architect proper segmentation for PCI DSS workloads on AWS - GRC306 - AWS re:...Amazon Web Services
In this session, we discuss how to successfully architect for proper segmentation involving PCI DSS workloads running on AWS. We show you how the segmentation strategies and controls are different from those designed in a traditional on-premises environment, keeping in mind the unique characteristic of the AWS platform.
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Amazon Web Services
Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
"Administrators need to enable developers to move quickly when building applications on AWS while also controlling access to meet security needs. In this session, we demonstrate how administrators put permissions guardrails in place that enable them to grant broader access for their applications and developers. Then, we demonstrate how administrators can analyze activity to dial in access controls as applications and developers settle into common patterns. Finally, we show how to simulate permissions changes to understand and assess their impact. This session expects that participants are knowledgeable about IAM permission policies and AWS Organizations.
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
"This workshop provides the opportunity for you get familiar with AWS security services and learn how to use them to identify and remediate threats in your environment. Learn how to use Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub to investigate threats during and after an attack, set up a notification and response pipeline, and add additional protections to improve your environment’s security posture.
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Amazon Web Services
This non-technical two-hour Internet of Things (IoT) tabletop exercise benefits business and technology leaders and regulators in the Energy, Oil and Gas, Transportation, Healthcare, Financial, and Manufacturing sectors. Through discussion of a simulated cyber IoT incident, you explore required capabilities and processes. You learn how to leverage AWS for security, high availability, incident response, and continuity of operations for systems that include IoT. You also discuss the advantages of cloud security and resiliency over traditional on-premises environments to understand your opportunities. Finally, the effectiveness of international cybersecurity frameworks in improving an organization’s posture is highlighted. No laptops required.
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
This session is an opportunity for regulators and policymakers to share their knowledge about addressing cultural, organizational, policy, and regulatory hurdles with the security of cloud services for organizations in regulated industries (e.g., Healthcare, Financial Services, and Telecommunications). Presenters walk you through their experiences with adopting cloud services and the ways that they establish the environment in relation to policy to ensure that their specific criteria and requirements for security are addressed.
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy.
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
In this session, we discuss the contention between traditional network security practices and the agile development processes typically associated with cloud computing. We also introduce new approaches used by Fortinet customers that help cloud teams and security teams share a common language and secure their business more effectively—without introducing additional friction and operational overhead.
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
Capital One innovates by leveraging AWS managed services such as AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), Amazon RDS for SQL Server and EC2 to deploy critical Windows workloads securely in an automated fashion. In this session, attendees will learn how Capital One uses AWS Managed Microsoft AD with their on-premises domain to provide secure and highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. You also learn security best practices for setting up AWS Managed Microsoft AD including implementing MFA, AD Trust options, AWS account isolation, security log collection, and more. In addition, we detail how Capital One uses AWS Managed Microsoft AD and Lambda Functions to simplify and automate Windows workload deployments across multiple AWS accounts and Amazon VPCs.
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters - visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits of using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption. This is an executive level presentation that covers key technical concepts and capabilities to meet business security and compliance objectives. Intended audience includes CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically-savvy business managers.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Gary Wong, Consultant Engineer, APAC, Juniper Networks
Complexity is always one of CXO's concerns when enterprises consider moving workloads to the cloud. Learn how Juniper tackles such problem with a unified management approach. Solutions to address challenges in deploying hybrid cloud model, particularly in connectivity, orchestration, analytics and security will also be discussed in this session.
Security is top priority at AWS. All Amazon Web Services (AWS) customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. In this session, Ryan Jaeger, senior solutions architect and security specialist, AWS, will discuss the four common challenges that CISOs and their security teams struggle with and why cybersecurity is becoming a driving force behind commercial cloud adoption. We will also share best practices and learnings from our customers on additional security measures organizations should explore to meet regulatory and compliance requirements and safeguard their environment.
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
You might think it’s impossible to achieve NIST 800-53 high-impact controls in your environment. However, AWS and Trend Micro make this a viable scenario, even in hybrid environments. Learn about the ability to use security controls to retain logs, control access to systems, or monitor changes, and discover how to achieve automation using technologies like AWS CloudFormation. Join this session and get a peek at the inner workings of the AWS & Trend Micro Quick Start Reference Deployment Guide for NIST 800-53 that can help you quickly deliver high-impact controls in an automated, repeatable fashion to help achieve and maintain GDPR compliance.
Bharat Mistry, Security Strategist, Trend Micro
The practice of cloud security and compliance now enables enterprises to innovate both quickly and securely. Many enterprises moving to the cloud may find that some aspects of the cloud security model differ from the model used in their traditional on-premises infrastructure. At AWS, security is our top priority, and this session provides an overview of our security model and best practices to help your organization innovate quickly while maintaining enterprise-level security in the cloud.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
Introduction to AWS Security: Security Week at the San Francisco Loft
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Level: 100
Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional datacenter. However, many customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session we will review how to use automation, tools and techniques to harden and audit your AWS accounts and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Geordie Anderson, Security Specialist Solutions Architect, Amazon Web Services
Sean Donaghy, Senior Cyber Security Advisor, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Michael Davie, Security Engineer, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters: visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits when using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption.
CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically savvy business managers are invited to this session are invited to explore key technical concepts and capabilities to meet business security and compliance objectives.
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters – visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits of using the AWS Cloud and why Cybersecurity is becoming a driving force behind commercial cloud adoption. This is an executive level presentation that covers key technical concepts and capabilities to meet business security and compliance objectives. Intended audience includes CIOs, CISOs, Technical Managers, senior architects and engineers new to AWS, and Technically-savvy Business Managers.
Michael South, Principal Business Development, Amazon Web Services
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Amazon Web Services
Application modernization projects with AWS start with creating an AWS Landing Zone. Based on AWS best practices, AWS Landing Zones help ensure a secure, performant, highly available, and cost-efficient AWS environment. Common hybrid cloud use cases, such as cloud migration, data center extension, disaster recovery, cloud bursting, and edge computing, require data integration, operations management and monitoring, security, and networking as the foundational components of a hybrid cloud architecture. In this session, we dive deep on the networking, security, account management structure, operating management, and monitoring best practices to build your own AWS Landing Zone that can be extended into your data center. AWS partner, GreenPages, demonstrates a repeatable hybrid cloud architecture to secure, manage, and integrate your network across on-premises and multiple AWS regions using an AWS Landing Zone. AWS customer, Finch Therapeutics, then discusses how the company utilized the GreenPages hybrid cloud reference implementation to deploy, secure, and manage its hybrid cloud environment.
Similar to Secure & Automate AWS Deployments with Next-Generation on Security (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
22. RaEd Abudayyeh
Cloud Security Lead, Emerging Markets
Secure and Automate AWS
Deployments with Next Generation
Security.
23. PALO ALTO NETWORKS APPS 3rd PARTY APPS CUSTOMER APPS
SECURITY OPERATING PLATFORM
LOGGING SERVICE THREAT INTEL DATA
NETWORK ENDPOINT CLOUD
APPLICATION FRAMEWORK
24. LEADERSHIP IN CYBERSECURITY
63% of the Global 2K
are Palo Alto Networks customers
29% year over year
revenue growth*
85
of Fortune 100
rely on Palo Alto Networks
#1
in Enterprise
Security
54,000+
customers
in 150+ countries
Revenue trend
40% CAGR
FY14 - FY18
FY14 FY15 FY16 FY17 FY18
• Q4FY2018. Fiscal year ends July 31.
• Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q18, 14 June 2018
27. AWS SECURITY = A SHARED RESPONSIBILITY
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Encryption Key
Management
Client & Server
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers are
responsible for
their security IN
the Cloud
AWS looks after
the security OF
the platform
29. SECURING THE CLOUD IS HARD
Fragmented
Security
Human
Error
Manual
Security
30. “A Public Cloud Risk Model: Accepting Cloud Risk Is OK, Ignoring Cloud Risk Is Tragic,” Gartner, November 2, 2016
TRIVIA QUESTION!
95%
Through 2020
Of cloud security
failures will be the
customer fault
33. EV
WEB
Object Storage Caching Database
IaaS
PaaS
Web
Server
APP
App
Server
THREE KEY SECURITY ELEMENTS
INLINE
Protect and
Segment Cloud
Workloads
API
HOST
Secure OS
& App Within
Workloads
API
Continuous
Security &
Compliance
On-Premises
Virtual Private Cloud (VPC)
Evident
Traps
VM-Series
NGFW
34. WEB
Object Storage Caching Database
IaaS
PaaS
Web
Server
APP
App
Server
WEB
Object Storage Caching Database
IaaS
PaaS
Web
Server
APP
App
Server
WEB
Object Storage Caching Database
IaaS
PaaS
Web
Server
APP
App
Server
PROTECT AND SEGMENT CLOUD WORKLOADS
VM-SERIES
On-Premises
Application visibility and
workload segmentation
Auto-scale based
on triggers
Prevent outbound and
inbound attacks
Virtual Private Cloud (VPC)
35. CONTINUOUS MONITORING AND COMPLIANCE
EVIDENT
API
Is MFA Enabled?
Is any sensitive data exposed?
What services are running?
Who has access to this resource?
Evident
Discover and Monitor
Resources
Compliance
Reporting
Secure Storage
Services
EV
40. OUR APPROACH TO SAAS SECURITY
Remote Users
Branch
Headquarters
Unmanaged
Devices
Managed
Devices
GlobalProtect
Cloud Service
NGFW
Aperture
A
PI
Sanctioned
Tolerated
Unsanctioned
SaaS application
visibility and granular
enforcement delivered
inline
Monitor in-cloud
activity and protect
data with Aperture
AWS serves hundreds of thousands of customers in more than 190 countries.
Amazon CloudFront and Amazon Route 53 services are offered at AWS Edge Locations
This slide builds -
Automate and Reduce Risk with Deeply Integrated Services
Automating security tasks on AWS enables you to be more secure by reducing human configuration errors and giving your team more time to focus on other work critical to your business. Select from a wide variety of deeply integrated solutions that can be combined to automate tasks in novel ways, making it easier for your security team to work closely with developer and operations teams to create and deploy code faster and more securely. For example, by employing technologies like machine learning, AWS enables you to automatically and continuously discover, classify, and protect sensitive data in AWS with just a few clicks in the AWS console. You can also automate infrastructure and application security checks to continually enforce your security and compliance controls and help ensure confidentiality, integrity, and availability at all times. Automate in a hybrid environment with our information management and security tools to easily integrate AWS as a seamless and secure extension of your on-premises and legacy environments.
Automation helps reduce the amount of noise and manual work your security engineers have to pay attention to so they can focus their expertise where it really matters for your business. In this example:
Findings point to a compromised instance (e.g. Backdoor:EC2/XORDDOS, Backdoor:EC2/C&CActivity.B!DNS)
CloudWatch Event Alarm triggers Lambda
Instance tag can be checked to see if automatic action can be taken or if manual intervention needed (e.g. critical productions services)
Lambda Function:
Removes instance from current Security Group(s) and adds to one with all ingress and egress blocked
Snapshots EBS volume(s)
Alerts Security Team
Now, let’s see you how we can apply these three principles of cloud security to the public cloud – IaaS and PaaS services.
And of course, to keep this in perspective, our goal is to secure the entire organization, with cloud included. Enterprise security, consistent and automated protections for all your locations, clouds and users.