Lacework Overview: Security Redefined for Cloud ScaleLacework
Cloud computing has revolutionized IT and is disrupting security. Speed, elasticity, and unlimited scale are characteristics of the cloud that conventional security does not support well.
To succeed, cloud security teams need to operate at the same pace as DevOps, secure thousands of continuously changing workloads, and monitor activities and metrics that are unique to the cloud.
This is exactly what the team had in mind when building the Lacework Cloud Security Platform. Our approach natively brings speed and automation to every cloud security process, and:
- Automates the discovery of what must be protected
- Monitors for behavioral anomalies to detect threats and prevent breaches
- Eliminates the use labor-intensive rules and policies
- Delivers comprehensive insights that replace time-consuming log analysis
The result is better security regardless of the technology in use now and in the future. Lacework supports public and private clouds, VMs or containers, Docker or Kubernetes, Linux or Windows Server and any combination of these.
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
Join the Lacework team for AWS Security Week at the AWS Loft in New York for a hands-on demonstration of Lacework. See how behavioral analysis can be applied at scale for continuous security and compliance monitoring of your AWS infrastructure. Chris Pedigo, Senior SE at Lacework, will walk attendees through Lacework with a specific focus on how we automatically analyze AWS CloudTrail and AWS Config data to ensure that security best practices are in place and that data anomalies are detected to help prevent ransomware, Bitcoin mining, or container security issues. The session will be interactive; attendees should come prepared for hands-on work on AWS accounts and console and have a Linux shell available in order to get the most from the workshop. Attendees will have access to the Lacework team to get individual attention for trial account set-up after the session.
Lacework Overview: Security Redefined for Cloud ScaleLacework
Cloud computing has revolutionized IT and is disrupting security. Speed, elasticity, and unlimited scale are characteristics of the cloud that conventional security does not support well.
To succeed, cloud security teams need to operate at the same pace as DevOps, secure thousands of continuously changing workloads, and monitor activities and metrics that are unique to the cloud.
This is exactly what the team had in mind when building the Lacework Cloud Security Platform. Our approach natively brings speed and automation to every cloud security process, and:
- Automates the discovery of what must be protected
- Monitors for behavioral anomalies to detect threats and prevent breaches
- Eliminates the use labor-intensive rules and policies
- Delivers comprehensive insights that replace time-consuming log analysis
The result is better security regardless of the technology in use now and in the future. Lacework supports public and private clouds, VMs or containers, Docker or Kubernetes, Linux or Windows Server and any combination of these.
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
Join the Lacework team for AWS Security Week at the AWS Loft in New York for a hands-on demonstration of Lacework. See how behavioral analysis can be applied at scale for continuous security and compliance monitoring of your AWS infrastructure. Chris Pedigo, Senior SE at Lacework, will walk attendees through Lacework with a specific focus on how we automatically analyze AWS CloudTrail and AWS Config data to ensure that security best practices are in place and that data anomalies are detected to help prevent ransomware, Bitcoin mining, or container security issues. The session will be interactive; attendees should come prepared for hands-on work on AWS accounts and console and have a Linux shell available in order to get the most from the workshop. Attendees will have access to the Lacework team to get individual attention for trial account set-up after the session.
You run a web business on AWS, and due to your specific business requirements you have a need to perform payment processing. Whether you are selling subscriptions or shipping goods, there are both easy and hard ways to manage payments in a PCI compliant way. Learn tips and techniques from the pros to achieve PCI compliance on AWS without making your life more difficult than necessary.
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
Is that requirement from NIST 800-53 Controls or NIST 800-190? If you've ever wondered where those pesky cloud security controls come from, this meetup is for you.
In this Meetup, Jame Strong and Jason Lutz from Contino (an AWS Premier Consulting Partner) will discuss how Contino views DevSecOps. They will review the Benefits of DevSecOps:
- Cost Reduction
- Speed of Delivery
- Speed of Recovery
- Security is Federated
- DevSecOps Fosters a Culture of Openness and Transparency
During this Meetup, James and Jason will show you how to harden and secure a container pipeline and AWS network. Briefly, they will demonstrate how to deploy accounts with a Cloud Security Posture and review security best practices from AWS, CIS, and NIST. They will also touch on how to integrate changes in your infrastructure pipelines to adhere to your Enterprise's Security Compliance Guidelines.
If you're interested in integrating security and compliance into your Application and Infrastructure pipelines to realize the benefits of DevSecOps, join us in this virtual meetup.
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
"Cloud infrastructure design is complex and makes even the most straight-forward topics, such as Identity and Access Management (IAM), non-trivial and confusing and therefore, full of security risk. While AWS IAM provides for access via console and API/CLI using access keys, there is also a temporary security tokens feature, designed for secure temporary access. However, temporary tokens have multiple security pot-holes that can lead to exploits.
I'll explore the limitations of temporary tokens including:
- the lack of visibility/management
- minimal logging
- limited remediation options
and how this can be taken advantage of, especially in combination with other techniques such as assuming of roles, pre-signed URLs, log attacks, and serverless functions to achieve persistence, lateral movement, and obfuscation.
In addition, I’ll look at common defensive techniques and best practices around lockdown, provisioning, logging and alerting to see whether these are practical and can shift the field."
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
In this talk Rod Soto and I propose a common set of categories use to audit the security posture of multiple cloud providers. Then we proceed to show how we have implemented the security checks using cs-suite using ELK and Splunk.
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
Organizations like MailControl often discover they need to gain additional visibility into encrypted incoming and outgoing application traffic to detect potential threats or anomalies. F5 BIG-IP Virtual Edition (VE) on Amazon Web Services (AWS) delivers an advanced application delivery controller (ADC) that goes beyond balancing application loads, enabling inspection of inbound and outbound application traffic. Join our webinar with AWS to discover how F5 was able to help MailControl boost their visibility into the email traffic flowing through their application. By using virtualized F5 services on Amazon Web Services (AWS), the organization increased its application monitoring capabilities and improved security for its customers, while simultaneously automating processes to support its agile DevOps process.
Ryan Holland (Cloud Platform Solution Director, Alert Logic) and Pat McDowell (Partner Solution Architect, Amazon Web Services)'s presentation on AWS security services like AWS Inspector, AWS WAF, and AWS Config Rules at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
"Automating cloud security operations takes a little more than slapping together a quick lambda to fix an open S3 bucket (but that isn't a bad start). In this workshop we will cover the major categories of security automations and present practical implementation techniques. Come prepared to build your own (or use our starter scripts) as we:
Review the three major categories of automations- guardrails, workflows, and orchestrations.
Build demo versions of each (in AWS, bring your own account), incorporating techniques including assessments, event-driven guardrails, and an incident response workflow.
See demonstrations of cross-product orchestrations that integrate commercial tools.
Learn the tricks of the trade, based on 10 years of hands-on research and implementation (for realz, check the intertubes if you don't believe us).
See what it takes to implement automations at global scale."
How Lacework delivers automated security for AWS. From initial configuration to compliance assessment and daily operations, Lacework integrates with and augments AWS services to deliver advanced protection to the assets you deploy on AWS.
Scaling Security in the Cloud With Open SourceCloudVillage
The programmability of the cloud has revolutionized infrastructure deployments at scale and, at the same time, has enabled the automation of both the attack and defense of these deployments. In this talk, I will discuss the open-source tools and the techniques that my organization has used to scale security in the cloud to keep pace with our deployments. I’ll also cover how we’ve used automation to adapt security processes to cloud strategies such as immutable servers. Some topics include: temporal leasing of API access keys and database credentials, automation of patching groups and scans, and automated enforcement of configuration policy.
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
Speaker 1: Olaf Hartong
Speaker 2: Edoardo Gerosa
Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.
The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.
This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
(Presented by Trend Micro)
In this session, you learn about the AWS shared security model, including considerations and best practices for deploying a secure and compliant application on AWS, and how to leverage the features and APIs provided by AWS. You also learn how to use best-in-class security and compliance solutions that have been optimized for enterprises deploying in AWS.
Key topics covered are Amazon EC2 and Amazon EBS encryption, including several key management methodologies as well as intrusion detection and prevention, anti-malware, anti-virus, integrity monitoring, firewall, and web reputation in the cloud.
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
Implementing a HIPAA solution presents challenges from day one. Not only are you saddled with seemingly insurmountable regulatory challenges, you also take on the stewardship of people's most deeply personal information. The AWS platform simplifies deployment of HIPAA applications by offering a rich set of dynamic scalability, developer services, high availability options, and strong security. Hosting a HIPAA application on the public cloud may seem pretty scary, but Ideomed solved some of this architecture's most vexing challenges by building a major health portal and deploying it on AWS. Come hear Ideomed CEO Keith Brophy and solution architect Gerry Miller talk first-hand about the challenges and solutions, including CloudHSM encryption, multi-AZ failover, dynamic scaling, and more!
Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We will take a look at innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS. Learn More: https://aws.amazon.com/government-education/
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Amazon Web Services
This presentation will focus on security architecture, visibility, detection and response capabilities within AWS. As more and more organizations expand their infrastructure to AWS, selecting solutions/services to maintain visibility and control of sensitive assets is crucial to a successful migration. This highlights that all applicable security and compliance requirements can be met while maintaining flexibility in today’s cloud first world.
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
For companies that employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, you learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
You run a web business on AWS, and due to your specific business requirements you have a need to perform payment processing. Whether you are selling subscriptions or shipping goods, there are both easy and hard ways to manage payments in a PCI compliant way. Learn tips and techniques from the pros to achieve PCI compliance on AWS without making your life more difficult than necessary.
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
Is that requirement from NIST 800-53 Controls or NIST 800-190? If you've ever wondered where those pesky cloud security controls come from, this meetup is for you.
In this Meetup, Jame Strong and Jason Lutz from Contino (an AWS Premier Consulting Partner) will discuss how Contino views DevSecOps. They will review the Benefits of DevSecOps:
- Cost Reduction
- Speed of Delivery
- Speed of Recovery
- Security is Federated
- DevSecOps Fosters a Culture of Openness and Transparency
During this Meetup, James and Jason will show you how to harden and secure a container pipeline and AWS network. Briefly, they will demonstrate how to deploy accounts with a Cloud Security Posture and review security best practices from AWS, CIS, and NIST. They will also touch on how to integrate changes in your infrastructure pipelines to adhere to your Enterprise's Security Compliance Guidelines.
If you're interested in integrating security and compliance into your Application and Infrastructure pipelines to realize the benefits of DevSecOps, join us in this virtual meetup.
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
"Cloud infrastructure design is complex and makes even the most straight-forward topics, such as Identity and Access Management (IAM), non-trivial and confusing and therefore, full of security risk. While AWS IAM provides for access via console and API/CLI using access keys, there is also a temporary security tokens feature, designed for secure temporary access. However, temporary tokens have multiple security pot-holes that can lead to exploits.
I'll explore the limitations of temporary tokens including:
- the lack of visibility/management
- minimal logging
- limited remediation options
and how this can be taken advantage of, especially in combination with other techniques such as assuming of roles, pre-signed URLs, log attacks, and serverless functions to achieve persistence, lateral movement, and obfuscation.
In addition, I’ll look at common defensive techniques and best practices around lockdown, provisioning, logging and alerting to see whether these are practical and can shift the field."
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
In this talk Rod Soto and I propose a common set of categories use to audit the security posture of multiple cloud providers. Then we proceed to show how we have implemented the security checks using cs-suite using ELK and Splunk.
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
Organizations like MailControl often discover they need to gain additional visibility into encrypted incoming and outgoing application traffic to detect potential threats or anomalies. F5 BIG-IP Virtual Edition (VE) on Amazon Web Services (AWS) delivers an advanced application delivery controller (ADC) that goes beyond balancing application loads, enabling inspection of inbound and outbound application traffic. Join our webinar with AWS to discover how F5 was able to help MailControl boost their visibility into the email traffic flowing through their application. By using virtualized F5 services on Amazon Web Services (AWS), the organization increased its application monitoring capabilities and improved security for its customers, while simultaneously automating processes to support its agile DevOps process.
Ryan Holland (Cloud Platform Solution Director, Alert Logic) and Pat McDowell (Partner Solution Architect, Amazon Web Services)'s presentation on AWS security services like AWS Inspector, AWS WAF, and AWS Config Rules at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
"Automating cloud security operations takes a little more than slapping together a quick lambda to fix an open S3 bucket (but that isn't a bad start). In this workshop we will cover the major categories of security automations and present practical implementation techniques. Come prepared to build your own (or use our starter scripts) as we:
Review the three major categories of automations- guardrails, workflows, and orchestrations.
Build demo versions of each (in AWS, bring your own account), incorporating techniques including assessments, event-driven guardrails, and an incident response workflow.
See demonstrations of cross-product orchestrations that integrate commercial tools.
Learn the tricks of the trade, based on 10 years of hands-on research and implementation (for realz, check the intertubes if you don't believe us).
See what it takes to implement automations at global scale."
How Lacework delivers automated security for AWS. From initial configuration to compliance assessment and daily operations, Lacework integrates with and augments AWS services to deliver advanced protection to the assets you deploy on AWS.
Scaling Security in the Cloud With Open SourceCloudVillage
The programmability of the cloud has revolutionized infrastructure deployments at scale and, at the same time, has enabled the automation of both the attack and defense of these deployments. In this talk, I will discuss the open-source tools and the techniques that my organization has used to scale security in the cloud to keep pace with our deployments. I’ll also cover how we’ve used automation to adapt security processes to cloud strategies such as immutable servers. Some topics include: temporal leasing of API access keys and database credentials, automation of patching groups and scans, and automated enforcement of configuration policy.
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
Speaker 1: Olaf Hartong
Speaker 2: Edoardo Gerosa
Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.
The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.
This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
(Presented by Trend Micro)
In this session, you learn about the AWS shared security model, including considerations and best practices for deploying a secure and compliant application on AWS, and how to leverage the features and APIs provided by AWS. You also learn how to use best-in-class security and compliance solutions that have been optimized for enterprises deploying in AWS.
Key topics covered are Amazon EC2 and Amazon EBS encryption, including several key management methodologies as well as intrusion detection and prevention, anti-malware, anti-virus, integrity monitoring, firewall, and web reputation in the cloud.
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
Implementing a HIPAA solution presents challenges from day one. Not only are you saddled with seemingly insurmountable regulatory challenges, you also take on the stewardship of people's most deeply personal information. The AWS platform simplifies deployment of HIPAA applications by offering a rich set of dynamic scalability, developer services, high availability options, and strong security. Hosting a HIPAA application on the public cloud may seem pretty scary, but Ideomed solved some of this architecture's most vexing challenges by building a major health portal and deploying it on AWS. Come hear Ideomed CEO Keith Brophy and solution architect Gerry Miller talk first-hand about the challenges and solutions, including CloudHSM encryption, multi-AZ failover, dynamic scaling, and more!
Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We will take a look at innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS. Learn More: https://aws.amazon.com/government-education/
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Amazon Web Services
This presentation will focus on security architecture, visibility, detection and response capabilities within AWS. As more and more organizations expand their infrastructure to AWS, selecting solutions/services to maintain visibility and control of sensitive assets is crucial to a successful migration. This highlights that all applicable security and compliance requirements can be met while maintaining flexibility in today’s cloud first world.
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
For companies that employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, you learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Amazon Web Services
The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools that can be used to deploy AWS infrastructure (as code), add the VM-Series to help protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). A brief demonstration concludes this session.
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
The cloud is here, and AWS is leading the charge in enabling customers to migrate their data centers and data to the cloud. With these changing needs, enterprises need a proactive, automated approach to monitoring and securing cloud infrastructure. With this shift, there is a natural tension between decentralized, distributed DevOps and the traditional command-and-control approach of classic security management. In this session, you learn common security best practices when migrating to the cloud, how DevOps and InfoSec teams can align to the new DevSecOps paradigm, and why continuous compliance management is a new business imperative. This presentation is brought to you by AWS partner, Symantec.
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub finding (operations as code). A brief demonstration concludes the session. This presentation is brought to you by AWS partner, Palo Alto Networks.
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
"DevOps practices help push applications faster into production through better collaboration and automated testing. During that process, security is often seen as an inhibitor to speed. The challenge for many organizations is delivering applications at a fast pace while embedding security at the speed of DevOps. In this session, learn how products and customers in the AWS Marketplace help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Amazon Web Services
The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). We conclude with a brief demonstration.
Developers want to build quickly and deliver powerful application experiences to every user. In this session, we show how you can enable agile development while securing your entire application footprint. Akamai’s intelligent edge security solutions surround and extend your entire architecture for a single policy that’s adaptive, integrated, and consistently secure. Combine that with the power of AWS, and you have a total edge ecosystem that’s unparalleled in its ability to deliver and protect amazing experiences everywhere. Don’t just build—build better with Akamai.
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
In this session, we discuss the contention between traditional network security practices and the agile development processes typically associated with cloud computing. We also introduce new approaches used by Fortinet customers that help cloud teams and security teams share a common language and secure their business more effectively—without introducing additional friction and operational overhead.
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy.
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Amazon Web Services
Edge computing is one of the most important enablers of the future. It saves lives, democratizes resources, and reduces costs in scenarios where near real-time action is required. This session covers how to keep edge computing secure. We dive deep into how AWS IoT Greengrass authenticates and encrypts device data for local and cloud communications so that data is never exchanged without proven identity. You can leverage hardware-secured, end-to-end encryption for messages exchanged between devices, an AWS IoT Greengrass core, and the AWS Cloud, and for messages between an AWS IoT Greengrass core and other local devices using the AWS IoT device SDK.
Generational Shifts and customer expectations has greatly changed the way insurance works, affecting insurer's channel, product and brand strategies. New players ike virtual insurers are getting ahead in the game. In this session, Bowtie, the first virtual insurer in Hong Kong will dive deep into how they leverage the AWS cloud technologies to build a new operations model, accelerate their business and minimize capital investment.
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
"DevSecOps is driving the use of security testing throughout the application lifecycle, from initial development to product monitoring. Application security testing is unlike other forms of security in that it directly impacts the daily routines of developers. John Maski, the former director of DevSecOps at AT&T, discusses securing CI/CD pipelines in enterprise environments and “shifting left” with security. He reveals best practices gained from moving AT&T’s primary DevOps practice to a DevSecOps practice using static and dynamic application security testing. You’ll discover why strong executive sponsorship, a cultural shift, and solid cross-organization teaming are critical and how they can be the way forward to your own DevSecOps success.
"
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
This presentation covers:
* The NGINX Ingress Controller for Kubernetes
* NGINX Plus to up-level your KIC Architecture
* NGINX App Protect for securing your Kubernetes services
* Demo of both working in tandem to set:
* Kubernetes routing policy with NGINX KIC
* Granular, Per-App and Per-Service Security Policy with NGINX App Protect
Securing Container-Based Applications at the Speed of DevOpsWhiteSource
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security and compliance aspect of your container images. With tools such as WhiteSource, developers are able to manage the security of their containers and container images with no impact on agility and speed.
Join Shiri Ivtsan, Product Manager at WhiteSource and Carmen Puccio, Solutions Architect at AWS, as they discuss the following:
Effectively managing and deploying your container images
Gaining full visibility into your container images
Building and automating security into each layer of the container environment to ensure a continuous process throughout the SDLC
Demonstrating a live example using a vulnerable container image
Securing Container-Based Applications at the Speed of DevOpsDevOps.com
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security and compliance aspect of your container images. With tools such as WhiteSource, developers are able to manage the security of their containers and container images with no impact on agility and speed.
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
- Cloud security is just security. An evolution
- 3 Stages of Digital Transformation
- A new security model
- Security model in AWS
- Automate with integrated services
- AWS security solutions
- Barriers and common seen practices
- “Unboxing” cloud network security
- Cloud-Native Network Security Service
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
Walk through the threat landscape, looking at what has happened over the last year. Learn about the best tools to have in your architecture currently and in the future to help you detect and deal with the threats of this year and the next. Identify where these threats are coming from, and learn how to detect them more easily. The information in this session is provided by various teams and sources.
Similar to Securing aws workloads with embedded application security (20)
Lessons Learned From Cloud Migrations: Planning is EverythingJohn Varghese
"Migrating to the cloud saves money!” “Not running your own infrastructure reduces your bottom line!” “Lift and shift is a legitimate first step towards moving to the cloud!” These are all potential pitfalls if you’re not careful. Proper planning prevents piss poor performance. Using a real chaotic cloud migration as a guide, we’ll walk through the pitfalls of cloud migrations and how to avoid them and the terrifying vendor lock-in (when it makes sense).
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPAJohn Varghese
Most new SAAS are structured as a SPA (single page applications). In this presentation we will discuss how to reduce the load on your application servers by serving the static assets of your applications from the S3 service by leveraging the Cloudfront service.
AWS Transit Gateway-Benefits and Best PracticesJohn Varghese
Managing connectivity between many Amazon Virtual Private Clouds (VPCs) and on-premises networks can be operationally complex and costly. In this tech talk, we will discuss how AWS transit gateway simplifies network architecture, reduces operational costs and improves security. We will also discuss best practices for designing and monitoring a global network using AWS transit gateway and Network Manager.
Bridging Operations and Development With ObservabiltyJohn Varghese
Monitoring and observability are often viewed as post-deployment tools focused on operations. But development done in isolation limits visibility to the system as a whole, and issues tend to manifest only in production.
In this talk I will show:
How to leverage Infrastructure as Code (Terraform) to manage AWS ECS/EC2 and Datadog across development and production environments
How introducing monitoring and observability earlier provides greater visibility for both developers and operations.
Strategies to segment development and production environments within ECS and Datadog
Security Observability for Cloud Based ApplicationsJohn Varghese
You can't control what you can't see. Security observability is an intrinsic attribute of an application that provides direct observation of software vulnerabilities and attempted exploits as they happen, in order to allow rapid proactive remediation and prevention. Security Observability can be achieved by taking an instrumentation based approach that provides continuous visibility and exposure of vulnerabilities and threats and their context from within the software itself. This approach is particularly appropriate for cloud-based and hybridized distributed environments, because the instrumentation is agnostic to deployment methodologies and runtime environments. A demonstration will be provided that demonstrates the benefits of this approach for both custom code and open source dependencies, as well as across the software development lifecycle, showing both the rapid pinpointing of line-of-code level vulnerabilities for developers, and realtime exploit prevention in production.
Usually we launch hundreds of instances in AWS for day to day work. As long as they are accessible from our hosts (probably a RHEL or Ubuntu or your own mac), we are good to go. But there are some instances where you might get a patch from IT for your host. Once you apply the patch, you realize that you are unable to access your AWS instances anymore. And your IT team doesn't have any clue on what happened. You contact AWS support, and they say it all looks good. So how do you proceed from this scenario? Where to start and what to do. This talk goes through all the steps starting with most basic checks all the way to updating the crypto key exchange algorithms on your host.
Building an IoT System to Protect My LunchJohn Varghese
What do you do when your dog keeps eyeing your lunch? Build an IoT monitoring system to make sure you get a text message every time she gets close to nabbing your sandwich! In this presentation, you’ll learn the basics of connecting a Raspberry Pi device with a PIR sensor to AWS IoT. You’ll see how to:
Secure the connection between the device and AWS IoT
Leverage services like AWS Lambda to act on MQTT events that come from the device
Build a web portal to keep track of past alerts
And send yourself text notifications whenever your sandwich is at risk After the presentation, you'll have access to all the code used and other resources on getting started with using a Raspberry Pi and AWS IoT.
Amazon S3 probably gets a lot of use at your company—the object storage service was one of the first cloud services offered by AWS way back in 2006. Its ease of use, reliability, and scalability have proven incredibly popular over the years.
But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches that involved S3 cannot be chalked up to simple customer mistakes. Rather, advanced cloud misconfiguration attacks exploit S3 buckets that otherwise appear to be configured securely.
In this talk, Fugue CTO Josh Stella will dig into the complex layers of S3 security to help you think critically about security for your unique AWS use cases. You’ll understand how other AWS services such as IAM and EC2 can create S3 vulnerabilities you may not be seeing—and how malicious actors exploit them.
Reduce Amazon RDS Costs up to 50% with ProxiesJohn Varghese
Amazon RDS is one of the more expensive line items in an AWS bill. In this session, we will discuss techniques to offload SQL for improved performance while reducing database costs. Features include:
Query caching into Amazon ElastiCache
Read/Write split We will go over customer case studies on how they were able to drive down costs while scaling out.
John will talk about how progress happens constantly in every field and keeps pushing the boundaries of human knowledge. He will review the advances in the field of cloud computing as a microcosm where progress is always happening on every front. How does one keep up with the change? Is it just good enough to keep up with the change? John wants you to not just keep up with the changes, not just stay ahead of the curve, but to lead the change so that your work benefits everyone.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.