The document discusses security at scale on AWS. It covers several topics:
- AWS security controls including over 70 services, 7,710 audit artifacts and 3,030 audit requirements.
- How AWS handles security at scale through automation, ubiquitous logging and encryption, and rapid detection and response times of under 10 minutes on average.
- AWS services that can help with security including IAM, CloudTrail, GuardDuty, and AWS Config rules.
- Reference architectures that show how to scale infrastructure securely including using multiple availability zones and services like Route 53, S3, CloudFront, and Lambda.
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017Amazon Web Services
Come to this talk to dive deep on running containers at any scale. Learn first hand best practices for deploying microservice architectures to Amazon EC2 Container Service (ECS), as well as everything you need to build a continuous delivery pipeline for your containers.
AWS Speaker: Paul Maddox, Specialist Solutions Architect, DevOps & Developer Technologies - Amazon Web Services
Customer Speaker: Cobus Bernard - DevOps Team Lead, HealthQ
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...Amazon Web Services
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
AWS Speaker : Danilo Poccia, Technical Evangelist - Amazon Web Services
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
In this session, we dive deep into how you can integrate Amazon CloudFront and related services into your application, be agile in developing and adapting the application, and follow best practices when configuring the services to improve security and performance, all while reducing costs. Attend this session and learn how to avoid needless forwarding of headers and cookies, test your application when making changes to the origin, version your configuration changes, monitor usage and automate security, create templates for new distributions, configure SSL/TLS certificates, and more.
A day in the life of a billion packets - AWS Summit Cape Town 2017Amazon Web Services
In this session, we will walk through the Amazon VPC network presentation and describe the problems we were trying to solve when we created it. Next, we will discuss how these problems are traditionally solved, and why those solutions are not scalable, inexpensive, or secure enough for AWS. Finally, we will provide an overview of the solution that we've implemented and discuss some of the unique mechanisms that we use to ensure customer isolation, get packets into and out of the network, and support new features like VPC endpoints.
AWS Speaker: Steve Seymour, Solution Architect - Amazon Web Services
Customer Speaker: Kim Edwards – Network Engineering, Absa
HSBC and AWS Day - Security Identity and Access ManagementAmazon Web Services
Security, Identity, and Access Management
·AWS Shared Responsibility Model
·Security measures provided by AWS
·AWS Identity and Access Management (IAM) concepts including users, groups, roles and policies
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
Getting Started with AWS Internet of Things - AWS Summit Cape Town 2017Amazon Web Services
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. In this tech talk, we will discuss how constrained devices can leverage AWS IoT to send data to the cloud and receive commands back to the device from the cloud using the protocol of their choice. We will use the AWS IoT Starter Kit to demonstrate building a real connected product, securely connect with AWS IoT using MQTT, WebSockets, and HTTP protocols, and show how developers and businesses can leverage features of AWS IoT like Device Shadows and the Rules Engine, which provides message processing and integration with other AWS services.
AWS Speaker: Boaz Ziniman, Technical Evangelist - Amazon Web Services
AWS re:Invent 2016: Effective Application Data Analytics for Modern Applicati...Amazon Web Services
IT is evolving from a cost center to a source of continuous innovation for business. At the heart of this transition are modern, revenue-generating applications, based on dynamic architectures that constantly evolve to keep pace with end-customer demands. This dynamic application environment requires a new, comprehensive approach to traditional monitoring – one based on real-time, end-to-end visibility and analytics across the entire application lifecycle and stack, instead of monitoring by piecemeal. This presentation highlights practical advice on how developers and operators can leverage data and analytics to glean critical information about their modern applications. In this session, we will cover the types of data important for today’s modern applications. We’ll discuss visibility and analytics into data sources such as AWS services (e.g., Amazon CloudWatch, AWS Lambda, VPC Flow Logs, Amazon EC2, Amazon S3, etc.), development tool chain, and custom metrics, and describe how to use analytics to understand business performance and behaviors. We discuss a comprehensive approach to monitoring, troubleshooting, and customer usage insights, provide examples of effective data analytics to improve software quality, and describe an end-to-end customer use case that highlights how analytics applies to the modern app lifecycle and stack. Session sponsored by Sumo Logic.
AWS Competency Partner
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017Amazon Web Services
Come to this talk to dive deep on running containers at any scale. Learn first hand best practices for deploying microservice architectures to Amazon EC2 Container Service (ECS), as well as everything you need to build a continuous delivery pipeline for your containers.
AWS Speaker: Paul Maddox, Specialist Solutions Architect, DevOps & Developer Technologies - Amazon Web Services
Customer Speaker: Cobus Bernard - DevOps Team Lead, HealthQ
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...Amazon Web Services
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
AWS Speaker : Danilo Poccia, Technical Evangelist - Amazon Web Services
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
In this session, we dive deep into how you can integrate Amazon CloudFront and related services into your application, be agile in developing and adapting the application, and follow best practices when configuring the services to improve security and performance, all while reducing costs. Attend this session and learn how to avoid needless forwarding of headers and cookies, test your application when making changes to the origin, version your configuration changes, monitor usage and automate security, create templates for new distributions, configure SSL/TLS certificates, and more.
A day in the life of a billion packets - AWS Summit Cape Town 2017Amazon Web Services
In this session, we will walk through the Amazon VPC network presentation and describe the problems we were trying to solve when we created it. Next, we will discuss how these problems are traditionally solved, and why those solutions are not scalable, inexpensive, or secure enough for AWS. Finally, we will provide an overview of the solution that we've implemented and discuss some of the unique mechanisms that we use to ensure customer isolation, get packets into and out of the network, and support new features like VPC endpoints.
AWS Speaker: Steve Seymour, Solution Architect - Amazon Web Services
Customer Speaker: Kim Edwards – Network Engineering, Absa
HSBC and AWS Day - Security Identity and Access ManagementAmazon Web Services
Security, Identity, and Access Management
·AWS Shared Responsibility Model
·Security measures provided by AWS
·AWS Identity and Access Management (IAM) concepts including users, groups, roles and policies
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
Getting Started with AWS Internet of Things - AWS Summit Cape Town 2017Amazon Web Services
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. In this tech talk, we will discuss how constrained devices can leverage AWS IoT to send data to the cloud and receive commands back to the device from the cloud using the protocol of their choice. We will use the AWS IoT Starter Kit to demonstrate building a real connected product, securely connect with AWS IoT using MQTT, WebSockets, and HTTP protocols, and show how developers and businesses can leverage features of AWS IoT like Device Shadows and the Rules Engine, which provides message processing and integration with other AWS services.
AWS Speaker: Boaz Ziniman, Technical Evangelist - Amazon Web Services
AWS re:Invent 2016: Effective Application Data Analytics for Modern Applicati...Amazon Web Services
IT is evolving from a cost center to a source of continuous innovation for business. At the heart of this transition are modern, revenue-generating applications, based on dynamic architectures that constantly evolve to keep pace with end-customer demands. This dynamic application environment requires a new, comprehensive approach to traditional monitoring – one based on real-time, end-to-end visibility and analytics across the entire application lifecycle and stack, instead of monitoring by piecemeal. This presentation highlights practical advice on how developers and operators can leverage data and analytics to glean critical information about their modern applications. In this session, we will cover the types of data important for today’s modern applications. We’ll discuss visibility and analytics into data sources such as AWS services (e.g., Amazon CloudWatch, AWS Lambda, VPC Flow Logs, Amazon EC2, Amazon S3, etc.), development tool chain, and custom metrics, and describe how to use analytics to understand business performance and behaviors. We discuss a comprehensive approach to monitoring, troubleshooting, and customer usage insights, provide examples of effective data analytics to improve software quality, and describe an end-to-end customer use case that highlights how analytics applies to the modern app lifecycle and stack. Session sponsored by Sumo Logic.
AWS Competency Partner
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...Amazon Web Services
Media delivery requirements are continually changing, driven by accelerating mobile, tablet, smart TV, and set-top technology advances. Broadcasters need agile solutions to the changing media and entertainment landscape that don't require multiyear projects with large upfront investments. In this session, we walk through Discovery Communications' migration of its broadcast playout and channel origination to AWS. Discovery Communications is a leader in nonfiction media, reaching more than 3 billion cumulative viewers in 220 countries and territories. Traditionally, broadcast origination for content delivered to telecommunications companies, cable TV, and satellite has existed only in on-premises data centers. In this session, we walk through Discovery's migration of broadcast playout supporting hundreds of channels worldwide to AWS. We show how Discovery has not only reduced their TCO but also has improved their agility by launching new channels on demand. We also walk through how channel origination is being deployed in a secure, automated fashion, and with a level of high availability that exceeds what is possible in a traditional data center.
AWS provides security capabilities and services to provide control over your AWS resources, how they are accessed, who can access them, and what privileges they are allowed. Access Management, Identity management, change control, and auditing can all be achieved both at a macro and granular level. In this session we’ll explore services such as AWS Identity Access Management (IAM), AWS CloudTrail, Amazon Directory Service and Amazon Inspector, so that you understand how use them effectively to manage user privilege and access. We’ll also look at Amazon Virtual Private Cloud (VPC) and how to use it’s features to build security at the network access layer. After this session you should understand and be able to: Configure Users, Groups, and Roles to manage actions, Configure monitoring and logging to audit changes in your system, and Design your AWS network using VPC for security.
AWS re:Invent 2016: Deploying and Managing .NET Pipelines and Microsoft Workl...Amazon Web Services
In this session, we’ll look at the AWS services that customers are using to build and deploy Microsoft-based solutions that use technologies like Windows, .NET, SQL Server, and PowerShell. We’ll start by showing you how to build a Windows-based CI/CD pipeline on AWS using AWS CodeDeploy, AWS CodePipeline, AWS CloudFormation, and PowerShell using an AWS Quick Start. We’ll also cover best practices for how you can create templates that let you automatically deploy ready-to-use Windows products by leveraging services and tools like AWS CloudFormation, PowerShell, and Git. Woot, an online retailer for electronics, will share how it moved from using a complex mix of custom PowerShell code for its DevOps processes to using services like Amazon EC2 Simple Systems Manager (SSM), AWS CodeDeploy, and AWS Directory Service. This migration eliminated the need for complex PowerShell scripts and reduced the operational complexity of performing operational tasks like renaming servers, joining domains, and securely handling keys.
Learn best practices for architecting fully available and scalable Microsoft solutions and environments on AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, introduce DevOps concepts, automation, and repeatability. Plan authentication and authorization, various hybrid scenarios with other cloud environment and on premise solutions/infrastructure. Learn about common architecture patterns for Active Directory and business productivity solutions like SharePoint, Exchange and Skype for Business, also common scenarios for SQL deployments and System Center.
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
In this session, we walk through the simple process of deploying and managing your own Linux-based application in the cloud and also discuss key use-cases and benefits to automated configuration, deployment, and administration of application stacks. Session sponsored by Red Hat.
In recent years, Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources. Using Docker on your local development machine is simple, but running Docker applications at scale in production can be difficult. In this session, we will discuss the difficulties of running Docker in production and how Amazon EC2 Container Service (ECS) can be used to reduce the operational burdens. We will give an overview of the core architectural principles underlying Amazon ECS., and we will walk through a number of patterns used by our customers to run their microservices platforms, to run batch jobs, and for deployments and continuous integration. We will also demonstrate how to define multi-container applications, deploy and scale them seamlessly on a cluster with Amazon ECS.
Learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
How do you do continuous delivery when using Docker and Amazon ECS?
In this session, we’ll explore basic continuous integration and delivery concepts and how they can be applied to Docker and Amazon ECS. We will discuss how you can use AWS CodePipeline to monitor a GitHub repository for new commits, AWS CodeBuild to create a new Docker container image and to push it into Amazon ECR, and AWS CloudFormation to deploy the new container image to production on Amazon ECS. We will end with a demo of this entire toolchain.
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)Amazon Web Services
In the digital economy, the fast development and deployment of applications is critical to success. To thrive in this application-oriented business environment, IT organizations are acting now to change their tools and processes to better support agile development methodologies. This session will cover performance benchmarking, benefits of migrating existing workloads, use of key services like Amazon RDS and AWS CloudHSM, and demonstrate how to deploy applications securely and at scale. Session sponsored by Cisco.
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...Amazon Web Services
In this session, we show how to seamlessly transition VOD, live, and other advanced media workflows from on-premises deployments to the cloud. Cinépolis will provide an overview of their transcoding solution on AWS and how they have seamlessly expanded the solution increasing their customer reach. We'll show real world examples of the API calls used to configure and control all elements of the workflow including compression and origination. And how standard AWS services can be media-optimized with Elemental Technologies to form a robust live solution.
Learn more about the role and tasks of a container management solution and analyze how four common container management solutions - Amazon EC2 Container Service, Docker for AWS, Kubernetes, and Apache Mesos - stack against each other.
Choosing the Right Cloud Storage for Media and Entertainment Workloads - Apri...Amazon Web Services
- Learn about various AWS storage tiers with respect to cost, performance, throughput and durability for large-scale distributed processing workloads.
- Learn about various AWS storage tiers with respect to unique media workloads such as transcoding, QC, VFX/Animation rendering.
Learn about using AWS storage services for hybrid workloads for both content repositories in the cloud and processing on-premises or vice versa.
- Learn about AWS storage options and how to migrate legacy media applications running on the cloud to re-engineered applications.
- Learn about shared filesystem options on AWS including Amazon EFS and how to build your own using partner products on Amazon EC2 and Amazon EBS.
Media companies, driven by higher resolution and an increasing amount of content due to direct B2C delivery, are looking to cost effectively leverage cloud compute scalability. Emerging use cases, such as Media Supply Chains, VFX/Animation rendering, and transcoding for OTT streaming, require careful planning when being deployed to the cloud. Storage is an important component critical to the performance and processing of media.
Amazon Web Services provides a variety of highly available, cost effective storage solutions that can deliver the right performance for the underlying application. This technical session will discuss various cloud storage strategies for different content processing workloads. We will take a deep dive at Media Supply Chains (including content transcoding, QC, mastering and packaging), post production tasks in the cloud, and other Media & Entertainment workloads.
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
In this session, we’ll show how customers can use management tools to standardize the creation of AWS resources and then govern these resources through the lifecycle. By using AWS CloudFormation and AWS Service Catalog to provision resources at scale, AWS Config to audit any changes to the configuration of these resources, Amazon CloudWatch to monitor the health of these resources, and AWS CloudTrail to audit who or what made API calls to these resources, customers can automate and scale the administration of their infrastructure on AWS. They can even go one step further and automate compliance checking and remediation by using AWS Config rules and Amazon CloudWatch Events. We will demo how this is possible by looking at some common use cases.
Big Data Commercialization and associated IoT Platform Implications by Ramnik...Data Con LA
Abstract:- IoT Market overview and Verizon’s focus on specific IoT verticals (AgTech, Energy, Share, etc.), Criteria for evaluation of IoT data analytics opportunities, Platform considerations for big data solutions (security, network and platform connectivity, data analytics processing/storage, applications etc.), Examples of a few big data solutions at Verizon
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...Amazon Web Services
Media delivery requirements are continually changing, driven by accelerating mobile, tablet, smart TV, and set-top technology advances. Broadcasters need agile solutions to the changing media and entertainment landscape that don't require multiyear projects with large upfront investments. In this session, we walk through Discovery Communications' migration of its broadcast playout and channel origination to AWS. Discovery Communications is a leader in nonfiction media, reaching more than 3 billion cumulative viewers in 220 countries and territories. Traditionally, broadcast origination for content delivered to telecommunications companies, cable TV, and satellite has existed only in on-premises data centers. In this session, we walk through Discovery's migration of broadcast playout supporting hundreds of channels worldwide to AWS. We show how Discovery has not only reduced their TCO but also has improved their agility by launching new channels on demand. We also walk through how channel origination is being deployed in a secure, automated fashion, and with a level of high availability that exceeds what is possible in a traditional data center.
AWS provides security capabilities and services to provide control over your AWS resources, how they are accessed, who can access them, and what privileges they are allowed. Access Management, Identity management, change control, and auditing can all be achieved both at a macro and granular level. In this session we’ll explore services such as AWS Identity Access Management (IAM), AWS CloudTrail, Amazon Directory Service and Amazon Inspector, so that you understand how use them effectively to manage user privilege and access. We’ll also look at Amazon Virtual Private Cloud (VPC) and how to use it’s features to build security at the network access layer. After this session you should understand and be able to: Configure Users, Groups, and Roles to manage actions, Configure monitoring and logging to audit changes in your system, and Design your AWS network using VPC for security.
AWS re:Invent 2016: Deploying and Managing .NET Pipelines and Microsoft Workl...Amazon Web Services
In this session, we’ll look at the AWS services that customers are using to build and deploy Microsoft-based solutions that use technologies like Windows, .NET, SQL Server, and PowerShell. We’ll start by showing you how to build a Windows-based CI/CD pipeline on AWS using AWS CodeDeploy, AWS CodePipeline, AWS CloudFormation, and PowerShell using an AWS Quick Start. We’ll also cover best practices for how you can create templates that let you automatically deploy ready-to-use Windows products by leveraging services and tools like AWS CloudFormation, PowerShell, and Git. Woot, an online retailer for electronics, will share how it moved from using a complex mix of custom PowerShell code for its DevOps processes to using services like Amazon EC2 Simple Systems Manager (SSM), AWS CodeDeploy, and AWS Directory Service. This migration eliminated the need for complex PowerShell scripts and reduced the operational complexity of performing operational tasks like renaming servers, joining domains, and securely handling keys.
Learn best practices for architecting fully available and scalable Microsoft solutions and environments on AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, introduce DevOps concepts, automation, and repeatability. Plan authentication and authorization, various hybrid scenarios with other cloud environment and on premise solutions/infrastructure. Learn about common architecture patterns for Active Directory and business productivity solutions like SharePoint, Exchange and Skype for Business, also common scenarios for SQL deployments and System Center.
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
In this session, we walk through the simple process of deploying and managing your own Linux-based application in the cloud and also discuss key use-cases and benefits to automated configuration, deployment, and administration of application stacks. Session sponsored by Red Hat.
In recent years, Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources. Using Docker on your local development machine is simple, but running Docker applications at scale in production can be difficult. In this session, we will discuss the difficulties of running Docker in production and how Amazon EC2 Container Service (ECS) can be used to reduce the operational burdens. We will give an overview of the core architectural principles underlying Amazon ECS., and we will walk through a number of patterns used by our customers to run their microservices platforms, to run batch jobs, and for deployments and continuous integration. We will also demonstrate how to define multi-container applications, deploy and scale them seamlessly on a cluster with Amazon ECS.
Learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
How do you do continuous delivery when using Docker and Amazon ECS?
In this session, we’ll explore basic continuous integration and delivery concepts and how they can be applied to Docker and Amazon ECS. We will discuss how you can use AWS CodePipeline to monitor a GitHub repository for new commits, AWS CodeBuild to create a new Docker container image and to push it into Amazon ECR, and AWS CloudFormation to deploy the new container image to production on Amazon ECS. We will end with a demo of this entire toolchain.
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)Amazon Web Services
In the digital economy, the fast development and deployment of applications is critical to success. To thrive in this application-oriented business environment, IT organizations are acting now to change their tools and processes to better support agile development methodologies. This session will cover performance benchmarking, benefits of migrating existing workloads, use of key services like Amazon RDS and AWS CloudHSM, and demonstrate how to deploy applications securely and at scale. Session sponsored by Cisco.
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...Amazon Web Services
In this session, we show how to seamlessly transition VOD, live, and other advanced media workflows from on-premises deployments to the cloud. Cinépolis will provide an overview of their transcoding solution on AWS and how they have seamlessly expanded the solution increasing their customer reach. We'll show real world examples of the API calls used to configure and control all elements of the workflow including compression and origination. And how standard AWS services can be media-optimized with Elemental Technologies to form a robust live solution.
Learn more about the role and tasks of a container management solution and analyze how four common container management solutions - Amazon EC2 Container Service, Docker for AWS, Kubernetes, and Apache Mesos - stack against each other.
Choosing the Right Cloud Storage for Media and Entertainment Workloads - Apri...Amazon Web Services
- Learn about various AWS storage tiers with respect to cost, performance, throughput and durability for large-scale distributed processing workloads.
- Learn about various AWS storage tiers with respect to unique media workloads such as transcoding, QC, VFX/Animation rendering.
Learn about using AWS storage services for hybrid workloads for both content repositories in the cloud and processing on-premises or vice versa.
- Learn about AWS storage options and how to migrate legacy media applications running on the cloud to re-engineered applications.
- Learn about shared filesystem options on AWS including Amazon EFS and how to build your own using partner products on Amazon EC2 and Amazon EBS.
Media companies, driven by higher resolution and an increasing amount of content due to direct B2C delivery, are looking to cost effectively leverage cloud compute scalability. Emerging use cases, such as Media Supply Chains, VFX/Animation rendering, and transcoding for OTT streaming, require careful planning when being deployed to the cloud. Storage is an important component critical to the performance and processing of media.
Amazon Web Services provides a variety of highly available, cost effective storage solutions that can deliver the right performance for the underlying application. This technical session will discuss various cloud storage strategies for different content processing workloads. We will take a deep dive at Media Supply Chains (including content transcoding, QC, mastering and packaging), post production tasks in the cloud, and other Media & Entertainment workloads.
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
In this session, we’ll show how customers can use management tools to standardize the creation of AWS resources and then govern these resources through the lifecycle. By using AWS CloudFormation and AWS Service Catalog to provision resources at scale, AWS Config to audit any changes to the configuration of these resources, Amazon CloudWatch to monitor the health of these resources, and AWS CloudTrail to audit who or what made API calls to these resources, customers can automate and scale the administration of their infrastructure on AWS. They can even go one step further and automate compliance checking and remediation by using AWS Config rules and Amazon CloudWatch Events. We will demo how this is possible by looking at some common use cases.
Big Data Commercialization and associated IoT Platform Implications by Ramnik...Data Con LA
Abstract:- IoT Market overview and Verizon’s focus on specific IoT verticals (AgTech, Energy, Share, etc.), Criteria for evaluation of IoT data analytics opportunities, Platform considerations for big data solutions (security, network and platform connectivity, data analytics processing/storage, applications etc.), Examples of a few big data solutions at Verizon
Integrating the CDO Role Into Your Organization; Managing the Disruption (MIT...Caserta
The role of the Chief Data Officer (CDO) has become integral to the evolution needed to turn a wisdom-driven company into an analytics-driven company. With Data Governance at the core of your responsibility, moving the innovation meter is a global challenge among CDOs. Specifically the CDO must:
• Provide a single point of accountability for data initiatives and issues
• Innovate ways to use existing data and evangelize a data vision for the organization
• Support & enforce data governance policies via outreach, training & tools
• Work with IT to develop/maintain an enterprise data repository
• Set standards for analytical reporting and generate data insights through data science
In this session, Joe Caserta addresses real-word CDO challenges, shares techniques to overcome them, manage corporate disruption and achieve success.
Rio Cloud Computing Meetup 25/01/2017 - Lançamentos do AWS re:Invent 2016Filipe Barretto
Palestra realizada no Rio Cloud Computing Meetup, apresentando os principais lançamentos durante o AWS re:Invent 2016, divulgados nas palestras do Andy Jassy, CEO da AWS, e do Werner Vogels, CTO da Amazon.
Everything generates logs. Applications, infrastructure, security ... everything. Keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. In this session, we will use both Amazon CloudWatch and application logs to show you how to build an end-to-end log analytics solution. First, we cover how to configure an Amazon Elaticsearch Service domain and ingest data into it using Amazon Kinesis Firehose, demonstrating how easy it is to transform data with Firehose. We look at best practices for choosing instance types, storage options, shard counts, and index rotations based on the throughput of incoming data and configure a secure analytics environment. We demonstrate how to set up a Kibana dashboard and build custom dashboard widgets. Finally, we dive deep into the Elasticsearch query DSL and review approaches for generating custom, ad-hoc reports.
AWS Summit - Trends in Advanced Monitoring for AWS environmentsAndreas Grabner
Why you have to rethink your monitoring strategy when moving or building apps for new stack cloud based environments:
#1: Why "the old way" of monitoring doesnt work any longer!
#2: How the Cloud and New Stack has transformed Dynatrace!
#3: How Dynatrace Redefined Monitoring for Cloud Applications
Come along to this session to learn how large scale systems like SAP, Oracle, Microsoft and others are being used by enterprise customers of all shapes and sizes. In this session you will discover some of the challenges and approaches that will make you successful in deploying and operating these systems on AWS. This is a must session for enterprise customers that are looking at moving material workloads into the cloud.
Lifehacking met Evernote is een Nederlandstalig handboek voor Evernote - het digitale notitieboekje voor je computer, tablet én smartphone.
Geschreven door Frank Meeuwsen, Oskar van Rijswijk en Patrick Mackaaij.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and how you can inherit controls from the rich compliance and accreditation programs maintained by AWS.
After IAM and Detective Controls you’ll turn to Infrastructure Security, which means tuning AWS Service configurations, AMI composition, and hardening other digital assets that will be deployed. We will cover how to define networking architecture (e.g. VPC, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows, and how to determine Vulnerability Management and operational maintenance cadence.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
by Eric Rose, Sr. Security Consultant, AWS
After you have built and deployed a security infrastructure and automated key aspects of security operations, you should validate your work through an incident response simulation. In this session, you will learn about the best way to protect your logs; how and why to develop automated incident response capabilities via AWS tooling such as AWS Lambda; the importance of testing existing forensics tools to ensure efficacy in the cloud environment; and ways to test your plan early and often.
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
Managing AWS and hybrid environments securely and safely while having actionable insights is an operational priority and business driver for all customers. Using SSH or RDP sessions could lead to unintended or malicious outcomes with no traceability. Learn to use Amazon EC2 Systems Manager to improve your security posture, automate at scale, and minimize application downtime for both Windows and Linux workloads. Easily author configurations to automate your infrastructure without SSH access, and control the blast radius of configuration changes. Get a cross-account and cross-region view of what’s installed and running on your servers or instances. Learn to use Systems Manager to securely store, manage, and retrieve secrets. You can also run patch compliance checks on the fleet to react to malware and vulnerabilities within minutes, while still providing granular control to users with different privilege levels and full auditability. You will hear from FINRA, the Financial Industry Regulatory Authority, on how they use Systems Manager to safely manage their Enterprise environment.
by Brad Dispensa, Sr.SA–Security and Compliance
At AWS, security is job zero and we have architected our infrastructure for the most data-sensitive organizations in the world. In this session, we will cover our Shared Responsibility Model in relation to Security and our Compliance Program, and what that means for our customers when using our suite of storage services.
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
Your application is exposed to a variety of threats from common distributed attacks to sophisticated zero-day vectors. Learn how to architect beyond the region and take advantage of the AWS Edge Network and upgrade your security posture with easy to deploy solutions that scale. At this session you will learn how to I ensure your application will withstand malicious threats and DDoS attacks, what role does architecture play in your security posture, and how professional services and partners like Flux7 can help.
by Steve Laino, GRC Consultant, AWS
After AWS IAM and detective controls, the afternoon at AWS Security Week turns to infrastructure security, which means tuning AWS service configurations, AMI composition, and hardening other digital assets that will be deployed. You will learn how to define networking architecture (VPCs, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows; and how to determine vulnerability management and operational maintenance cadence.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often.
by Cameron Worrell, Solutions Architect, AWS
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
by Cameron Worrell, Sr. Solutions Architect, AWS
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
by Brad Dispensa, Sr. Solutions Architect, AWS
Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session we will cover how you can use secure configuration and automation to monitor, audit, and enforce your security policies within an AWS environment. Level 200
Whether you’re just beginning to explore cloud computing or adopting it at enterprise-scale, it is important to build security into your architecture. But where do you begin? This requires a thorough understanding of your shared security responsibilities as well as familiarity with the tools available to address these issues.
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Amazon Web Services
How can you architect your applications for regulatory and organisational compliance? How can you automate security, auditability, and governance controls using best practice? In this session, Accenture draws from real-world examples to showcase how the cloud can strengthen your security and compliance posture, while ensuring maximum agility – articulated through the lifecycle of an application moving to the cloud.
Speaker: Chris Fleischmann, Managing Director, Journey To Cloud, Accenture
Level: 200
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
AWS Security Week at the San Francisco Loft: Introduction to Threat Detection and Remediation on AWS
Presenter: Jeff Levine, Sr. Security Solutions Architect, AWS
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance. Thomson Reuters shared their journey and their approach to a multi-account strategy. At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
We encourage you attend the full multi-account track:
SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session)
SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk)
ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session)
SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop)
SID308: Multi-Account Strategies (Chalk Talk)"
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
6. Security Ownership as Part of DNA
Promotes culture of “everyone is an owner” for security
Makes security stakeholder in business success
Enables easier and smoother communication
Distributed Embedded
8. Technology to Automate Operational Principles
Visibility through log analytics
Shrinking the protection boundaries
Ubiquitous encryption
9. How AWS Handles Security at Scale
Work
generator
Corp
S3
Results
processor
SNS
Lambda
(async)
Scan target
Lambda
(sync)
10. How Fast is the Analysis?
• Scan cadence: continual! (not batch)
• Mean time to detect & respond = ~7.5 minutes
• ~5 min for CloudTrail log file to be produced
• ~0 min for scan to begin (on order of seconds!)
• ~0 min scan time (on order of milliseconds!)
• ~2.5 min for results processor to ticket (runs every 5 min*)
• Worst case: ~10 minutes
• Best case: ~5 minutes
11. Autoticketing
• Find and close gaps in security monitoring
• Be highly accurate and actionable
• Deliver results with low latency
12. How we make it even faster?
• Drink our own ale! CloudWatch Events
• Increase result processor run frequency
• It takes < 1 minute per run on average
• Change invocation to run every minute
• New worst case = 1 minute
• MTTD ≤ 1 minute
• (For your own use: see eg https://github.com/capitalone/cloud-
custodian )
13. I wish I was a Solid
State Drive in
someone else’s
Datacentre…
27. Flow Log Record Structure
Event-Version
Account Number
ENI-ID
Source-IP
Destination-IP
SourcePort
Destination-Port
Protocol Number
Number of Packets
Number of Bytes
Start-Time Window
End-Time Window
Action
State
2 123456789 eni-31607853 172.16.0.10 172.16.0.172 80 41707 6 1 40 1440402534 1440402589
ACCEPT OK
35. Introducing AWS Organizations
Control AWS service
use across accounts
Policy-based management for multiple AWS accounts.
Consolidate billingAutomate AWS
account creation
36. Industry Best Practices for
Securing AWS Resources
CIS Amazon Web Services Foundations
Architecture agnostic set of security configuration
best practices
provides set-by-step implementation and
assessment procedures
41. More on SCPs
But:
• you don't have to apply an SCP before you populate your account with
assets...
• this lends the idea of "immutable infrastructure" to other services, from
the point of view of the child accounts
• (including Serverless)
• eg:
• S3 websites which can't have their contents changed
• Lambda functions which are invoke-only "black boxes"
• ACM cert / key pairs which can't be deleted
• Prevent CloudTrail, Config ever being turned off
• ...
60. Security + DevOps = DevSecOps
DevOps = Efficiencies that speed up this lifecycle
DevSecOps = Validate building blocks without slowing lifecycle
developers customers
releasetestbuild
plan monitor
delivery pipeline
feedback loop
Software development lifecycle
Security
61. CI/CD for DevOps
Version
Control
CI Server
Package
Builder
Deploy Server
Commit to
Git/masterDev
Get /
Pull
Code
AMIs
Send Build Report to Dev
Stop everything if build failed
Distributed Builds
Run Tests in parallel
Staging Env
Test Env
Code
Config
Tests
Prod Env
Push
Config
Install
Create
Repo
CloudFormation
Templates for Environment
Generate
69. New Security and Compliance Webinar Series
Getting Started with AWS Security: https://www.brighttalk.com/webcast/9019/256391
AWS Security Checklist: https://www.brighttalk.com/webcast/9019/257297
Automating Security Event Response: https://www.brighttalk.com/webcast/9019/258547
Compliance with AWS – Verifying AWS Security:: https://www.brighttalk.com/webcast/9019/260695
Securing Enterprise Big Data Workloads:
https://www.brighttalk.com/webcast/9019/261911
Architecting Security across Multi-Acct Architectures: https://www.brighttalk.com/webcast/9019/261915
AWS Security Best Practices: https://www.brighttalk.com/webcast/9019/264011
Software Security and Best Practices: https://www.brighttalk.com/webcast/9019/264917
72. Luno
• Bitcoin for everyone, everywhere
• Engineering team in Cape Town
• Offices in London, Cape Town and Singapore
• Customers in Europe, Africa and South-East Asia
• https://www.luno.com
74. Introduction to Bitcoin
• Decentralised digital currency based on cryptography
• Uses a “blockchain” to record transactions on a decentralized ledger
• Uses public-key cryptography to authorise transactions
• Critically: The private key is required to sign transactions. If an attacker accesses a
private key, they can steal the funds attached to it.
75. Challenges
Many Bitcoin companies have been hacked in the past:
• MtGox 2014 $7M stolen
• Bitstamp 2015 $5M stolen
• Bitfinex 2016 $70M stolen
Security is a massive existential priority.
Luno has never been hacked (but not for lack of trying).
76. How to store Bitcoin securely
When you’re securing something as critical as Bitcoin, you can’t trust anyone.
• Key splitting: Require multiple counterparties to sign transactions
• Airgaps: Store keys on computers without internet access
• Physical vaults: Store private keys split between multiple bank vaults and countries
• Multiple people: Design systems so that multiple people are always required to
access keys and approve transactions
• Redundant layers: Have redundant layers so that any attacks on one layer are still
blocked at other layers
77. Security using AWS
• Virtual Private Cloud (VPC): Isolated network, use VPN to access
• Security Groups: Setup fine-grained firewall rules to whitelist network access
between instances
• Identity Access Management (IAM): Fine-grained control over access permissions
for users and API keys
• Elastic Load Balancer (ELB), Cloudfront: Mitigate DDOS by scaling
• AWS Certificate Manager (ACM): Issue SSL certificates for ELBs quickly and easily
• Cloudtrail Logs: Centralized log aggregation
78. Luno architecture
• Microservice architecture
• Docker containers running on
EC2 instances
• Backends are all written in Go
• MySQL instances on RDS
• Cape Town engineering team
Bitcoin
Banks
Load Balancers
(ELB)
VPN
MySQL
(RDS)
Redis
(ElastiCache)
Storage
(S3)
Frontends
(EC2/Docker/Go)
Backends
(EC2/Docker/Go)
Monitoring
(Cloudwatch+Prometheus)
GRPC
VPC
79. Impact of AWS
Implementing the necessary security procedures by leveraging AWS services like security
groups, VPC and IAM is 10x faster than building from scratch.
We’ve passed multiple security audits (Sensepost, Deloitte, MWR, etc) and withstood
many attacks without any successful theft of Bitcoin.
In addition to security, AWS made it easy to scale up as our customer base has grown
globally using services like RDS, ElastiCache, CloudFront and ELB.
80. Luno engineering
Join our talented team to scale systems and security in this fast-growing industry
https://www.luno.com/careers