In order to ensure security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all of these accounts. In this session, you will learn how to use AWS CloudFormation and AWS Organizations to execute security best practices (AWS CloudTrail, AWS Config, Flow Logs, S3 Access logs, etc...) in scenarios where you are managing many AWS accounts across an organization. You will see how to leverage Service Catalog across multiple accounts. Learn how to store all of these logs in a centralized logging system such as Amazon ElasticSearch Service, set up alerts, and drift detection on anomalous or high-risk activity.
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
This webinar will examine concepts for managing sensitive data in AWS. For example, using tools to encrypt client access with AWS Certificate Manager; secret management with AWS Systems Manager Parameter Store and its integration with deployment pipelines; and how to encrypt data at rest to ensure privacy.
What if security became the reason to move an application to the cloud? Historically, security has been a necessary afterthought. Today, with AWS, security is moving from obligation to advantage. Here, you'll get a glimpse of tools and techniques that enterprise customers are using today to secure their AWS environments at scale.
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
As customers migrate to the cloud, IT needs to maintain structured compliance and governance while providing developers with the flexibility to manage cloud resources at scale. AWS provides a set of management tools that enables you to programmatically provision, monitor, and automate the components of your cloud environment. In this session, learn how you can use these tools to maintain consistent controls without restricting development velocity.
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
Amazon Elasticsearch Service has a rich set of security features that give you control over access to data in your domain. Whether you're using Amazon Cognito to integrate with your federated identity provider for a Kibana login, building a VPC application and integrating search, or using IAM for fine-grained access, you need to understand your options so you can keep your data safe. Leave this session with a practical set of tools for security.
Get the latest on what we've been developing in Amazon S3. In this session, learn about new advances in S3 performance, security, data protection, storage management, and much more. We'll discuss how to apply the appropriate bucket policies and encryption configurations to enhance security, use S3 Select to accelerate queries, and take advantage of object tagging for data classification.
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
This webinar will examine concepts for managing sensitive data in AWS. For example, using tools to encrypt client access with AWS Certificate Manager; secret management with AWS Systems Manager Parameter Store and its integration with deployment pipelines; and how to encrypt data at rest to ensure privacy.
What if security became the reason to move an application to the cloud? Historically, security has been a necessary afterthought. Today, with AWS, security is moving from obligation to advantage. Here, you'll get a glimpse of tools and techniques that enterprise customers are using today to secure their AWS environments at scale.
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
As customers migrate to the cloud, IT needs to maintain structured compliance and governance while providing developers with the flexibility to manage cloud resources at scale. AWS provides a set of management tools that enables you to programmatically provision, monitor, and automate the components of your cloud environment. In this session, learn how you can use these tools to maintain consistent controls without restricting development velocity.
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
Amazon Elasticsearch Service has a rich set of security features that give you control over access to data in your domain. Whether you're using Amazon Cognito to integrate with your federated identity provider for a Kibana login, building a VPC application and integrating search, or using IAM for fine-grained access, you need to understand your options so you can keep your data safe. Leave this session with a practical set of tools for security.
Get the latest on what we've been developing in Amazon S3. In this session, learn about new advances in S3 performance, security, data protection, storage management, and much more. We'll discuss how to apply the appropriate bucket policies and encryption configurations to enhance security, use S3 Select to accelerate queries, and take advantage of object tagging for data classification.
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place, runbook updates specific to AWS, and we show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
After IAM you want to have Detective Controls in place to have visibility into your deployments. In this session we’ll cover visibility at the AWS platform level, the application, Operating System and network levels and how to build monitoring solutions at scale leverage AWS services that turn logging data into security insight.
Do you work with too many tools? In this session, learn how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...Amazon Web Services
In this session, we discuss how you should be building your runbooks and security incident report system (SIRS) using your company's real-world configuration and processes. Our goal is to give you an easier way to start your runbooks and create a SIRS. Now you can be the hero for your company by building a strategy and finding out how secure you are. You also learn more about why you should be running a DevSecOps pipeline and how it will help your team find threats in your production environment. Finally, learn how things are different in each level of environment and where your developers should be working.
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
In this session, we cover the most common cloud security questions that we hear from customers. We provide detailed answers for each question, distilled from our practical experience working with organizations around the world. This session is for everyone who is curious about the cloud, cautious about the cloud, or excited about the cloud.
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Amazon Web Services
To help manage the risk of downtime, AWS Support offers tools, such as Personal Health Dashboard (PHD) and Trusted Advisor (TA), that enable you to monitor your environments and automate actions for compliance with best practices. In this session, we review how AWS Support tools monitor your resources, provide alerts for issues, and automate best practice recommendations and remediation. We also showcase the integration of these tools with Alexa for Business to make it easier to access information about your AWS environment just by asking Alexa. Join us to see how you can optimize your AWS environment and reduce risk by implementing automation of AWS best practice recommendations from with AWS Support tools. Bring your own laptop.
In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
Traditional data center environments have regarded the network boundary as a stable perimeter of defense, using gateway firewalls for effective protection. The public cloud, however, is exposing a plethora of hosted services directly to its users, bypassing traditional network filtering technologies, and effectively creating new perimeters around the various services and data element. Examples of these new perimeters include Amazon S3 buckets, Amazon EBS snapshots, and AWS Lambda functions. This session is brought to you by AWS partner, Dome9 Security Inc.
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
Deploying Microsoft products on AWS is fast, easy, and cost-effective. Before deploying these applications to production, it's helpful to have guidance on approaches for securing them. In this session, we outline the principles for protecting the environment of Microsoft applications hosted on AWS, with a focus on risk assessment, reducing attack surface, adhering to the principle of least privilege, and protecting data.
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
Landing Zones: Creating a Foundation for Your AWS Migrations
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
Ali Juzer, Cloud Architect, Professional Services, Amazon Web Services
Using AWS CloudTrail to Enhance Governance and Compliance of Amazon S3 - DEV3...Amazon Web Services
As organizations move their workloads to the cloud, companies must take steps to protect and audit their private and confidential information. This session focuses on Amazon S3 best practices and using AWS CloudTrail Data Events to help better protect data residing within Amazon S3. The session includes a demonstration to show how CloudTrail, in combination with other AWS services, can help with Amazon S3 governance and compliance requirements.
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...Amazon Web Services
Zocdoc, an online healthcare scheduling service, receives more than 6 million patient visits monthly. In less than 12 months, Zocdoc became a cloud-first organization to meet their business goals. This digital transformation allowed for rapid innovation and the ability to deliver products that align with demands of the 21st-century patient. In this session, Brian Lozada, CISO at Zocdoc, and Jay Ball, Head of Application Security, explain how Zocdoc uses AWS security services to seamlessly and automatically monitor, audit, and enforce their security policies within all their AWS environments. They use AWS security services, such as AWS Config, Amazon GuardDuty, Amazon Inspector, and AWS Shield, while using AWS Lambda functions to augment their security team, all without slowing down their developers.
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
There are many ways to improve your security controls in AWS accounts. In this session, we'll cover how to leverage guidelines from the Center of Internet Security (CIS), how to augment security checks, and how to build and secure AWS resources with additional tools. Armed with the information in this session, you will be able to harden new AWS accounts and implement security best practices from Day One.
Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
In this chalk talk, we discuss why using temporary security credentials to manage access to your AWS resources is an AWS Identity and Access Management (AWS IAM) best practice. IAM roles help you follow this best practice by delivering and rotating temporary credentials automatically. We discuss the different types of IAM roles, the assume role functionality, and how to author fine-grained trust and access policies that limit the scope of IAM roles. We then show you how to attach IAM roles to your AWS resources, such as Amazon EC2 instances and AWS Lambda functions. We also discuss migrating applications that use long-term AWS access keys to temporary credentials managed by IAM roles.
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
As customers migrate to the cloud, IT needs to maintain structured compliance and governance while providing developers with the flexibility to manage cloud resources at scale. In this session, learn how AWS management tools provide a set of services to track changes to resources, audit actions, manage change, and gain insights. We also show how you can use built-in safety controls to automatically perform actions and remediation across multiple regions and accounts. This session is beneficial to IT and system administrators who are interested in using native AWS tools to operate secure and compliant infrastructure on AWS.
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...Amazon Web Services
In this session, you’ll learn how to enable governance compliance and undertake operational and risk auditing of your AWS account through a combination of continuous monitoring auditing and evaluation of your AWS resources. With AWS management tools you can see a history of AWS API calls for your account, review changes in configurations and relationships among AWS resources, and dive into detailed resource configuration histories. You can determine your overall compliance with the configurations specified in your internal guidelines and you can give developers and systems administrators a secure and compliant means to create and manage AWS resources.
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place, runbook updates specific to AWS, and we show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
After IAM you want to have Detective Controls in place to have visibility into your deployments. In this session we’ll cover visibility at the AWS platform level, the application, Operating System and network levels and how to build monitoring solutions at scale leverage AWS services that turn logging data into security insight.
Do you work with too many tools? In this session, learn how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...Amazon Web Services
In this session, we discuss how you should be building your runbooks and security incident report system (SIRS) using your company's real-world configuration and processes. Our goal is to give you an easier way to start your runbooks and create a SIRS. Now you can be the hero for your company by building a strategy and finding out how secure you are. You also learn more about why you should be running a DevSecOps pipeline and how it will help your team find threats in your production environment. Finally, learn how things are different in each level of environment and where your developers should be working.
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
In this session, we cover the most common cloud security questions that we hear from customers. We provide detailed answers for each question, distilled from our practical experience working with organizations around the world. This session is for everyone who is curious about the cloud, cautious about the cloud, or excited about the cloud.
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Amazon Web Services
To help manage the risk of downtime, AWS Support offers tools, such as Personal Health Dashboard (PHD) and Trusted Advisor (TA), that enable you to monitor your environments and automate actions for compliance with best practices. In this session, we review how AWS Support tools monitor your resources, provide alerts for issues, and automate best practice recommendations and remediation. We also showcase the integration of these tools with Alexa for Business to make it easier to access information about your AWS environment just by asking Alexa. Join us to see how you can optimize your AWS environment and reduce risk by implementing automation of AWS best practice recommendations from with AWS Support tools. Bring your own laptop.
In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
Traditional data center environments have regarded the network boundary as a stable perimeter of defense, using gateway firewalls for effective protection. The public cloud, however, is exposing a plethora of hosted services directly to its users, bypassing traditional network filtering technologies, and effectively creating new perimeters around the various services and data element. Examples of these new perimeters include Amazon S3 buckets, Amazon EBS snapshots, and AWS Lambda functions. This session is brought to you by AWS partner, Dome9 Security Inc.
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
Deploying Microsoft products on AWS is fast, easy, and cost-effective. Before deploying these applications to production, it's helpful to have guidance on approaches for securing them. In this session, we outline the principles for protecting the environment of Microsoft applications hosted on AWS, with a focus on risk assessment, reducing attack surface, adhering to the principle of least privilege, and protecting data.
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
Landing Zones: Creating a Foundation for Your AWS Migrations
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
Ali Juzer, Cloud Architect, Professional Services, Amazon Web Services
Using AWS CloudTrail to Enhance Governance and Compliance of Amazon S3 - DEV3...Amazon Web Services
As organizations move their workloads to the cloud, companies must take steps to protect and audit their private and confidential information. This session focuses on Amazon S3 best practices and using AWS CloudTrail Data Events to help better protect data residing within Amazon S3. The session includes a demonstration to show how CloudTrail, in combination with other AWS services, can help with Amazon S3 governance and compliance requirements.
How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as...Amazon Web Services
Zocdoc, an online healthcare scheduling service, receives more than 6 million patient visits monthly. In less than 12 months, Zocdoc became a cloud-first organization to meet their business goals. This digital transformation allowed for rapid innovation and the ability to deliver products that align with demands of the 21st-century patient. In this session, Brian Lozada, CISO at Zocdoc, and Jay Ball, Head of Application Security, explain how Zocdoc uses AWS security services to seamlessly and automatically monitor, audit, and enforce their security policies within all their AWS environments. They use AWS security services, such as AWS Config, Amazon GuardDuty, Amazon Inspector, and AWS Shield, while using AWS Lambda functions to augment their security team, all without slowing down their developers.
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
There are many ways to improve your security controls in AWS accounts. In this session, we'll cover how to leverage guidelines from the Center of Internet Security (CIS), how to augment security checks, and how to build and secure AWS resources with additional tools. Armed with the information in this session, you will be able to harden new AWS accounts and implement security best practices from Day One.
Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
In this chalk talk, we discuss why using temporary security credentials to manage access to your AWS resources is an AWS Identity and Access Management (AWS IAM) best practice. IAM roles help you follow this best practice by delivering and rotating temporary credentials automatically. We discuss the different types of IAM roles, the assume role functionality, and how to author fine-grained trust and access policies that limit the scope of IAM roles. We then show you how to attach IAM roles to your AWS resources, such as Amazon EC2 instances and AWS Lambda functions. We also discuss migrating applications that use long-term AWS access keys to temporary credentials managed by IAM roles.
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
As customers migrate to the cloud, IT needs to maintain structured compliance and governance while providing developers with the flexibility to manage cloud resources at scale. In this session, learn how AWS management tools provide a set of services to track changes to resources, audit actions, manage change, and gain insights. We also show how you can use built-in safety controls to automatically perform actions and remediation across multiple regions and accounts. This session is beneficial to IT and system administrators who are interested in using native AWS tools to operate secure and compliant infrastructure on AWS.
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...Amazon Web Services
In this session, you’ll learn how to enable governance compliance and undertake operational and risk auditing of your AWS account through a combination of continuous monitoring auditing and evaluation of your AWS resources. With AWS management tools you can see a history of AWS API calls for your account, review changes in configurations and relationships among AWS resources, and dive into detailed resource configuration histories. You can determine your overall compliance with the configurations specified in your internal guidelines and you can give developers and systems administrators a secure and compliant means to create and manage AWS resources.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Iolaire Mckinnon, Senior Consultant, Security, Risk & Compliance, AWS
A Deep Dive into the best practice guidelines for securing your workloads in AWS cloud.
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitAmazon Web Services
In this session, learn how to address threat detection and remediation at AWS. We summarize the challenges of traditional threat detection efforts and explain how AWS helps you address them in a cloud environment. We also provide an overview of key AWS
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Amazon Web Services
As customers are looking to build Data lakes to AWS, managing security, catalog and data quality becomes a challenge. Once data is put on Amazon S3, there are multiple processing engines to access it. This could be either through a SQL interface, programmatic, or using API. Customers require federated access to their data with strong controls around Authentication, Authorization, Encryption, and Audit. In this session, we explore the major AWS analytics services and platforms that customers can use to access data in the data Lake and provide best practices on securing them.
This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss best practices and approaches for managing your Microsoft Windows-based infrastructure on AWS. We describe the AWS services that can help you manage Windows servers at scale and realize the maximum benefit of the cloud. In addition, we show you how to build simple and effective solutions to manage logging, configuration drift, inventory, licensing, and more. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
Identity Round Robin Workshop - Serverless Round: Security Week at the San Francisco Loft
Start the day off by learning how to properly configure identity and access controls for a serverless application built with Amazon S3, Amazon CloudFront, and Amazon Cognito. With a combination of talking and hands-on exercises we will be diving into AWS IAM policy types to better understand the differences and learn how the policy evaluation logic works. We will also be diving into how you can use Cognito User Pools for user management within your serverless applications.
Level: 300
Speaker: Jesse Fuchs - Sr. Solutions Architect, AWS
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
In this workshop, create guardrails to ensure governance is applied and identify when people stray. This session will deep dive into AWS Landing Zone, AWS Organizations, AWS Config, and Identity and Access Management. We will focus on the Operational Excellence and Security pillar best practices, of the AWS Well-Architected Framework, using a multi-account strategy. We address the architectural and operational decisions you need to make. In the cloud, you can start at the core and create defense in depth at the individual resource level. This session is designed for security and compliance practitioners interested in estate management, auditing of infrastructure, advanced IAM techniques, and overall governance management.
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn about the AWS best practice recommendations for setting up your environment
- Learn how the automated AWS Landing Zone solution can set up a baseline environment in just a few hours
- Learn how you can extend the AWS Landing Zone to meet your organization's requirements
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
Every startup should build with security and protection of customer data as their number one priority, ensuring services are properly architected, monitored and secured. This presentation covers a wide range of best practices from MFA, root accounts, MDM, controlled network access and incident response. You'll learn key principles of how to build a secure organization to protect your data and best practices you should be applying even before your service launches.
Speaker: Ahmed Gouda, Solutions Architect, AWS
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: operating systems, services and applications control responsibilities, the automation of security baselines, the configuration of security, and the auditing of controls for AWS customer infrastructure. You'll learn key principles of how to build a secure organization and protect your customers' data. Don't wait until your first security incident before putting these best practices in place.
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Amazon Web Services
Ever wonder why some companies are able to achieve business goals around Amazon Redshift adoption at breakneck speed? Does figuring out the right architecture for a Amazon Redshift deployment for your organization keep you up at night? Proven patterns and “quickstart” environments are the keys to success. As a stakeholder in your company’s success, you want to bring a clear and concise business solution to the table that fits the business need. In this session, we focus on using infrastructure as code to present a variety of common Amazon Redshift deployment patterns used across other AWS customers so that you can hit the ground running. Additionally, presentations coupled with hands-on labs reinforce the patterns presented in this session.
Similar to Security Automation using AWS Management Tools (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.