Shared Responsibility In Action

•

5 likes•1,359 views

An examination of how the shared responsibility model for cloud security works in the real world. Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.

Software

SHARED RESponsibility
in action
@marknca

Mark Nunnikhoven
Vice President, Cloud & Emerging Technologies
Trend Micro
@marknca

TRADITIONAL ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization

SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Conﬁg
More info on the model is available at h‫מּ‬p://aws.amazon.com/security

SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Conﬁg
Verify
Compliance information available at h‫מּ‬p://aws.amazon.com/compliance

Physical
Network
Virtualization
Operation System
Application
Data
DIY SaaSIaaS PaaS
*you

BETTER SERVICE TYPES
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Infrastructure
Abstract
Container

SERVICE Examples
Fantastic reference by AWS’ Mark Ryland at h‫מּ‬p://4mn.ca/ZZeDbA
Service Type *aaS
SQS, S3, Route53 Abstract SaaS
RDS, EMR, OpsWorks Container PaaS
EC2, EBS, VPC Infrastructure IaaS

More responsibilities
Less responsibilities

Critical embargoed bug discovered in Xen, details at h‫מּ‬p://4mn.ca/1rcXTTN

A small percentage on instances scheduled for a reboot

ACTIONS TO TAKE
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Nothing for cloud-native architectures
Manage availability
For EC2
Nothing for Multi-AZ instances
Standard maintenance window for
single instances
For RDS

CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption

A‫מּ‬ack forces an older cipher choice. Details at h‫מּ‬p://4mn.ca/1EYfBEA

ACTIONS TO TAKE
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Select a non-aﬀected cipher suite
For ELB
Enable TLS_FALLBACK_SCSV
Disable support for SSL 3.0*
For Web Servers

More info on bash is available at h‫מּ‬p://www.gnu.org/soﬞware/bash/

10/10 vulnerability. Widespread & easy to exploit
(){}; attacka:() { b; } | a‫מּ‬ack;

ACTIONS TO TAKE
Update bash
Use an intrusion prevent system
For EC2

Applied at the boundary
Majority of security controls are traditionally applied at the boundary

Same controls applied in the AWS Cloud, now to each instance
Applied to each instance

@marknca
Thank you.Learn more at testdrive.trendmicro.com

What's hot

CSS17: Dallas - The AWS Shared Responsibility Model in Practice

Alert Logic

The AWS Shared Security Responsibility Model in Practice

Alert Logic

AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives. View a recording of the webinar based on this presentation on YouTube here: http://youtu.be/rXPyGDWKHIo

Journey Through The Cloud - Security Best Practices

Amazon Web Services

10월 29일에 있었던 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다. 내용 요약: 이 세션에서는 IT 운영 및 관리 방식에 변화를 가져온 AWS의 서비스들에 대해 알아보고, IT 운영 가시성을 향상시켜주는 AWS 클라우드의 다양한 기능과 엔터프라이즈 조직에서의 DevOps 문화, 더 넓은 범위에 대한 상세한 모니터링과 운영 분석 등 향상된 IT 관리환경이 주는 이점 등 클라우드가 IT 시스템 관리 전반에 가져온 새로운 기회들에 대해서도 알아보도록 하겠습니다.

AWS Enterprise Summit - AWS로 IT 운영 및 관리 재편하기 - 양승도

Amazon Web Services Korea

CSS17: Atlanta - The AWS Shared Responsibility Model in Practice

Alert Logic

Introduction to AWS Security

LalitMohanSharma8

The AWS Shared Responsibility Model in Practice

Alert Logic

Vortrag "Einführung - Compliance mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P Das AWS Compliance-Programm ist der Schlüssel für Kunden, um die von AWS getroffenen technischen und organisatorischen Maßnahmen zu verstehen, welche getroffen werden, um Kundendaten zu sichern. Der Vortrag wird einen Einblick in die Grundlagen der Verfahren von ISO270xx, SOC1/2/3 und PCI DSS geben. Auch werden wir uns dem Lesen dieser Zertifikate und Berichte widmen, um deren Inhalt mit den typischen Fragen und Voraussetzungen von Datenverarbeitung, Verfügbarkeit und Risikoabsicherung zu verbinden.

Einführung „Compliance mit AWS" - AWS Security Web Day

AWS Germany

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

Intro to AWS: Security

Amazon Web Services

CSS17: DC - The AWS Shared Responsibility Model in Practice

Alert Logic

Security and Compliance in the Cloud

Amazon Web Services

Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin

Amazon Web Services

From the Trenches: Building Comprehensive and Secure Solutions in AWS

Alert Logic

AWS Security for Financial Services

Amazon Web Services

Security and compliance automation have become the most important drivers for IT Transformation to the cloud. Foundational cloud security services provide an unprecedented capability to ensure your cloud platform is secure, programmatically monitored, and adaptive. This session will demonstrate how Federal and Enterprise customers are embracing adaptive techniques in managing their most critical application workloads.

Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...

Amazon Web Services

Security & Compliance in AWS

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Iolaire Mckinnon, Senior Consultant - Security, Risk & Compliance, Professional Services, AWS

AWS Shared Responsibility Model & Compliance Program Overview

Amazon Web Services

Does meeting stringent compliance requirements keep you up at night? Do you worry about having the right audit trails in place as proof? In this session, you will learn why building security in from the beginning saves you time (and painful retrofits) later, how to gather and retain audit evidence for instances that are only up for minutes or hours, and how to meet many compliance requirements and ensured that Amazon EC2 instances are immediately protected as they come online.

Compliance with AWS

Amazon Web Services

AWS Security Week: Security, Identity, & Compliance

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability and control. You have to know what you have and where it is before you can assess the environment against best practices and internal or compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says: "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish.

Understanding AWS security

Amazon Web Services

What's hot (20)

CSS17: Dallas - The AWS Shared Responsibility Model in Practice

The AWS Shared Security Responsibility Model in Practice

Journey Through The Cloud - Security Best Practices

AWS Enterprise Summit - AWS로 IT 운영 및 관리 재편하기 - 양승도

CSS17: Atlanta - The AWS Shared Responsibility Model in Practice

Introduction to AWS Security

The AWS Shared Responsibility Model in Practice

Einführung „Compliance mit AWS" - AWS Security Web Day

Intro to AWS: Security

CSS17: DC - The AWS Shared Responsibility Model in Practice

Security and Compliance in the Cloud

Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin

From the Trenches: Building Comprehensive and Secure Solutions in AWS

AWS Security for Financial Services

Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...

Security & Compliance in AWS

AWS Shared Responsibility Model & Compliance Program Overview

Compliance with AWS

AWS Security Week: Security, Identity, & Compliance

Understanding AWS security

Viewers also liked

In Depth: AWS Shared Security Model

Amazon Web Services

The AWS Shared Security Responsibility Model in Practice

Amazon Web Services

Cloudsolutionday 2016: DevOps workflow with Docker on AWS

AWS Vietnam Community

Amazon Web Services Security

Jason Chan

Information Security in AWS - Dave Walker

East Midlands Cyber Security Forum

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Getting Started with AWS Security

Amazon Web Services

You can help maintain control of your environment by choosing the right AWS security tools. In this webinar, we show how AWS Identity and Access Management (IAM), AWS Config Rules, and AWS Cloud Trail can help you maintain that control. In a live demo, we show you how to track changes, monitor compliance, and keep an audit record of API requests. Learning Objectives: • Learn what IAM is and how to leverage it appropriately. • Gain familiarity with how to track changes and monitor for compliance. • Keep an audit record of API requests for reporting purposes. • Understand how these services complement each other.

Introduction to Three AWS Security Services - November 2016 Webinar Series

Amazon Web Services

Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

Amazon Web Services

Shared Responsibility in Accountability

EduSkills OECD

The AWS Shared Security Responsibility Model in Practice

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture. Speakers: Rob Whitmore, AWS Solutions Architect

Introduction to AWS Security

Amazon Web Services

Join ClearScale and AWS to learn how the San Jose Water Company worked with ClearScale to leverage Docker and the latest AWS DevOps tools including Amazon ECS, Amazon EC2 Container Registry (ECR) and AWS CodePipeline, to deliver new app features faster, with lower overhead. Gaining a competitive edge in the modern business landscape often depends on delivering apps with small, quick changes that create faster time-to-market, with focused value for the end customer. Successful companies adopt a DevOps model that automates continuous app delivery and may use a software containerization platform, both to accelerate releases and reduce risk. ClearScale is an AWS DevOps Premier Consulting Partner that helps decrease your time to market, governance and compliance risks, and lower your operational costs. Join us to learn: • The advantages of DevOps on AWS, using the latest AWS tools and Docker • Best practices to design and deploy containers on AWS, based on experiences of the San Jose Water Company • Learn from ClearScale experts about proven automation techniques for DevOps on AWS Who should attend: CTOs, CIOs, CISOs, VPs of Engineering, VPs of Development, Business Development Directors, Senior Development Managers, Senior Architects, Business Development Managers

ClearScale: Continuous Automation with Docker on AWS

Amazon Web Services

Shared Responsibility and Setting Up Secure Account Structures

Amazon Web Services

Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.

Architecting for Greater Security on AWS

Amazon Web Services

AWS Security

Amazon Web Services

Infrastructure as code: running microservices on AWS using Docker, Terraform,...

Yevgeniy Brikman

Viewers also liked (16)

In Depth: AWS Shared Security Model

The AWS Shared Security Responsibility Model in Practice

Cloudsolutionday 2016: DevOps workflow with Docker on AWS

Amazon Web Services Security

Information Security in AWS - Dave Walker

Getting Started with AWS Security

Introduction to Three AWS Security Services - November 2016 Webinar Series

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

Shared Responsibility in Accountability

The AWS Shared Security Responsibility Model in Practice

Introduction to AWS Security

ClearScale: Continuous Automation with Docker on AWS

Shared Responsibility and Setting Up Secure Account Structures

Architecting for Greater Security on AWS

AWS Security

Infrastructure as code: running microservices on AWS using Docker, Terraform,...

Similar to Shared Responsibility In Action

Security OF The Cloud

Mark Nunnikhoven

Power Struggle: Balancing Relationships & Responsibility in the Cloud

Mark Nunnikhoven

Cloud Security Alliance's GRC Stack Overview

Valdez Ladd MBA, CISSP, CISA,

While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline four strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools. Andrew Watts-Curnow, Solutions Architect, Amazon Web Services, ASEAN Justin Foster, CISSP Head of Cloud Workload Security, Trend Micro

3 Secrets to Becoming a Cloud Security Superhero

Amazon Web Services

Before beginning the migration process, organizations need a deep understanding the what they have in their current environment. CloudScape from RISC Networks provides organizations with actionable data about the applications and data in their on-premises environment to properly formulate a plan for migration. RISC Networks breaks down this process in four phases: agentless discovery of data, add intelligence to the data, consume the intelligence, and act on the intelligence. These crucial steps help organizations determine which applications should be moved to the cloud before others, and which ones to retire. Leveraging the tools provided by RISC Networks to begin your migration to AWS ensures that your organization will have a total understanding of your entire infrastructure and a tailored migration plan. Once migrated to AWS, RISC Networks continues to track application analytics, to ensure they are working properly.

Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis

RISC Networks

When choosing to migrate to the cloud, many organizations struggle with the amount of information about their existing infrastructure. CloudScape by RISC Networks analyzes their existing environment to quickly identify which applications to retire and which ones to migrate to the AWS Cloud; thus simplifying the migration process. Join the upcoming webinar in which RISC Networks, AWS, and Turner Broadcasting will be discussing how Turner Leveraged RISC Networks CloudScape to simplify their migration process. Customer Presenter: Don Browning, VP of Cloud Architecture, Turner Broadcasting Partner Presenter: Jeremy Littlejohn, RISC Networks AWS Presenter: Carmen Puccio, Solutions Architect

Simplify Migration with RISC Network’s Complete App Analysis

Amazon Web Services

This presentation covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.

Cloud Reference Architecture - Part 1 Foundation

Ammar Hasayen

Providing development and engineering teams with access to cloud resources introduces challenges around deploying the proper security policies. Organizations need automated security solutions that enable their engineers to spin up their own secure environments for application development with a push of a button. Join our upcoming webinar with Palo Alto Networks, REAN Cloud, and AWS, to learn how organizations are leveraging Palo Alto Networks VM-Series and REAN Cloud to build a simple, fast, and automated solution on AWS that helps provision secure environments for developers.

Automate the Provisioning of Secure Developer Environments on AWS PPT

Amazon Web Services

Cloud Security (AWS)

Scott Arveseth

Organizations that are transitioning from a traditional data center to an on-demand IT environment, such as AWS, are quickly finding that automating and scaling legacy security services for comprehensive workload security can be challenging. In light of these challenges, it is necessary to deploy a security solution that employs the same versatility and elasticity as the cloud workloads it is meant to protect. CloudPassage® Halo® provides virtually instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds like AWS. Join Xero and CloudPassage to learn about best practices for migrating your security workloads to the cloud. Join us to learn: - Best practices for maintaining workload security - How you can align cloud security deployment methods with on-premises deployment methods - Key considerations for architecting your infrastructure to scale quickly and securely Who should attend: CTOs, CIOs, CISOs, Directors and Managers of Security, IT Administers, IT Architects and IT Security Engineers

CloudPassage Best Practices for Automatic Security Scaling

Amazon Web Services

Learn how to leverage AWS and security super friends like Trend Micro to create an impenetrable fortress for your AWS workloads, without hindering performance or agility. Join this session and learn three cloud security super powers that will help you thwart villains interested in your workloads. We will walk through three stories of Amazon EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools. Join us to learn: • Design a workload-centric security architecture • Improve visibility of AWS-only or hybrid environments • Stop patching live instances but still prevent exploits

3 Secrets to Becoming a Cloud Security Superhero

Amazon Web Services

Governance, risk, and control of technology is critical for the performance of any organization’s assurance management process. In practice, implementation of this is a near impossible task given the constantly evolving regulatory landscape, massive amounts of incoming and outgoing data, and business units working within siloes. However, through automation, IT departments and compliance teams can efficiently support numerous audit demands imposed on organizations within highly regulated industries like Financial Services, Healthcare, and Life Science. AWS will share best practices around infrastructure design, configuration set-up, and monitoring to augment your compliance operating model so that you can easily automate updates and real-time notifications to take human error out of your compliance functions and demonstrate comprehensive governance of your business. Learning Objectives: • Learn what an comprehensive governance model looks like • Learn why it's important for an organization to automate in its 3 lines of defense – operations, compliance, and internal audit • Learn what AWS services you can enable to Who Should Attend: • Technology risk managers, third-party risk managers, compliance officers, information security executives

Automating Compliance Defense in the Cloud - September 2016 Webinar Series

Amazon Web Services

Rackspace provides a comprehensive set of tooling and expertise on AWS that further unlocks your ability to secure your environment efficiently and cost effectively. The dynamic environment of data, applications, and infrastructure can pose challenges for businesses trying to manage security while following compliance regulations. To mitigate these challenges, businesses need a scalable security solution to ensure their data is safe, secure, and stable. In this webinar, Brad Schulteis, Jarret Raim and Todd Gleason will discuss the topic of security control requirements on AWS through the lens of three common compliance scenarios: HIPAA, PCI-DSS, and generalized security compliance based on the NIST Risk Management Framework. Watch our webinar to learn how Rackspace combines AWS and security expertise with tools like AWS CloudFormation, AWS CodeCommit and AWS CodeDeploy to help customers meet their security and compliance needs. Join us to learn: • Best practices for securely operating workloads on the AWS Cloud • Architecting a secure environment for dynamic workloads • How to incorporate Security by Design principles to address compliance needs across 3 use cases: HIPAA, PCI-DSS and generalized security compliance based on the NIST Risk Management Framework Who should attend: Directors and Managers of Security, IT Administers, IT Architects, and IT Security Engineers

Rackspace: Best Practices for Security Compliance on AWS

Amazon Web Services

Staying Secure in the Cloud

Amazon Web Services

The Trouble with Saas and Hybrid Cloud

Novosco

Getting Started with AWS Security

Amazon Web Services

Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.

(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014

Amazon Web Services

Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...

Amazon Web Services

(Pdf) yury chemerkin ita_2013

STO STRATEGY

(Pdf) yury chemerkin intelligence_sec_2013

STO STRATEGY

Similar to Shared Responsibility In Action (20)

Security OF The Cloud

Power Struggle: Balancing Relationships & Responsibility in the Cloud

Cloud Security Alliance's GRC Stack Overview

3 Secrets to Becoming a Cloud Security Superhero

Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis

Simplify Migration with RISC Network’s Complete App Analysis

Cloud Reference Architecture - Part 1 Foundation

Automate the Provisioning of Secure Developer Environments on AWS PPT

Cloud Security (AWS)

CloudPassage Best Practices for Automatic Security Scaling

3 Secrets to Becoming a Cloud Security Superhero

Automating Compliance Defense in the Cloud - September 2016 Webinar Series

Rackspace: Best Practices for Security Compliance on AWS

Staying Secure in the Cloud

The Trouble with Saas and Hybrid Cloud

Getting Started with AWS Security

(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014

Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...

(Pdf) yury chemerkin ita_2013

(Pdf) yury chemerkin intelligence_sec_2013

More from Mark Nunnikhoven

Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud. This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.

Advanced Security Automation Made Simple

Mark Nunnikhoven

AWS re:Invent 2017 re:View

Mark Nunnikhoven

Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run. Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team. It doesn't have to be that way. Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem. When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on. In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture. Presented at BC Aware Day, 31-Jan-2017

Security Teams & Tech In A Cloud World

Mark Nunnikhoven

Defending your workloads with aws waf and deep security

Mark Nunnikhoven

AWS re:Invent 2015 re:Cap

Mark Nunnikhoven

When it hits the fan, one of the first questions that you get asked is "Who did this?". And like any good mystery, trying to find the attacker takes many twists and turns. There's a trail of evidence, a red herring or two, and the inevitable plot twist before the final reveal. Unfortunately, despite what you see on TV, in the movies, or even in the press, attack attribution is hard. In face, it's one of the hardest problems in information security today. In this talk, we use real world examples to work through what it takes to properly make the connection between attack and attacker. Looking at real world techniques used to gather and validate evidence, we'll examine what it takes for that evidence to hold up to cross examination. We'll look at the role each of your security controls play in the attribution process and the steps you can take to immediately make attribution easier. Come learn what it takes to actually prove who the attacker is and where attribution fits into your daily security practice.

Whodunit, The Mechanics of Attack Attribution

Mark Nunnikhoven

Software-defined networking is the latest technology in a move to abstract a variety of data center resources. As more and more of the data center is defined in code, some unique security challenges come to the fore. In this session, we'll explore both sides of the security challenge. What types of controls and implementations are required to define security as part of your infrastructure code? What challenges does maintaining an infrastructure codebase present? You'll learn not only how to integrate security into your infrastructure code but also how to properly and securely manage that codebase.

Infrastructure as (Secure) Code

Mark Nunnikhoven

Updating Security Operations For The Cloud

Mark Nunnikhoven

This talk looks at the challenges we face as a defender today by examining several recent, prominent breaches and one of their common causes. The first 2/3 of this talk are the same as "Is That Normal?" (http://www.slideshare.net/marknca/is-that-normal-behaviour-modelling-on-the-cheap) but in the last 3rd, instead of diving in the the mechanics of behavioural analysis, this talk looks at what we should be doing with the results. Originally presented at the Gartner Security & Risk Management Summit in London, 08-Sep-2014

The Most Common Failure With Today's Defences

Mark Nunnikhoven

Originally presented at BSides Ottawa on 06-Sep-2014, this talk lays out the challenges faced by todays defender (for context), the gap in our current defensive strategies (what we'll address), and explains how to start a basic behavioural analysis practice with minimal investment. Remember this is a BSides presentation so there may be some language which causes a double-take ;-) Open with caution.

Is That Normal? Behaviour Modelling On The Cheap

Mark Nunnikhoven

More from Mark Nunnikhoven (10)

Advanced Security Automation Made Simple

AWS re:Invent 2017 re:View

Security Teams & Tech In A Cloud World

Defending your workloads with aws waf and deep security

AWS re:Invent 2015 re:Cap

Whodunit, The Mechanics of Attack Attribution

Infrastructure as (Secure) Code

Updating Security Operations For The Cloud

The Most Common Failure With Today's Defences

Is That Normal? Behaviour Modelling On The Cheap

Recently uploaded

Agnieszka Andrzejewska - BIM School Course in Kraków

bim.edu.pl

Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Tier1 app

Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload. Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.

Designing for Privacy in Amazon Web Services

KrzysztofKkol1

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

KnowledgeSeed

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

informapgpstrackings

Into the Box 2024 - Keynote Day 2 Slides.pdf

Ortus Solutions, Corp

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

rajkumar669520

Skilrock is an igaming technology platform & lottery software provider to the Global Lottery & Gaming Industry with a strong presence across continents. As part of the $2.4 billion SUGAL & DAMANI GROUP, Skilrock leverages the group's extensive domain experience to offer the INFINITI gaming platform - a true Omni-Channel, Omni-Gaming Platform that can serve any lottery or gaming operator anywhere in the world. INFINITI serves Retail, iGaming & Self Service Channels with equal ease and at the same time supports a wide variety of games like Lotto, Keno, Bingo, Instant, Sports, Poker, Rummy, Casino and Slots. Our popular solutions are Scratch Lottery, Retail Lottery, Instant Lottery and other igaming and lottery solutions.

iGaming Platform & Lottery Solutions by Skilrock

Skilrock Technologies

In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey. Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience. Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system. Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Natan Silnitsky

Top Mobile App Development Companies 2024

XongoLab Technologies LLP

De mooiste recreatieve routes ontdekken met RouteYou en FME

Jelle | Nordend

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Lu Qiu (Data & AI Platform Tech Lead, @Alluxio) - Siyuan Sheng (Senior Software Engineer, @Alluxio) Speed and efficiency are two requirements for the underlying infrastructure for machine learning model development. Data access can bottleneck end-to-end machine learning pipelines as training data volume grows and when large model files are more commonly used for serving. For instance, data loading can constitute nearly 80% of the total model training time, resulting in less than 30% GPU utilization. Also, loading large model files for deployment to production can be slow because of slow network or storage read operations. These challenges are prevalent when using popular frameworks like PyTorch, Ray, or HuggingFace, paired with cloud object storage solutions like S3 or GCS, or downloading models from the HuggingFace model hub. In this presentation, Lu and Siyuan will offer comprehensive insights into improving speed and GPU utilization for model training and serving. You will learn: - The data loading challenges hindering GPU utilization - The reference architecture for running PyTorch and Ray jobs while reading data from S3, with benchmark results of training ResNet50 and BERT - Real-world examples of boosting model performance and GPU utilization through optimized data access

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Alluxio, Inc.

Unlocking Business Potential: Tailored Technology Solutions by Prosigns Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support. Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth. Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices. AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making. Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency. DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration. Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly. Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business. Join us on a journey of innovation and growth. Let's partner for success with Prosigns.

Prosigns: Transforming Business with Tailored Technology Solutions

Prosigns

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.

Cyaniclab : Software Development Agency Portfolio.pdf

Cyanic lab

Vitthal Shirke Microservices Resume Montevideo

Vitthal Shirke

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Eric Wang (Software Engineer, @Uber) Uber has numerous deep learning models, most of which are highly complex with many layers and a vast number of features. Understanding how these models work is challenging and demands significant resources to experiment with various training algorithms and feature sets. With ML explainability, the ML team aims to bring transparency to these models, helping to clarify their predictions and behavior. This transparency also assists the operations and legal teams in explaining the reasons behind specific prediction outcomes. In this talk, Eric Wang will discuss the methods Uber used for explaining deep learning models and how we integrated these methods into the Uber AI Michelangelo ecosystem to support offline explaining.

AI/ML Infra Meetup | ML explainability in Michelangelo

Alluxio, Inc.

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

XfilesPro

Breaking the Code : A Guide to WhatsApp Business API.pdf

Meon Technology

Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ? Venez le découvrir lors de cette session ignite

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Anthony Dahanne

Recently uploaded (20)

Agnieszka Andrzejewska - BIM School Course in Kraków

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Designing for Privacy in Amazon Web Services

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

Into the Box 2024 - Keynote Day 2 Slides.pdf

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

iGaming Platform & Lottery Solutions by Skilrock

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Top Mobile App Development Companies 2024

De mooiste recreatieve routes ontdekken met RouteYou en FME

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Prosigns: Transforming Business with Tailored Technology Solutions

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

Cyaniclab : Software Development Agency Portfolio.pdf

Vitthal Shirke Microservices Resume Montevideo

AI/ML Infra Meetup | ML explainability in Michelangelo

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

Breaking the Code : A Guide to WhatsApp Business API.pdf

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Shared Responsibility In Action

1. SHARED RESponsibility in action @marknca

2. Mark Nunnikhoven Vice President, Cloud & Emerging Technologies Trend Micro @marknca

3. Modelling security on AWS

4. TRADITIONAL ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization

5. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Conﬁg More info on the model is available at h‫מּ‬p://aws.amazon.com/security

6. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Conﬁg Verify Compliance information available at h‫מּ‬p://aws.amazon.com/compliance

7. Physical Network Virtualization Operation System Application Data DIY SaaSIaaS PaaS *you

8. BETTER SERVICE TYPES From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Infrastructure Abstract Container

9. SERVICE Examples Fantastic reference by AWS’ Mark Ryland at h‫מּ‬p://4mn.ca/ZZeDbA Service Type *aaS SQS, S3, Route53 Abstract SaaS RDS, EMR, OpsWorks Container PaaS EC2, EBS, VPC Infrastructure IaaS

10. Less responsibilities

11. More responsibilities Less responsibilities

12. Options : Responsibilities

13. Re:Boot

14. Critical embargoed bug discovered in Xen, details at h‫מּ‬p://4mn.ca/1rcXTTN

15. A small percentage on instances scheduled for a reboot

16. ACTIONS TO TAKE From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Nothing for cloud-native architectures Manage availability For EC2 Nothing for Multi-AZ instances Standard maintenance window for single instances For RDS

17. POODLE

18. CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption

19. A‫מּ‬ack forces an older cipher choice. Details at h‫מּ‬p://4mn.ca/1EYfBEA

20. ACTIONS TO TAKE From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Select a non-aﬀected cipher suite For ELB Enable TLS_FALLBACK_SCSV Disable support for SSL 3.0* For Web Servers

21. Shellshock

22. More info on bash is available at h‫מּ‬p://www.gnu.org/soﬞware/bash/

23. 10/10 vulnerability. Widespread & easy to exploit (){}; attacka:() { b; } | a‫מּ‬ack;

24. ACTIONS TO TAKE Update bash Use an intrusion prevent system For EC2

25. Applied at the boundary Majority of security controls are traditionally applied at the boundary

26. Same controls applied in the AWS Cloud, now to each instance Applied to each instance

27.

28.

29. Options : Responsibilities

30. @marknca Thank you.Learn more at testdrive.trendmicro.com

Shared Responsibility In Action

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (16)

Similar to Shared Responsibility In Action

Similar to Shared Responsibility In Action (20)

More from Mark Nunnikhoven

More from Mark Nunnikhoven (10)

Recently uploaded

Recently uploaded (20)

Shared Responsibility In Action