Technology Thought Leadership: Shuman Ghosemajumder

•

2 likes•630 views

Amazon Web Services

Technology Thought Leadership: Shuman Ghosemajumder, CTO, Shape Security AWS San Francisco Startup Day, 9/7/17

DEVELOPMENT
GROWTH
INCIDENT
NEW
DEFENSES

“Is it ethical to market and sell
technology that leaves
consumers and their homes
vulnerable to hackers?”

Open Web Application Security Project (OWASP) Top 10

3,301,824,415
passwords reported stolen last year

Credential Stuffing at Sony (2011)
15 million
credentials
leaked
93,000 matches on Sony site =
93,000 user accounts breached

Botnets defeat all IP-based defenses
15 million
credentials
leaked
93,000 matches on Sony site =
93,000 user accounts breached
Botnet tests for
password reuse

Sentry MBA
Sentry MBA
Sentry MBA
Sentry MBA
Sentry MBA
Sentry MBA

Credential stuffing kill chain
Stolen
credentials
Botnets, cloud
hosting, proxies
Login behavior
simulation tools
CAPTCHA
solving tools
starting: $0 $2 per 1000 IPs $50 per site config $1.39 per 1000

Prevention
Real-Time
Detection
Batch
Detection &
Investigation
Reactive
Investigation
Generalized
Attack Mitigation
Framework

Removing Attack
Incentives
Reducing Attack
Surface
Disrupting &
Deflecting
Attacks
Real-Time
Detection
Near
Real-Time
Detection
Batch
Detection Rules
Data
Feeds
Proactive
Manual
Investigation Reactive
Manual
Investigation
Generalized
Attack Mitigation
Framework

Attacks
stop
Attacks
blocked
Attacks
revealed

Amazon AI services bring natural language understanding (NLU), automatic speech recognition (ASR), visual search and image recognition, text-to-speech (TTS), and ML technologies within the reach of every developer. In this session, we will dive deep into 2 specific AWS services: Amazon Lex and Amazon Polly. Amazon Lex uses the same technology as Amazon Alexa to provide advanced deep learning functionalities of automatic speech recognition (ASR) and natural language understanding (NLU) to enable you to build applications with conversational interfaces, commonly called chatbots. Amazon Polly is a service that turns text into lifelike speech. Polly lets you create applications that speak in over two dozen languages with a wide variety of natural sounding male and female voices to enable you to build entirely new categories of speech-enabled products.

Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019

Amazon Web Services

As containers become the commonplace method for delivering and deploying applications, we’ve seen more of our customers taking a “lift-and-shift” approach to migrating their existing applications. In this session, John Morello from Twistlock discusses a non-profit that provides environmental science and engineering oversight to some of the world’s largest civil waterworks projects. This organization relies on a critical 14-year-old app that models storm surge. The move to containers for this application delivered immediate benefits, making it easier to manage vulnerabilities, ensure regulatory compliance, and provide runtime defense. In this session, we break down the security advantages of containers relative to traditional architectures.

Building an Automated Security Fabric in AWS

Amazon Web Services

Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...

Amazon Web Services

Over the last 7 years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of Security at Alert Logic, and Zach Vinduska, VP of IT Infrastructure and Security at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 Security Operations Center can help you quickly detect threats, verify them as incidents, and support you in responding quickly and effectively.

SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...

Amazon Web Services

For Vanguard, managing the creation of AWS Identity and Access Management (IAM) objects is key to balancing developer velocity and compliance. In this session, you will learn how Vanguard designs IAM roles to control the blast radius of AWS resources and maintain simplicity for developers. Vanguard will also share best practices to help you manage governance and improve your visibility across your AWS resources.

AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs

Amazon Web Services

Because of AWS’ scale, customers inherit the robust security protocols AWS employs in their own data centers. Protecting our customers’ data is our first priority and we have architected our data centers to operate securely. We also offer numerous services so that customers running on AWS can build specific cloud-enabled solutions that improve security and can provide greater protection than on premises.

ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...

Amazon Web Services

Learn what it takes to accomplish both security and speed in your AWS environment - beyond the basics. We will walk through real-world examples of contention and collaboration points common in organizations running continuous delivery models. Additionally, we’ll offer simple tips for auditing, monitoring and investigating suspicious activity across users, processes, network connections, and file access.

As Public Sector development teams transition to cloud-based architectures and adopt more agile processes, the tools they need to support their development cycles will change. In this session, we'll take you through the transition that Amazon made to a service-oriented architecture over a decade ago. We will share the lessons we learned, the processes we adopted, and the tools we built to increase both our agility and reliability. We will also introduce you to the AWS Code family services which were born out of Amazon's internal DevOps experience and are utilised by many Public Sector customers globally. Mario Vlachakis, Solutions Architect, AWS

Building a security knowledge management platform for AWS - FND224 - AWS re:I...

Amazon Web Services

Learn about how AWS security built a security knowledge management platform to distribute guidance at the scale of the AWS organization using Amazon API Gateway, AWS Lambda, Amazon RDS, and Amazon S3. This platform defines the AWS security bar and empowers AWS with the knowledge that is needed to build secure products and protect customer data. In this session, we look at how the content is consumed by tools and how it powers automated threat modeling for security reviews.

Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019

Amazon Web Services

Developers want to build quickly and deliver powerful application experiences to every user. In this session, we show how you can enable agile development while securing your entire application footprint. Akamai’s intelligent edge security solutions surround and extend your entire architecture for a single policy that’s adaptive, integrated, and consistently secure. Combine that with the power of AWS, and you have a total edge ecosystem that’s unparalleled in its ability to deliver and protect amazing experiences everywhere. Don’t just build—build better with Akamai.

Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit

Amazon Web Services

Encryption is an essential tool for protecting data, and your key management practices provide the means to control access to sensitive and regulated information. In this session, we provide an overview of AWS Key Management Service (AWS KMS) and show you how it integrates with encryption capabilities across AWS. We describe how customers can use AWS KMS features to gain additional control over their keys and satisfy compliance requirements. Representatives from Slack join us to describe how the company used AWS KMS to give its customers increased control and visibility over the data that Slack protects on their behalf.

re:Invent for Introverts 2021

AWS Chicago

Lambda Function Security

Amazon Web Services

Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...

Amazon Web Services

Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.

Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona

Amazon Web Services

Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019

Amazon Web Services

In agile and elastic environments, having real-time visibility into instances and ensuring that they are secure and compliant is critical. Solutions must work with your DevOps tools to provide visibility without slowing down your release cadence. In this session, Qualys shares how you can implement an AWS golden AMI pipeline that is integrated with Qualys to assess your AMIs and monitor the instances for changes in production. Learn how Ancestry uses Qualys in its CI/CD pipeline to secure its applications and track-approved AMIs. Using Qualys, Ancestry was able to reduce the vulnerabilities in its application deployments by 80 percent in a few months.

Transforming Enterprise IT - Virtual Transformation Day Feb 2019

Amazon Web Services

Speaker: Wesley Wilks, Dan Gallivan As more and more enterprises start down the path of their digital transformation, the pressure on their IT organizations to support innovation across the business couldn’t be higher. In this session, we will outline a number of cutting-edge technologies as well as an operating model that will allow IT to position itself as a business enabler and not a blocker. We will be sharing some mechanisms that will enable the IT organization to meet the pace of innovation that is being set by the business while giving them the flexibility to leverage existing assets. AWS Transformation Day is designed for enterprise organizations looking to make the move to the cloud in order to become more responsive, agile and innovative, while still staying secure and compliant. Join us for this virtual event and we'll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services. We recommend this event for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud.

A security-first approach to delivering end-user computing services - FND327 ...

Amazon Web Services

"Enterprise customers in regulated industries often struggle to meet security and data sovereignty requirements for desktop applications and mobile workers. End-user devices present the challenge of risky endpoints, making critical data vulnerable to attack, loss, or theft. With AWS, you can improve security and compliance by centrally managing endpoints within your VPC without the cost and complexity of on-premises solutions. AWS makes data delivered on end-user devices ephemeral so that employees can access internal applications from personal devices without a local trusted network. Learn how AWS improves security and reduces cost by moving data to the cloud while providing secure, fast access to desktop applications and data.

Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...

Amazon Web Services

AWS recently announced root certificate authority (CA) hierarchies for AWS Certificate Manager (ACM) Private CA. CA administrators can now quickly and easily create a complete CA hierarchy, including root and subordinate CAs, with no need for external CAs. In this presentation, we provide an overview of ACM Private CA and discuss some common use cases, such as issuing private certificates in order to identify devices. You learn how to create a two-level CA hierarchy and use it to issue private certificates. You also learn security best practices for creating and managing a CA hierarchy, and you have a chance to ask questions.

NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...

Amazon Web Services

Microservices on AWS: Architectural Patterns and Best Practices | AWS Summit ...

AWS Summits

This session is the first of 5 sessions that will cover a fully functioning system we have built to demonstrate how to rapidly develop systems using the AWS platform. This session we will start with a demo and an architecture review in which we will break into the different subsystems. In the second part of the session we will zoom into the Microservices part of the solution.Microservices are an architectural and organizational approach to software development where software is composed of small independent services that communicate over well-defined APIs. This session demonstrates the use of services like Amazon ECS, AWS Cloud Map and Amazon API Gateway and can help you understand where you can utilize microservices architecture in your own organization and understand areas of potential savings and increased agility.

The economics of incidents, and creative ways to thwart future threats - SEP3...

Amazon Web Services

Walk through the threat landscape, looking at what has happened over the last year. Learn about the best tools to have in your architecture currently and in the future to help you detect and deal with the threats of this year and the next. Identify where these threats are coming from, and learn how to detect them more easily. The information in this session is provided by various teams and sources.

Keynote

Amazon Web Services

Building the Organisation of the Future: Leveraging Artificial Intelligence a...

Amazon Web Services

Artificial intelligence and machine learning are no longer the stuff of science fiction. Organisations of all sizes are using these tools to create innovative artificial intelligences applications – namely, Amazon.com's own retail experience. Join us for an inside look at how Amazon thinks about this technology, and hear from Skinvision on how they’re using machine learning for early skin-cancer detection. Through these stories, gain insight into a range of new machine learning services on AWS for use in your own business. Breght Boschker, CTO, Skinvision Miguel Rojo Rossi, Solutions Architect Lead, AWS

How encryption works in AWS: What assurances do you have that unauthorized us...

Amazon Web Services

Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe.

Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...

Amazon Web Services

This workshop provides a hands-on opportunity for you to learn to use machine learning (ML) via Amazon SageMaker in your security pipeline. You are guided through the process of feeding data from AWS CloudTrail and Amazon GuardDuty into Amazon SageMaker in order to augment GuardDuty findings. You’ll receive an introduction to Amazon SageMaker and leverage the IP Insights algorithm to train a model based on IP addresses in the CloudTrail logs. This model is used to score IP addresses from GuardDuty findings to gain additional threat information about alerts, enabling security operators to better prioritize alerts for further action.

An Introduction to AWS IoT - Web Summit Lisbon

Boaz Ziniman

Insights success the 10 best performing cyber security solution providers 4th...

Insights success media and technology pvt ltd

The Importance of Cybersecurity in 2017

R-Style Lab

What's hot

DevOps: The Amazon Story

Amazon Web Services

Building a security knowledge management platform for AWS - FND224 - AWS re:I...

Amazon Web Services

Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019

Amazon Web Services

Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit

Amazon Web Services

re:Invent for Introverts 2021

AWS Chicago

Lambda Function Security

Amazon Web Services

Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...

Amazon Web Services

Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona

Amazon Web Services

Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019

Amazon Web Services

Transforming Enterprise IT - Virtual Transformation Day Feb 2019

Amazon Web Services

A security-first approach to delivering end-user computing services - FND327 ...

Amazon Web Services

Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...

Amazon Web Services

NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...

Amazon Web Services

Microservices on AWS: Architectural Patterns and Best Practices | AWS Summit ...

AWS Summits

The economics of incidents, and creative ways to thwart future threats - SEP3...

Amazon Web Services

Keynote

Amazon Web Services

Building the Organisation of the Future: Leveraging Artificial Intelligence a...

Amazon Web Services

How encryption works in AWS: What assurances do you have that unauthorized us...

Amazon Web Services

Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...

Amazon Web Services

An Introduction to AWS IoT - Web Summit Lisbon

Boaz Ziniman

What's hot (20)