The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be mitigated and remediated automatically using services like Lambda, WAF, Shield, and Systems Manager to improve security posture.
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be remediated using network services like WAF, Shield, and automation tools like Lambda, Systems Manager, and partner solutions.
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortages, high signal-to-noise ratios, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, and GuardDuty can be used to detect threats through log data and machine learning. The document also discusses how threats can be remediated through network services like WAF, automation tools like Lambda, and partner solutions.
Secure and Automate AWS Deployments with Next Generation SecurityAmazon Web Services
The document discusses secure and automated AWS deployments using next generation security tools. It describes how traditional threat detection is difficult due to skills shortages, noise in large datasets, and humans being overwhelmed by data. It then outlines several AWS services like CloudTrail, VPC Flow Logs, and CloudWatch Logs that can provide threat detection data inputs. It also discusses machine learning tools like GuardDuty and Macie that can automate threat detection. The document provides examples of what kinds of threats these tools can detect and how threats can be remediated through network tools, triggers, and response workflows.
Modernize Your Threat Detection and Remediation Process Using Cloud ServicesAmazon Web Services
Responding to an incident requires that you're aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
We will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, Lambda, AWS Config. We will talk about how to put them all together, to have a comprehensive threat detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
by Nathan Case, Sr. Consultant, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass. Level 400
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It provides an overview of the GDPR, what it regulates, and potential consequences for non-compliance. It then outlines specific AWS services, tools, and features that can help customers implement appropriate technical and organizational measures for security, encryption, access control, monitoring, and logging as required by the GDPR. The document emphasizes that GDPR compliance is a shared responsibility between AWS as the processor and customers as controllers.
by Michael St. Onge, Global Cloud Security Architect, AWS
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise. Level 200
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be remediated using network services like WAF, Shield, and automation tools like Lambda, Systems Manager, and partner solutions.
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortages, high signal-to-noise ratios, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, and GuardDuty can be used to detect threats through log data and machine learning. The document also discusses how threats can be remediated through network services like WAF, automation tools like Lambda, and partner solutions.
Secure and Automate AWS Deployments with Next Generation SecurityAmazon Web Services
The document discusses secure and automated AWS deployments using next generation security tools. It describes how traditional threat detection is difficult due to skills shortages, noise in large datasets, and humans being overwhelmed by data. It then outlines several AWS services like CloudTrail, VPC Flow Logs, and CloudWatch Logs that can provide threat detection data inputs. It also discusses machine learning tools like GuardDuty and Macie that can automate threat detection. The document provides examples of what kinds of threats these tools can detect and how threats can be remediated through network tools, triggers, and response workflows.
Modernize Your Threat Detection and Remediation Process Using Cloud ServicesAmazon Web Services
Responding to an incident requires that you're aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
We will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, Lambda, AWS Config. We will talk about how to put them all together, to have a comprehensive threat detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
by Nathan Case, Sr. Consultant, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass. Level 400
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It provides an overview of the GDPR, what it regulates, and potential consequences for non-compliance. It then outlines specific AWS services, tools, and features that can help customers implement appropriate technical and organizational measures for security, encryption, access control, monitoring, and logging as required by the GDPR. The document emphasizes that GDPR compliance is a shared responsibility between AWS as the processor and customers as controllers.
by Michael St. Onge, Global Cloud Security Architect, AWS
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise. Level 200
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
by Fritz Kunstler, Sr. AWS Security Consultant, AWS
In AWS, identity comes first. Before you can provision buckets, instances, VPCs, or any other infrastructure, you have to have an identity to authenticate and authorize those API calls. In this session, we'll rapidly immerse you in the fundamental primitives, mental models, and implementation patterns of the core AWS identity services such as AWS Identity & Access Management and AWS Organizations. With this knowledge in hand you'll be able to confidently construct a solid identity foundation for your workloads to sit atop. Level 200
The document provides an overview of threat detection and remediation services on AWS, including Amazon GuardDuty for threat detection, Amazon Macie for data security, AWS WAF for web application firewall, AWS Shield for DDoS protection, and how these services can work together for security. It describes the services' capabilities for detecting known threats using threat intelligence, detecting unknown threats using anomaly detection, and providing actionable findings to help remediate issues.
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
Introduction to Threat Detection and Remediation on AWS: AWS Security Week at the San Francisco Loft
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Level: 100
Speaker: Nathan Case - Sr. Solutions Architect, AWS
This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.
by Jeff Puchalski, Application Security Engineer, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass.
by Michael St. Onge, Global Cloud Security Architect, AWS
Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
This document discusses techniques for detecting insider threats within an AWS environment. It provides an overview of several AWS security services such as CloudTrail, GuardDuty, and Config that can be used to monitor user activity and resource configurations. The document then presents a hypothetical example where GuardDuty detects suspicious EC2 instance activity and triggers automated remediation workflows using Lambda, CloudWatch, and Systems Manager to investigate and respond to potential security incidents.
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- How to safely generate a number of Amazon GuardDuty findings
- How to analyze Amazon GuardDuty findings
- How to think about remediation of threats
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
Orion Health CISO & Ops Unite for a Secure DevOps Practice (SEC308-S) - AWS r...Amazon Web Services
The race is on. Development teams are moving fast while security teams play catch-up to protect the business. Security is often the department of ‘No’, slowing DevOps, but imagine what transpires when security says ‘Yes’ and collaborates. In this session, Marnie Wilking, CISO and Gavin Martin, VP, Operational Engineering at Orion Health, share their global AWS deployment and steps taken to facilitate cross-team collaboration. The team alignment around security and automation enabled them to a deliver a faster, more secure solution, achieve automation benefits, and meet HIPAA, HITrust, and GDPR compliance. Learn how this was achieved without slowing development and operations teams. This session is brought to you by AWS partner, Trend Micro.
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...Amazon Web Services
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS Security Week at the San Francisco Loft
In this workshop, we discuss how you should be building your runbooks and security incident report system (SIRS) using your company's real-world configuration and processes. Our goal is to give you an easier way to start your runbooks and create a SIRS. Now you can be the hero for your company by building a strategy and finding out how secure you are. You also learn more about why you should be running a DevSecOps pipeline and how it will help your team find threats in your production environment. Finally, learn how things are different in each level of environment and where your developers should be working.
Level: 200
Speaker: Nathan Case - Sr. Solutions Architect, AWS
The document discusses automating incident response and forensics in AWS. It focuses on two scenarios - detecting an insider threat based on an IAM access denied event, and responding to a compromised EC2 instance. For the insider threat, the presenter demonstrates how AWS services like CloudTrail, Lambda, and SNS can be used to detect the denied access and notify relevant parties. For the compromised instance, the presenter shows how Step Functions can automate isolating the instance and launching a "clean room" to forensically analyze the instance without further risk of compromise. The goal is to contain incidents quickly and gather information automatically without human intervention.
Sebastien Linsolas, Solutions Architect, AWS
Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session focuses on automating your cloud incident response processes covering external and insider threats, triggers, canaries, containment, and data loss prevention. Products & Services: AWS IAM, AWS Lambda, Amazon GuardDuty, AWS Step Functions, Amazon CloudWatch, AWS Cloud Trail, Amazon Macie.
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.
The document summarizes an AWS user group meetup happening on November 7th, 2018. It includes an agenda with three presentations on AWS Secrets Manager, AI driven cloud security, and best practices for cloud management. There will be pizza and drinks during a break between the first two presentations. The event is sponsored by PolarSeven, Palo Alto Networks, and CloudHealth.
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
Incident Response - Finding a Needle in a Stack of NeedlesAmazon Web Services
by Nathan Case, Sr. Consultant, AWS
Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security Services
In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can automatically respond to the dynamic threats facing online assets by using our managed threat detection services combined with information from applications.
Shane Baldacchino, Solutions Architect, Amazon Web Services
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftAmazon Web Services
Incident Response: Eyes Everywhere - AWS Security Week at the San Francisco Loft
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
Level: 200
Speaker: Nathan Case - Sr. Solutions Architect, AWS
In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
by Fritz Kunstler, Sr. AWS Security Consultant, AWS
In AWS, identity comes first. Before you can provision buckets, instances, VPCs, or any other infrastructure, you have to have an identity to authenticate and authorize those API calls. In this session, we'll rapidly immerse you in the fundamental primitives, mental models, and implementation patterns of the core AWS identity services such as AWS Identity & Access Management and AWS Organizations. With this knowledge in hand you'll be able to confidently construct a solid identity foundation for your workloads to sit atop. Level 200
The document provides an overview of threat detection and remediation services on AWS, including Amazon GuardDuty for threat detection, Amazon Macie for data security, AWS WAF for web application firewall, AWS Shield for DDoS protection, and how these services can work together for security. It describes the services' capabilities for detecting known threats using threat intelligence, detecting unknown threats using anomaly detection, and providing actionable findings to help remediate issues.
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
Introduction to Threat Detection and Remediation on AWS: AWS Security Week at the San Francisco Loft
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Level: 100
Speaker: Nathan Case - Sr. Solutions Architect, AWS
This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.
by Jeff Puchalski, Application Security Engineer, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass.
by Michael St. Onge, Global Cloud Security Architect, AWS
Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
This document discusses techniques for detecting insider threats within an AWS environment. It provides an overview of several AWS security services such as CloudTrail, GuardDuty, and Config that can be used to monitor user activity and resource configurations. The document then presents a hypothetical example where GuardDuty detects suspicious EC2 instance activity and triggers automated remediation workflows using Lambda, CloudWatch, and Systems Manager to investigate and respond to potential security incidents.
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- How to safely generate a number of Amazon GuardDuty findings
- How to analyze Amazon GuardDuty findings
- How to think about remediation of threats
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
Orion Health CISO & Ops Unite for a Secure DevOps Practice (SEC308-S) - AWS r...Amazon Web Services
The race is on. Development teams are moving fast while security teams play catch-up to protect the business. Security is often the department of ‘No’, slowing DevOps, but imagine what transpires when security says ‘Yes’ and collaborates. In this session, Marnie Wilking, CISO and Gavin Martin, VP, Operational Engineering at Orion Health, share their global AWS deployment and steps taken to facilitate cross-team collaboration. The team alignment around security and automation enabled them to a deliver a faster, more secure solution, achieve automation benefits, and meet HIPAA, HITrust, and GDPR compliance. Learn how this was achieved without slowing development and operations teams. This session is brought to you by AWS partner, Trend Micro.
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS ...Amazon Web Services
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response: AWS Security Week at the San Francisco Loft
In this workshop, we discuss how you should be building your runbooks and security incident report system (SIRS) using your company's real-world configuration and processes. Our goal is to give you an easier way to start your runbooks and create a SIRS. Now you can be the hero for your company by building a strategy and finding out how secure you are. You also learn more about why you should be running a DevSecOps pipeline and how it will help your team find threats in your production environment. Finally, learn how things are different in each level of environment and where your developers should be working.
Level: 200
Speaker: Nathan Case - Sr. Solutions Architect, AWS
The document discusses automating incident response and forensics in AWS. It focuses on two scenarios - detecting an insider threat based on an IAM access denied event, and responding to a compromised EC2 instance. For the insider threat, the presenter demonstrates how AWS services like CloudTrail, Lambda, and SNS can be used to detect the denied access and notify relevant parties. For the compromised instance, the presenter shows how Step Functions can automate isolating the instance and launching a "clean room" to forensically analyze the instance without further risk of compromise. The goal is to contain incidents quickly and gather information automatically without human intervention.
Sebastien Linsolas, Solutions Architect, AWS
Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session focuses on automating your cloud incident response processes covering external and insider threats, triggers, canaries, containment, and data loss prevention. Products & Services: AWS IAM, AWS Lambda, Amazon GuardDuty, AWS Step Functions, Amazon CloudWatch, AWS Cloud Trail, Amazon Macie.
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.
The document summarizes an AWS user group meetup happening on November 7th, 2018. It includes an agenda with three presentations on AWS Secrets Manager, AI driven cloud security, and best practices for cloud management. There will be pizza and drinks during a break between the first two presentations. The event is sponsored by PolarSeven, Palo Alto Networks, and CloudHealth.
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
Incident Response - Finding a Needle in a Stack of NeedlesAmazon Web Services
by Nathan Case, Sr. Consultant, AWS
Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security Services
In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can automatically respond to the dynamic threats facing online assets by using our managed threat detection services combined with information from applications.
Shane Baldacchino, Solutions Architect, Amazon Web Services
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftAmazon Web Services
Incident Response: Eyes Everywhere - AWS Security Week at the San Francisco Loft
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
Level: 200
Speaker: Nathan Case - Sr. Solutions Architect, AWS
In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
Learning Objectives:
- Learn how GuardDuty continuously monitors for unauthorized behavior to help protect AWS accounts and workloads
- Understand how GuardDuty uses machine learning to detect anomalous account and network activities
- See how a SOC team can triage threats from a single console and automate security responses
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional datacenter. However, many customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session we will review how to use automation, tools and techniques to harden and audit your AWS accounts and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Geordie Anderson, Security Specialist Solutions Architect, Amazon Web Services
Sean Donaghy, Senior Cyber Security Advisor, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Michael Davie, Security Engineer, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitAmazon Web Services
In this session, you learn how AWS handles threat detection and remediation. We summarize the challenges of traditional threat detection efforts, and we explain how AWS helps to address these challenges. We also provide an overview of key AWS services that detect and remediate threats, such as Amazon GuardDuty.
The AWS Shared Responsibility Model in PracticeAlert Logic
The document discusses security in the cloud with Amazon Web Services (AWS). It highlights that AWS provides tools to automate security, inherit global controls, and scale with visibility and control. It also discusses the shared responsibility model where AWS manages security of the cloud infrastructure and customers manage security in the cloud. Finally, it provides examples of AWS security services for identity and access management, detective controls, infrastructure security, data protection, and incident response.
Secure Your Customers' Data from Day 1: Armando Leite, AWS
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
The AWS Shared Responsibility Model in PracticeAlert Logic
This document discusses the AWS shared responsibility model and how it divides security responsibilities between AWS and customers. It provides examples of how the responsibilities are divided for different types of AWS services, including infrastructure services, container services, and abstract services. It also promotes the security tools and services available in AWS that can help customers automate security tasks, gain visibility, and protect their infrastructure, data, and applications.
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place, runbook updates specific to AWS, and we show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
The document outlines the agenda for a workshop on threat detection and remediation using AWS security services. The workshop includes modules on environment setup, an attack simulation, detecting and investigating the attack, and a review. Services discussed that can help with detection include GuardDuty, Macie, and Inspector, while services like Systems Manager, Lambda, and Inspector can assist with automation of remediation. The document provides information on the specific steps and activities involved in each module of the workshop.
This document outlines an agenda for a workshop on threat detection and remediation. It includes:
- Running a CloudFormation template to set up the initial environment.
- A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help.
- A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.
The document discusses various AWS security services including Identity and Access Management (IAM) for authorization, VPCs for network security, CloudTrail for auditing API calls, GuardDuty for threat detection, WAF for web application firewall, Shield for DDoS protection, Inspector for security assessments, and Secrets Manager for secrets management. It provides overviews and examples of how to configure and use these services to help secure workloads running on AWS.
Evolve Your Incident Response Process and Powers for AWS - SID306 - Chicago A...Amazon Web Services
This document discusses evolving incident response processes and capabilities for AWS environments. It begins with an overview of incident response and how runbooks can help support the process. It then covers how the people, processes, and tools involved in incident response need to account for working in AWS. The presentation explores various AWS services that can empower incident response, such as GuardDuty, CloudTrail, CloudWatch, and AWS Config. It also discusses how to approach tasks like network isolation, disk capture, and data analysis in AWS. The document emphasizes that incident response in AWS allows for more automation, scalability, and self-healing capabilities compared to on-premises environments. It stresses the importance of prerequisites like roles and centralized logging when building
In these slides, you’ll learn to use AWS tools to secure your environment and maintain a high bar in cloud security. We'll deep dive into the features of AWS CloudTrail, AWS Guard Duty, AWS Inspector, AWS WAF and Shield, and more. We'll also cover how to keep your credentials safe in the cloud using AWS Secrets Manager.
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Speaker: Jesse Fuchs - Sr. Solutions Architect, AWS
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Amazon Web Services
Internet of Things (IoT) is taking the world by storm. Nearly every study indicates that the number of edge devices connected to an IoT platform will grow exponentially in the next few years. It’s our belief that over time, everything that can be connected to Internet will be. That’s “lots” of things. Protecting your IoT deployment is key to securing data and earning customer trust. In this talk, we walk through best practices for securing edge devices using native capabilities within AWS IoT and AWS IoT Device Defender.
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
AWS Security Week at the San Francisco Loft: Introduction to Threat Detection and Remediation on AWS
Presenter: Jeff Levine, Sr. Security Solutions Architect, AWS
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
Similar to Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.