In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
The cloud offers a first-in-a-career opportunity to constantly optimize your costs as you grow and stay on the leading edge of innovation. By developing a cost-conscious culture and assigning the responsibility for efficiency to the appropriate business owners, you can deliver innovation efficiently and cost effectively. In this session, we share The Vanguard Group’s real-world experience of optimizing their costs, and we review a wide range of cost planning, monitoring, and optimization strategies.
Bridgewater's Model-Based Verification of AWS Security Controls Amazon Web Services
Bridgewater Associates, the world’s largest hedge fund, operates a fleet of AWS accounts with different levels of information sensitivity and risk tolerance. To manage the risk these discrepancies introduce, Bridgewater developed an automated reasoning process that analyzes security policies and operationalizes them into an automated control validation and response system. In this talk, security leaders from Bridgewater describe the system they use to verify security controls. Learn about model-based verification approaches to security and how these approaches enable Bridgewater to confirm that security requirements are being met—an assurance previously unavailable by the conventional configuration checking and vulnerability scanning of other tools.
The document discusses the journey of Centrica Hive in standardizing and optimizing their use of multiple AWS accounts. It started with over 100 accounts growing in an unorganized manner, which led to issues around access control, visibility, and cost attribution. Centrica Hive implemented solutions like AWS Organizations, consolidated billing and access tools, security tools, and configuration management to bring structure and governance to their growing AWS environment. The standardized approach helped address early challenges, and the organization is now focused on further optimizing across their accounts.
Do you work with too many tools? In this session, learn how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.
In this session, we provide an overview of how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that can be used to detect and remediate threats to AWS. Finally, we conclude with examples of threat detection and remediation on AWS and an provide an opportunity for key service demos.
In this session, Tim Wagner, general manager of AWS Lambda and API Gateway, explores how developers can design, develop, deliver, and monitor cloud applications as they take advantage of the AWS serverless platform and developer toolset. He shares technical insights that developers can use to optimize their workflows and their use of cloud resources, which, in turn, can improve security, scalability, and availability. He also discusses common serverless patterns used by enterprises, and he dives into the operational and security features used by large and mature organizations. You will also hear from a Principal Architect of T-Mobile who will discuss how T-Mobile is driving adoption of serverless within the company.
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Amazon Web Services
Come learn what's new with Amazon CloudWatch, and watch as we leverage new capabilities to better monitor our systems and resources. We also walk you through the journey that BBC took in monitoring its custom off-cloud infrastructure alongside its AWS cloud resources.
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Amazon Web Services
Do you want to have a strong understanding of governance across all of your AWS accounts? Are you struggling to get centralized visibility across your entire organization? Join us in this session as we explore AWS Config, a service that enables centralized governance and resource monitoring. Learn best practices for enabling governance policies through a central account across multiple accounts in your organization, and monitor their compliance status using the multi-account, multi-region data aggregation capability. Also learn about recent launches and how customers are using AWS Config in their enterprises today.
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
The cloud offers a first-in-a-career opportunity to constantly optimize your costs as you grow and stay on the leading edge of innovation. By developing a cost-conscious culture and assigning the responsibility for efficiency to the appropriate business owners, you can deliver innovation efficiently and cost effectively. In this session, we share The Vanguard Group’s real-world experience of optimizing their costs, and we review a wide range of cost planning, monitoring, and optimization strategies.
Bridgewater's Model-Based Verification of AWS Security Controls Amazon Web Services
Bridgewater Associates, the world’s largest hedge fund, operates a fleet of AWS accounts with different levels of information sensitivity and risk tolerance. To manage the risk these discrepancies introduce, Bridgewater developed an automated reasoning process that analyzes security policies and operationalizes them into an automated control validation and response system. In this talk, security leaders from Bridgewater describe the system they use to verify security controls. Learn about model-based verification approaches to security and how these approaches enable Bridgewater to confirm that security requirements are being met—an assurance previously unavailable by the conventional configuration checking and vulnerability scanning of other tools.
The document discusses the journey of Centrica Hive in standardizing and optimizing their use of multiple AWS accounts. It started with over 100 accounts growing in an unorganized manner, which led to issues around access control, visibility, and cost attribution. Centrica Hive implemented solutions like AWS Organizations, consolidated billing and access tools, security tools, and configuration management to bring structure and governance to their growing AWS environment. The standardized approach helped address early challenges, and the organization is now focused on further optimizing across their accounts.
Do you work with too many tools? In this session, learn how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.
In this session, we provide an overview of how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that can be used to detect and remediate threats to AWS. Finally, we conclude with examples of threat detection and remediation on AWS and an provide an opportunity for key service demos.
In this session, Tim Wagner, general manager of AWS Lambda and API Gateway, explores how developers can design, develop, deliver, and monitor cloud applications as they take advantage of the AWS serverless platform and developer toolset. He shares technical insights that developers can use to optimize their workflows and their use of cloud resources, which, in turn, can improve security, scalability, and availability. He also discusses common serverless patterns used by enterprises, and he dives into the operational and security features used by large and mature organizations. You will also hear from a Principal Architect of T-Mobile who will discuss how T-Mobile is driving adoption of serverless within the company.
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Amazon Web Services
Come learn what's new with Amazon CloudWatch, and watch as we leverage new capabilities to better monitor our systems and resources. We also walk you through the journey that BBC took in monitoring its custom off-cloud infrastructure alongside its AWS cloud resources.
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Amazon Web Services
Do you want to have a strong understanding of governance across all of your AWS accounts? Are you struggling to get centralized visibility across your entire organization? Join us in this session as we explore AWS Config, a service that enables centralized governance and resource monitoring. Learn best practices for enabling governance policies through a central account across multiple accounts in your organization, and monitor their compliance status using the multi-account, multi-region data aggregation capability. Also learn about recent launches and how customers are using AWS Config in their enterprises today.
Secure your AWS Account and your Organization's Accounts Amazon Web Services
The cloud enables users to run workloads more securely than they could in a traditional data center. However, customers are still not sure how to harden their AWS accounts and resources in order to enforce compliance. Consistency around governance can also be a concern when large customers have multiple accounts. In this session, we show you how to use automation, tools, and techniques to harden and audit your AWS account as well as how to leverage AWS Organizations to ensure compliance in your enterprise.
AWS Fargate makes running containerized workloads on AWS easier than ever. In this session, we provide a technical foundation for using AWS Fargate with your existing containerized services. We also provide best practices for building images, configuring task definitions, task networking, secrets management, and monitoring.
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
The document discusses building real-time serverless backends with GraphQL. It introduces serverless computing on AWS Lambda and shows how AWS AppSync can be used to build applications that support GraphQL queries, mutations, and subscriptions across various data sources. It also discusses how AWS AppSync supports offline capabilities through features like conflict resolution and optimistic UI updates.
Containerize Legacy .NET Framework Web Apps for Cloud Migration Amazon Web Services
It can be daunting to migrate legacy .NET applications to the cloud. In this session, see how we use Microsoft Visual Studio and the AWS Management Console to demonstrate how to containerize a legacy .NET app with a SQL backend, and then deploy with Amazon ECS. We cover the Docker build and deployment process that are required to containerize the application, and we use Amazon EC2 Container Registry (Amazon ECR) to host the Docker image.
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...Amazon Web Services
New to AWS? Given the number of AWS services there are, you may think that it’s going to take a lot of work to get your security house in order in the cloud. In fact, across AWS, there are only a few simple patterns you need to know to be effective at security in the cloud. In this session, we’ll focus on the permissions controls offered by Identity and Access Management (IAM) and the network security controls offered by Virtual Private Cloud (VPC). You’ll walk away having seen concrete examples that illustrate the patterns that enable you to properly secure any workload in AWS.
In this workshop, learn how to create a cloud-based business intelligence platform and deliver dynamic insights through a custom Alexa Skill. Together, we architect a data analytics platform using Amazon S3, Amazon Athena, Amazon QuickSight, Amazon DynamoDB, Amazon CloudWatch on the backend, and a voice-based user interface through a private Alexa Skill deployed via Alexa for Business on the front end.
Policy Verification and Enforcement at Scale with AWS (SEC320) - AWS re:Inven...Amazon Web Services
In an ever-growing cloud environment, scaling to a number of accounts can range in the thousands— where edge cases dominate your firm’s spectrum and changes in your environment happen quickly. The Goldman Sachs cloud engineering team finds enforcement of best security practice as a growing concern. With developers managing infrastructure as code (IaC), learn how Goldman Sachs uses distributed serverless logging pipelines and leverages AWS formal verification tools to help enforce access policy in the process. In this session, we cover AWS Config, AWS Lambda, Amazon DynamoDB, and Amazon Simple Notification Service (Amazon SNS) as distributed infrastructure that can help catch security issues early and remediate those that happen unexpectedly.
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
Amazon Elasticsearch Service has a rich set of security features that give you control over access to data in your domain. Whether you're using Amazon Cognito to integrate with your federated identity provider for a Kibana login, building a VPC application and integrating search, or using IAM for fine-grained access, you need to understand your options so you can keep your data safe. Leave this session with a practical set of tools for security.
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
This document discusses using AWS services for ingesting, storing, sharing, and analyzing video content. It describes how to stream live video from millions of devices using Amazon Kinesis Video Streams and then analyze the video using Amazon Rekognition. It also provides an example of building a system to detect faces on video streams from cameras using DeepLens and storing the results in databases like DynamoDB for further processing.
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
AWS DataSync is a new online data transfer service that automates movement of data between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS). In this session, we will introduce the service, showing how you can use DataSync to move active on-premises data to the cloud for one-time migration, timely in-cloud analysis, and replication for data protection and recovery. We’ll demonstrate how to get started with DataSync, and you’ll hear how it is helping Cox Automotive to move their archive of millions of images to AWS.
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
The document discusses AWS Identity and Access Management (IAM) roles, which allow granting temporary security credentials to users, applications, and AWS services. IAM roles provide a secure way to delegate access and are easy to manage. The presentation covers when and how to use IAM roles, including for cross-account access, granting least privilege access, and enabling AWS services to access resources. It also provides examples of using IAM roles for EC2 instances and with AWS Secrets Manager.
AWS Serverless Application Model (AWS SAM) is a tool for developing, deploying, and managing your serverless applications on AWS. Learn best practices and tricks for using AWS SAM at scale, including how to make the most of its dynamic template capabilities, how to use advanced features, and how to debug serverless applications. Also explore the Approved open-source AWS SAM translator, and see how AWS SAM works under the hood.
The Future of Enterprise Applications is Serverless (ENT314-R1) - AWS re:Inve...Amazon Web Services
The document discusses serverless computing and Amazon Web Services (AWS) serverless technologies. It provides an overview of AWS Lambda, API Gateway, Step Functions, and other services. It also shares experiences from Centrica, an energy company, in adopting a serverless approach for some of their applications and services. Centrica saw benefits from serverless including cost reduction, faster development cycles, and improved agility.
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
With Amazon Virtual Private Cloud (Amazon VPC) you can build your own virtual data center networks in seconds. Every VPC is free, but it comes with enterprise-grade capabilities that would cost millions of dollars in a traditional data center. How is this possible? Come hear how Amazon VPC works under the hood. We uncover how we use Amazon-designed hardware to deliver high-assurance security and ultra-fast performance that makes the speed of light feel slow. Leave with insights and tips for how to optimize your own applications, and even whole organizations, to deliver faster than ever.
You’ve built an AWS Lambda function. But an application is more than just a single function; you need a lot of them. How do you orchestrate them? How do you know they’re performant? In this session, I’ll get you started with AWS Lambda, AWS Step Functions, and monitoring to get your application up and running. This session is brought to you by AWS Partner, Datadog.
In this session, Tim Wagner, general manager of AWS Lambda and Amazon API Gateway, explores how developers can design, develop, deliver, and monitor cloud applications as they take advantage of the AWS serverless platform and developer toolset. He shares technical insights that developers can use to optimize their workflows and their use of cloud resources, which, in turn, can improve security, scalability, and availability. He also discusses common serverless patterns used by enterprises, and he dives into the operational and security features used by large and mature organizations. Tim will be joined by Dougal Ballantyne, Principal Product Manager for API Gateway, to discuss recent launches and new API Gateway features.
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place, runbook updates specific to AWS, and we show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
Get the latest on what we've been developing in Amazon S3. In this session, learn about new advances in S3 performance, security, data protection, storage management, and much more. We'll discuss how to apply the appropriate bucket policies and encryption configurations to enhance security, use S3 Select to accelerate queries, and take advantage of object tagging for data classification.
This document discusses cloud operations on AWS. It provides an overview of the Well-Architected Operational Excellence pillar and how it can help with designing operations. It also summarizes AWS services like Enterprise Support's Cloud Operations Review, Professional Services' Operations Integration, and AWS Managed Services that can assist with operations. Case studies are presented on how NASA and GE Health Cloud improved their operations with AWS.
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be remediated using network services like WAF, Shield, and automation tools like Lambda, Systems Manager, and partner solutions.
Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be mitigated and remediated automatically using services like Lambda, WAF, Shield, and Systems Manager to improve security posture.
Secure your AWS Account and your Organization's Accounts Amazon Web Services
The cloud enables users to run workloads more securely than they could in a traditional data center. However, customers are still not sure how to harden their AWS accounts and resources in order to enforce compliance. Consistency around governance can also be a concern when large customers have multiple accounts. In this session, we show you how to use automation, tools, and techniques to harden and audit your AWS account as well as how to leverage AWS Organizations to ensure compliance in your enterprise.
AWS Fargate makes running containerized workloads on AWS easier than ever. In this session, we provide a technical foundation for using AWS Fargate with your existing containerized services. We also provide best practices for building images, configuring task definitions, task networking, secrets management, and monitoring.
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
The document discusses building real-time serverless backends with GraphQL. It introduces serverless computing on AWS Lambda and shows how AWS AppSync can be used to build applications that support GraphQL queries, mutations, and subscriptions across various data sources. It also discusses how AWS AppSync supports offline capabilities through features like conflict resolution and optimistic UI updates.
Containerize Legacy .NET Framework Web Apps for Cloud Migration Amazon Web Services
It can be daunting to migrate legacy .NET applications to the cloud. In this session, see how we use Microsoft Visual Studio and the AWS Management Console to demonstrate how to containerize a legacy .NET app with a SQL backend, and then deploy with Amazon ECS. We cover the Docker build and deployment process that are required to containerize the application, and we use Amazon EC2 Container Registry (Amazon ECR) to host the Docker image.
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...Amazon Web Services
New to AWS? Given the number of AWS services there are, you may think that it’s going to take a lot of work to get your security house in order in the cloud. In fact, across AWS, there are only a few simple patterns you need to know to be effective at security in the cloud. In this session, we’ll focus on the permissions controls offered by Identity and Access Management (IAM) and the network security controls offered by Virtual Private Cloud (VPC). You’ll walk away having seen concrete examples that illustrate the patterns that enable you to properly secure any workload in AWS.
In this workshop, learn how to create a cloud-based business intelligence platform and deliver dynamic insights through a custom Alexa Skill. Together, we architect a data analytics platform using Amazon S3, Amazon Athena, Amazon QuickSight, Amazon DynamoDB, Amazon CloudWatch on the backend, and a voice-based user interface through a private Alexa Skill deployed via Alexa for Business on the front end.
Policy Verification and Enforcement at Scale with AWS (SEC320) - AWS re:Inven...Amazon Web Services
In an ever-growing cloud environment, scaling to a number of accounts can range in the thousands— where edge cases dominate your firm’s spectrum and changes in your environment happen quickly. The Goldman Sachs cloud engineering team finds enforcement of best security practice as a growing concern. With developers managing infrastructure as code (IaC), learn how Goldman Sachs uses distributed serverless logging pipelines and leverages AWS formal verification tools to help enforce access policy in the process. In this session, we cover AWS Config, AWS Lambda, Amazon DynamoDB, and Amazon Simple Notification Service (Amazon SNS) as distributed infrastructure that can help catch security issues early and remediate those that happen unexpectedly.
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
Amazon Elasticsearch Service has a rich set of security features that give you control over access to data in your domain. Whether you're using Amazon Cognito to integrate with your federated identity provider for a Kibana login, building a VPC application and integrating search, or using IAM for fine-grained access, you need to understand your options so you can keep your data safe. Leave this session with a practical set of tools for security.
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
This document discusses using AWS services for ingesting, storing, sharing, and analyzing video content. It describes how to stream live video from millions of devices using Amazon Kinesis Video Streams and then analyze the video using Amazon Rekognition. It also provides an example of building a system to detect faces on video streams from cameras using DeepLens and storing the results in databases like DynamoDB for further processing.
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
AWS DataSync is a new online data transfer service that automates movement of data between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS). In this session, we will introduce the service, showing how you can use DataSync to move active on-premises data to the cloud for one-time migration, timely in-cloud analysis, and replication for data protection and recovery. We’ll demonstrate how to get started with DataSync, and you’ll hear how it is helping Cox Automotive to move their archive of millions of images to AWS.
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
The document discusses AWS Identity and Access Management (IAM) roles, which allow granting temporary security credentials to users, applications, and AWS services. IAM roles provide a secure way to delegate access and are easy to manage. The presentation covers when and how to use IAM roles, including for cross-account access, granting least privilege access, and enabling AWS services to access resources. It also provides examples of using IAM roles for EC2 instances and with AWS Secrets Manager.
AWS Serverless Application Model (AWS SAM) is a tool for developing, deploying, and managing your serverless applications on AWS. Learn best practices and tricks for using AWS SAM at scale, including how to make the most of its dynamic template capabilities, how to use advanced features, and how to debug serverless applications. Also explore the Approved open-source AWS SAM translator, and see how AWS SAM works under the hood.
The Future of Enterprise Applications is Serverless (ENT314-R1) - AWS re:Inve...Amazon Web Services
The document discusses serverless computing and Amazon Web Services (AWS) serverless technologies. It provides an overview of AWS Lambda, API Gateway, Step Functions, and other services. It also shares experiences from Centrica, an energy company, in adopting a serverless approach for some of their applications and services. Centrica saw benefits from serverless including cost reduction, faster development cycles, and improved agility.
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
With Amazon Virtual Private Cloud (Amazon VPC) you can build your own virtual data center networks in seconds. Every VPC is free, but it comes with enterprise-grade capabilities that would cost millions of dollars in a traditional data center. How is this possible? Come hear how Amazon VPC works under the hood. We uncover how we use Amazon-designed hardware to deliver high-assurance security and ultra-fast performance that makes the speed of light feel slow. Leave with insights and tips for how to optimize your own applications, and even whole organizations, to deliver faster than ever.
You’ve built an AWS Lambda function. But an application is more than just a single function; you need a lot of them. How do you orchestrate them? How do you know they’re performant? In this session, I’ll get you started with AWS Lambda, AWS Step Functions, and monitoring to get your application up and running. This session is brought to you by AWS Partner, Datadog.
In this session, Tim Wagner, general manager of AWS Lambda and Amazon API Gateway, explores how developers can design, develop, deliver, and monitor cloud applications as they take advantage of the AWS serverless platform and developer toolset. He shares technical insights that developers can use to optimize their workflows and their use of cloud resources, which, in turn, can improve security, scalability, and availability. He also discusses common serverless patterns used by enterprises, and he dives into the operational and security features used by large and mature organizations. Tim will be joined by Dougal Ballantyne, Principal Product Manager for API Gateway, to discuss recent launches and new API Gateway features.
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
You want your current incident response (IR) runbooks to account for your AWS workloads ASAP, and eventually, you want cloud-based IR superpowers, too. In this session, we cover the basics that you must get in place, runbook updates specific to AWS, and we show you how to build initial IR capabilities that blend well with existing processes and partner offerings. We also walk through a hypothetical IR scenario for an AWS environment that uses an evolved on-premises IR runbook that accounts for the differences of an AWS environment. In this scenario, we demonstrate unique AWS platform capabilities for IR success. Go beyond updating your IR runbooks, and start your journey toward gaining cloud-based IR superpowers today!
Get the latest on what we've been developing in Amazon S3. In this session, learn about new advances in S3 performance, security, data protection, storage management, and much more. We'll discuss how to apply the appropriate bucket policies and encryption configurations to enhance security, use S3 Select to accelerate queries, and take advantage of object tagging for data classification.
This document discusses cloud operations on AWS. It provides an overview of the Well-Architected Operational Excellence pillar and how it can help with designing operations. It also summarizes AWS services like Enterprise Support's Cloud Operations Review, Professional Services' Operations Integration, and AWS Managed Services that can assist with operations. Case studies are presented on how NASA and GE Health Cloud improved their operations with AWS.
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be remediated using network services like WAF, Shield, and automation tools like Lambda, Systems Manager, and partner solutions.
Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortage, high signal to noise ratio, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, GuardDuty, and Macie can be used to detect threats at scale using machine learning. It also discusses how threats can be mitigated and remediated automatically using services like Lambda, WAF, Shield, and Systems Manager to improve security posture.
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitAmazon Web Services
The document discusses threat detection and mitigation at scale on AWS. It describes how traditional threat detection is difficult due to skills shortages, high signal-to-noise ratios, and large datasets. It then outlines how AWS services like CloudTrail, VPC Flow Logs, CloudWatch Logs, and GuardDuty can be used to detect threats through log data and machine learning. The document also discusses how threats can be remediated through network services like WAF, automation tools like Lambda, and partner solutions.
Secure and Automate AWS Deployments with Next Generation SecurityAmazon Web Services
The document discusses secure and automated AWS deployments using next generation security tools. It describes how traditional threat detection is difficult due to skills shortages, noise in large datasets, and humans being overwhelmed by data. It then outlines several AWS services like CloudTrail, VPC Flow Logs, and CloudWatch Logs that can provide threat detection data inputs. It also discusses machine learning tools like GuardDuty and Macie that can automate threat detection. The document provides examples of what kinds of threats these tools can detect and how threats can be remediated through network tools, triggers, and response workflows.
by Nathan Case, Sr. Consultant, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass. Level 400
The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.
by Jeff Puchalski, Application Security Engineer, AWS
Insider threat detection! How do we use AWS products to find an insider threat. We will cover Macie, GuardDuty and lambda to review a production account actions and remediate findings as they arise . We will also cover the utilization of CloudWatch to unify our finds into a single pane of glass.
This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
This document discusses techniques for detecting insider threats within an AWS environment. It provides an overview of several AWS security services such as CloudTrail, GuardDuty, and Config that can be used to monitor user activity and resource configurations. The document then presents a hypothetical example where GuardDuty detects suspicious EC2 instance activity and triggers automated remediation workflows using Lambda, CloudWatch, and Systems Manager to investigate and respond to potential security incidents.
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional datacenter. However, many customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session we will review how to use automation, tools and techniques to harden and audit your AWS accounts and also how to leverage AWS Organizations to ensure compliance in your enterprise.
Geordie Anderson, Security Specialist Solutions Architect, Amazon Web Services
Sean Donaghy, Senior Cyber Security Advisor, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
Michael Davie, Security Engineer, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada
The AWS Shared Responsibility Model in PracticeAlert Logic
The document discusses security in the cloud with Amazon Web Services (AWS). It highlights that AWS provides tools to automate security, inherit global controls, and scale with visibility and control. It also discusses the shared responsibility model where AWS manages security of the cloud infrastructure and customers manage security in the cloud. Finally, it provides examples of AWS security services for identity and access management, detective controls, infrastructure security, data protection, and incident response.
Learning Objectives:
- Learn how GuardDuty continuously monitors for unauthorized behavior to help protect AWS accounts and workloads
- Understand how GuardDuty uses machine learning to detect anomalous account and network activities
- See how a SOC team can triage threats from a single console and automate security responses
Secure Your Customers' Data from Day 1: Armando Leite, AWS
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
The document outlines the agenda for a workshop on threat detection and remediation using AWS security services. The workshop includes modules on environment setup, an attack simulation, detecting and investigating the attack, and a review. Services discussed that can help with detection include GuardDuty, Macie, and Inspector, while services like Systems Manager, Lambda, and Inspector can assist with automation of remediation. The document provides information on the specific steps and activities involved in each module of the workshop.
The AWS Shared Responsibility Model in PracticeAlert Logic
This document discusses the AWS shared responsibility model and how it divides security responsibilities between AWS and customers. It provides examples of how the responsibilities are divided for different types of AWS services, including infrastructure services, container services, and abstract services. It also promotes the security tools and services available in AWS that can help customers automate security tasks, gain visibility, and protect their infrastructure, data, and applications.
This document outlines an agenda for a workshop on threat detection and remediation. It includes:
- Running a CloudFormation template to set up the initial environment.
- A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help.
- A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
Introduction to Threat Detection and Remediation on AWS: AWS Security Week at the San Francisco Loft
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Level: 100
Speaker: Nathan Case - Sr. Solutions Architect, AWS
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitAmazon Web Services
In this session, you learn how AWS handles threat detection and remediation. We summarize the challenges of traditional threat detection efforts, and we explain how AWS helps to address these challenges. We also provide an overview of key AWS services that detect and remediate threats, such as Amazon GuardDuty.
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Amazon Web Services
Internet of Things (IoT) is taking the world by storm. Nearly every study indicates that the number of edge devices connected to an IoT platform will grow exponentially in the next few years. It’s our belief that over time, everything that can be connected to Internet will be. That’s “lots” of things. Protecting your IoT deployment is key to securing data and earning customer trust. In this talk, we walk through best practices for securing edge devices using native capabilities within AWS IoT and AWS IoT Device Defender.
Similar to Threat Detection and Mitigation at Scale on AWS (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.