Accelerating your Business with Security
|
|
- Owen York
- 5 years ago
- Views:
Transcription
1 Accelerating your Business with Security Dave Walker, Specialist Solutions Architect, Security and Compliance 31/10/ , Amazon Web Services, Inc. or its Affiliates. All rights reserved.
2 What to Expect from the Session Existing Multi-Account Strategies, and Multi-Account Planning Organizations Compliance and Scoping (and Artifact) EC2 Systems Manager DDoS and Mitigation with Shield
3 Start Here
4 Existing Multi-Account Strategies, and Multi- Account Planning
5 The Story So Far MASCOT fully role- and identity-managed implementation from ProServe Presented at Re:Invent 2016 SAC319 ( ), SAC320 ( ) Bertram Dorn's work from 2014 similar structure, but a number of differences Neither covers Organizations (yet)
6 What Needs Segregating from What? Obvious cases first: Read access to Billing and Log records from everyone, except Auditors and Security...and even then, access should be limited to appropriate cases consider evidential weight Prod from Dev, Test and Staging remember Knight Capital? also "bug ringfencing" Compliance in-scope from out-of-scope auditors need to see a hard scope boundary you will want to keep in-scope as small as possible use both AWS Accounts and VPCs for this
7 What Needs Segregating from What? Less obvious cases: Look at your org chart and body of policies Consider how Separation of Duty and Need to Know operate both in and between departments Within org charts, policy, compliance scoping, and the need to ringfence dev accounts where bugs could impact API access, lies the answers to "how many AWS Organizations KMS CMKs AWS accounts...do I need?"
8 Organizations
9 In the beginning Your AWS Account You
10 Today Cross Account Resource Access Dev Account Data Science Account Jump Account Prod Account Audit Account You Your Cloud Team Cross Account Trusts
11 What do customers want to do? Use AWS account boundaries for isolation. Centrally manage policies across many accounts. Delegate permissions, but maintain guardrails. See combined view of all charges.
12 Introducing AWS Organizations Policy-based management for multiple AWS accounts. Control AWS service use across accounts Automate AWS account creation Consolidate billing
13 Typical Use Cases Control the use of AWS services to help comply with corporate security and compliance policies. Service Control Policies (SCPs) help you centrally control AWS service use across multiple AWS accounts. Ensure that entities in your accounts can use only the services that meet your corporate security and compliance policy requirements.
14 Typical Use Cases Automate the creation of AWS accounts for different resources. API driven AWS account creation. Use APIs to add the new account to a group and attach service control policies. Use API response to trigger additional automation (eg deploy CloudFormation template)
15 Typical Use Cases Create different groups of accounts for development and production resources. Organise groups into a hierarchy. Apply different policies to each group. Alternatively, group according to lines-ofbusiness or other desired dimensions.
16 Key Features Policy framework for multiple AWS accounts. Group-based account management. Account creation and management APIs. Consolidated billing for all AWS accounts in your organization. Enable Consolidated Billing Only or All Features.
17 How is Organizations different from IAM? Create groups of AWS accounts with AWS Organizations. Use Organizations to attach SCPs to those groups to centrally control AWS service use. Entities in the AWS accounts can only use the AWS services allowed by both the SCP and the AWS IAM policy for the account.
18 How to get started? Revisit or create your account segmentation strategy. Decide which type of organization is right for you. Organize your AWS accounts according to it. Test & begin to apply SCPs slowly. Iterate on SCPs to achieve your desired state.
19 Pricing & Availability Available at no additional charge. Global service. Accessed through endpoint in N. Virginia region.
20 Service Control Policies (SCPs) Enables you to control which AWS service APIs are accessible - Define the list of APIs that are allowed whitelisting - Define the list of APIs that must be blocked blacklisting Cannot be overridden by local administrator Resultant permission on IAM user/role is the intersection between the SCP and assigned IAM permissions Necessary but not sufficient IAM policy simulator is SCP aware
21 Blacklisting example Whitelisting example { } "Version": " ", "Statement": [{ "Effect": "Allow", ] }, { } "Action": "*", "Resource": "*" "Effect": "Deny", "Action": "redshift:*", "Resource": "*" { "Version": " ", ] } "Statement": [{ "Effect": "Allow", } "Action": [ "ec2:runinstances", "ec2:describeinstances", "ec2:describeimages", "ec2:describekeypairs", "ec2:describevpcs", "ec2:describesubnets", "ec2:describesecuritygroups" ], "Resource": "*"
22 Best practices AWS Organizations 1. Monitor activity in the master account using CloudTrail 2. Do not manage resources in the master account 3. Manage your organization using the principle of Least privilege 4. Use OUs to assign controls 5. Test controls on single AWS account first 6. Only assign controls to root of organization if necessary 7. Avoid mixing whitelisting and blacklisting SCPs in organization 8. Create new AWS accounts for the right reasons
23 Compliance and Scoping (and Artifact)
24 The Artifact Service
25 The Artifact Service { } "Version": " ", "Statement": [ { "Effect": "Allow", ] } "Action": [ "artifact:get" ], "Resource": [ "arn:aws:artifact:::report-package/certifications and Attestations/SOC/*", "arn:aws:artifact:::report-package/certifications and Attestations/PCI/*", "arn:aws:artifact:::report-package/certifications and Attestations/ISO/*" ]
26 The Artifact Service C5 (Germany) FedRAMP Partner package Global Financial Services Regulatory Principles IRAP Package (Australia) ISO Certification, Statement of Applicability ISO Certification, Statement of Applicability ISO Certification, Statement of Applicability ISO 9001 Certification MAS TRM Guidelines Workbook (Singapore) PCI DSS Attestation of Compliance and Responsibility Summary - Current and Previous PSN Connection Compliance Certificate (UK) PSN Service Provision Compliance Certificate (UK) Quality Management System Overview SOC 1 Reports (Current and Previous) SOC 2 Reports (Current and Previous) SOC 2 Report for Confidentiality SOC 3 SOC Continued Operations Letter
27 EC2 Systems Manager
28 Amazon EC2 Systems Manager Announced at Re:Invent 2016 See sessions WIN401 ( ) and WIN402 ( )
29 Systems Manager Capabilities Configuration, Administration Shared Capabilities Update and Track Run Command Maintenance Windows Automation Inventory State Manager Parameter Store Patch Manager
30 Inventory
31 Inventory What we heard: Accurate software inventory is critical for understanding fleet configuration and license usage Legacy solutions not optimised for cloud Self-hosting requires additional overhead
32 Inventory Introducing Inventory End-to-end inventory collection (EC2/on-premises/Workspaces) Linux / Windows Powerful query syntax Extensible inventory schema Integrated with AWS services
33 Inventory System Diagram AWS Config Console + CLI/APIs AWS Config EC2 Console, SSM CLI/APIs AWS SSM Service EC2 Windows Instance SSMAgent State Manager EC2 Linux Instance SSMAgent EC2 Inventory SSM document Inventory Store On- Premises Instance SSMAgent
34 Inventory Getting Started 1. Configure Inventory policy 2. Apply Inventory policy 3. Query inventory
35 Inventory Configuration Create an Inventory association 1. Select instances (by instance ID or tag) 2. Select scan frequency (hours, minutes, days, NOW) 3. Select Inventory Types to gather Instance information Applications AWS Components Network configuration Windows Updates Custom Inventory
36 Inventory Custom Inventory Type Custom Inventory Collection Extensible: record any attribute for a given instance On-premise Examples: rack location, BIOS version, firewall settings Two ways to record custom inventory types 1. Agent/on-instance: Write a cron job to record custom inventory files to a predefined path 2. API: Use PutInventory API
37 Inventory Manager Query Search by inventory attribute Partial and inverse searches eg "Windows 2012 r2 instances running SQL Server 2016 where Windows Update KB is not installed" Integration with AWS Config Record inventory changes over time Use AWS Config Rules to monitor changes, notify
38 State Manager
39 State Manager Maintain consistent state of instances Reapply to keep instances from drifting Easily view status of configuration changes Define schedule ad hoc, periodic Track aggregate status for your fleet
40 State Manager Getting started Document: Author your intent Target: Instances or tag queries Association: Binding between a document and a target Schedule: When to apply your association Status: Check the state of your association at an aggregate or instance level
41 Creating an Association aws ssm create-association --document-name WebServerDocument --document-version \$DEFAULT --schedule-expression cron(0 */30 * * *? *) --targets Key=tag:Name;Values=WebServer --output-location "{ \"S3Location\": { \"OutputS3Region\": \ us-east-1\", \"OutputS3BucketName\": \ MyBucket\", \"OutputS3KeyPrefix\": \ MyPrefix\" } } Configures all instances that match the tag query and reapplies every 30 minutes
42 Automation
43 CI/CD for DevOps Repo Generate CloudFormation Templates for Environment Dev Code Config Tests Commit to Git/master Version Control Config Get / Pull Code Package Builder Push CI Server Install Create Distributed Builds Run Tests in parallel AMIs Deploy Server Test Env Staging Env Prod Env Send Build Report to Dev Stop everything if build failed
44 CI/CD for DevSecOps CloudFormation Templates for Environment Dev Code Config Tests Validate Version Control Continuous Scan Config Get / Pull Code Package Builder Audit/Validate CI Server Checksum AMIs Log for audit Promote Process Test Env Staging Env Prod Env Send Build Report to Security Stop everything if audit/validation failed
45 Automation
46 Automation What we heard Automation pain point: AMI building Triggers: patching, hardening, application bake-in Never-ending Time consuming, especially when builds fail Overhead of maintaining build service
47 Automation Introducing Automation Simplified automation solution Perfect for AMI updates, instance deployment & config Pro-active event notifications AWS optimised (EC2 Run Command, AWS Lambda, AWS CloudTrail, IAM, and Amazon CloudWatch integrations)
48 Automation Getting Started 1. Create an automation document 2. Run automation 3. Monitor your automation
49 Automation - Documents Input & output parameters Examples Create default values, or assign at run-time Parameter Store integration System Variables (DATE, DATE_TIME, REGION, EXECUTION_ID) Document Parameter Name sourceamiid targetaminame Default Value {{ssm:sourceami}} patchedami-{{global:date_time}}
50 Automation - Documents Automation Steps Action types: runinstances, changeinstancestate, createami runcommand, invokelambdafunction Flow control: retries, timeouts, continue/abort Public Automation Documents AWS-UpdateWindowsAmi AWS-UpdateLinuxAmi
51 Automation IAM Setup 1. Create a Service Role for Automation Permission for Automation service to operate in your account 2. Attach PassRole policy to user s account 3. Launch instances with SSM role (AmazonEC2RoleforSSM)
52 Automation Monitoring Amazon CloudWatch Events Publish notifications to an Amazon SNS topic Step-level & automation-level notifications
53 Parameter Store
54 Parameter Store Centrally store and find configuration data Repeatable, automatable management (e.g. SQL connection strings, passwords, cryptographic keys) Granular access control view, use and edit values Encrypt sensitive data using your own AWS KMS keys
55 Parameter Store Getting started Parameter: Key-value pair Secure Strings: Encrypt sensitive parameters with your own KMS or default account encryption key Reuse: In Documents and easily reference at runtime across EC2 Systems Manager using {{ssm:parametername}} Access Control: Create an IAM policy to control access to specific parameter
56 Creating and using a parameter $ aws ssm put-parameter --name myprivatekey --type securestring --value -----BEGIN RSA PRIVATE KEY----- WtcUTC+57cf --key <KMS keyid> $ aws ssm send-command --name Insert-Websvr-Private-Key --parameters commands=[ cat {{ssm:myprivatekey}} > /etc/apache2/keys/private.key ; chmod 400 /etc/apache2/keys/private.key ; chown webserver:webserver /etc/apache2/keys/private.key ] --target Key=tag:Name,Values=WebServer
57 DDoS Mitigation with Shield
58 DDoS and Mitigation with Shield Distributed Denial Of Service
59 Types of DDoS attacks
60 Types of DDoS attacks Volumetric DDoS attacks Congest networks by flooding them with more traffic than they are able to handle (e.g., UDP reflection attacks)
61 Types of DDoS attacks State-exhaustion DDoS attacks Abuse protocols to stress systems like firewalls, IPS, or load balancers (e.g., TCP SYN flood)
62 Types of DDoS attacks Application-layer DDoS attacks Use well-formed but malicious requests to circumvent mitigation and consume application resources (e.g., HTTP GET, DNS query floods)
63 DDoS attack trends 18% State exhaustion 65% Volumetric 18% Application layer Volumetric State exhaustion Application layer
64 Challenges in mitigating DDoS attacks
65 Challenges in mitigating DDoS attacks Difficult to enable Complex set-up Provision bandwidth capacity Application re-architecture
66 DDoS protections built into AWS Integrated into the AWS global infrastructure Always-on, fast mitigation without external routing Redundant Internet connectivity in AWS data centres
67 DDoS protections built into AWS ü Protection against most common infrastructure attacks ü SYN/ACK Floods, UDP Floods, Refection attacks etc. ü No additional cost DDoS Attack Users DDoS mitigation systems
68 AWS Shield A Managed DDoS Protection Service
69 AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
70 AWS Shield Four key pillars AWS Integration DDoS protection without infrastructure changes Always-On Detection and Mitigation Minimize impact on application latency Affordable Don t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications
71 AWS Shield Standard
72 AWS Shield Standard Layer 3/4 protection ü Automatic detection & mitigation ü Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.) Layer 7 protection ü AWS WAF for Layer 7 DDoS attack mitigation ü Self-service & pay-as-you-go ü Built into AWS services
73 AWS Shield Standard Better protection than ever for your applications running on AWS Improved mitigations using proprietary BlackWatch systems Additional mitigation capacity Commitment to continuously improve detection and mitigation Still at no additional cost
74 AWS Shield Advanced Managed DDoS Protection
75 AWS Shield Advanced Available today on Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53
76 AWS Shield Advanced Available today in US East (N. Virginia) US West (Oregon) EU (Ireland) Asia Pacific (Tokyo) us-east-1 us-west-2 eu-west-1 ap-northeast-1
77 AWS Shield Advanced Announcing AWS WAF for Application Load Balancer Valid users X AWS WAF Application Load Balancer Attackers
78 AWS Shield Advanced Always-on monitoring & detection AWS bill protection Advanced L3/4 & L7 DDoS protection 24x7 access to DDoS Response Team Attack notification and reporting
79 AWS Shield Advanced Always-on monitoring & detection AWS bill protection Advanced L3/4 & L7 DDoS protection 24x7 access to DDoS Response Team Attack notification and reporting
80 Always-on monitoring and detection Network flow monitoring Application traffic monitoring
81 Always-on monitoring and detection Signature based detection Heuristics-based anomaly detection Baselining
82 Always-on monitoring and detection Heuristics-based anomaly detection Detects anomalies based on attributes such as: Source IP Source ASN Traffic levels Validated sources
83 Always-on monitoring and detection Baselining Continuously baselining normal traffic patterns HTTP Requests per second Source IP Address URLs User-Agents
84 AWS Shield Advanced Always-on monitoring & detection AWS bill protection Advanced L3/4 & L7 DDoS protection 24x7 access to DDoS Response Team Attack notification and reporting
85 Advanced DDoS protection Layer 3/4 infrastructure protection Layer 7 application protection
86 Advanced DDoS protection Layer 3/4 infrastructure protection Layer 7 application protection
87 Layer 3/4 infrastructure protection Advanced mitigation techniques Deterministic filtering Traffic prioritisation based on scoring Advanced routing policies
88 Layer 3/4 infrastructure protection Deterministic filtering Automatically filters malformed TCP packets IP checksum TCP valid flags UDP payload length DNS request validation
89 Layer 3/4 infrastructure protection Traffic prioritisation based on scoring Low suspicion attributes High suspicion attributes Normal packet or request header Traffic composition and volume is typical given its source Traffic valid for its destination Suspicious packet or request headers Entropy in traffic by header attribute Entropy in traffic source and volume Traffic source has a poor reputation Traffic invalid for its destination Request with cache-busting attributes
90 Layer 3/4 infrastructure protection Traffic prioritisation based on scoring Inline inspection and scoring Preferentially discard lower priority (attack) traffic False positives are avoided and legitimate viewers are protected High-suspicion packets dropped Low-suspicion packets retained
91 Layer 3/4 infrastructure protection Advanced routing policies Distributed scrubbing and bandwidth capacity Automated routing policies to absorb large attacks Manual traffic engineering
92 Layer 3/4 infrastructure protection Additional protections against larger and more sophisticated attacks Advanced routing capabilities Additional mitigation capacity
93 Advanced DDoS protection Layer 3/4 infrastructure protection Layer 7 application protection
94 AWS WAF Layer 7 application protection Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning
95 AWS WAF Layer 7 application protection Three modes of operation Self-service Engage DDoS experts Proactive DRT engagement
96 AWS WAF Layer 7 application protection Engage DDoS experts 1. You engage the AWS DDoS Response Team (DRT) 2. DRT triages attack 3. DRT assists you with creating AWS WAF rules
97 AWS WAF Layer 7 application protection Proactive DRT engagement 1. Always-on monitoring engages the AWS DDoS Response Team (DRT) 2. DRT proactively triages DDoS attack 3. DRT creates AWS WAF rules (prior authorization required)
98 AWS Shield Advanced Always-on monitoring & detection AWS bill protection Advanced L3/4 & L7 DDoS protection 24x7 access to DDoS Response Team Attack notification and reporting
99 Attack notification and reporting Real-time notification of attacks via Amazon CloudWatch Near real-time metrics and packet captures for attack forensics Historical attack reports Attack monitoring and detection
100 AWS Shield Advanced Always-on monitoring & detection AWS bill protection Advanced L3/4 & L7 DDoS protection 24x7 access to DDoS Response Team Attack notification and reporting
101 24x7 access to DDoS Response Team Critical and urgent priority cases are answered quickly and routed directly to DDoS experts Complex cases can be escalated to the AWS DDoS Response Team (DRT), who have deep experience in protecting AWS as well as Amazon.com and its subsidiaries
102 24x7 access to DDoS Response Team Before Attack Proactive consultation and best practice guidance During Attack Attack mitigation After Attack Post-mortem analysis
103 AWS Shield Advanced Always-on monitoring & detection AWS bill protection Advanced L3/4 & L7 DDoS protection 24x7 access to DDoS Response Team Attack notification and reporting
104 AWS cost protection AWS absorbs scaling cost due to DDoS attack Amazon CloudFront Elastic Load Balancer Application Load Balancer Amazon Route 53
105 AWS DDoS Shield: Pricing Standard Protection No commitment No additional cost Advanced Protection 1 year subscription commitment Monthly base fee: $3,000 Data transfer fees Data Transfer Price ($ per GB) CloudFront ELB First 100 TB $ Next 400 TB $ Next 500 TB $ Next 4 PB $0.010 Contact Us Above 5 PB Contact Us Contact Us
106 AWS DDoS Shield: How to choose Standard Protection For protection against most common DDoS attacks, and access to tools and best practices to build a DDoS resilient architecture on AWS. Advanced Protection For additional protection against larger and more sophisticated attacks, visibility into attacks, AWS cost protection, Layer 7 mitigations, and 24X7 access to DDoS experts for complex cases.
107 AWS Shield: Getting started Standard Protection Advanced Protection You get it automatically Enable via the AWS Console
108 Helpful Videos IAM Recommended Practices: AWS Security Checklist: Automating Security Event Response: Compliance with AWS Verifying AWS Security: Securing Enterprise Big Data Workloads: AWS Security Best Practices: Software Security and Best Practices:
109 Helpful Resources Compliance Enablers: Risk & Compliance Whitepaper: Compliance Centre Website: Security Centre: Security Blog: Well-Architected Framework: AWS Audit Training:
110
Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect
Secure your Web Applications with AWS WAF & AWS Shield James Chiang ( 蔣宗恩 ) AWS Solution Architect www.cloudsec.com What to expect from this session Types of Threats AWS Shield AWS WAF DEMO Real World
More informationAdvanced Techniques for DDoS Mitigation and Web Application Defense
Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, 2017 2017, Amazon Web Services, Inc. or
More informationAdditional Security Services on AWS
Additional Security Services on AWS Bertram Dorn Specialized Solutions Architect Security / Compliance / DataProtection AWS EMEA The Landscape The Paths Application Data Path Path Cloud Managed by Customer
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stella Lee Manager, Enterprise Business Development $ 2 0 B + R E V E N U E R U N R A T E (Annualized from Q4 2017) 4 5 % Y / Y G R O W T
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationSecurity on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stephen Quigg Principal Security Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is enterprise
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationMapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd
Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:
More informationSecurity Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Security in General Services in Scope Aspects of Services for
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationBest Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ
Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security
More informationCYBER SECURITY WHITEPAPER
CYBER SECURITY WHITEPAPER ABOUT GRIDSMART TECHNOLOGIES, INC. GRIDSMART Technologies, Inc. provides Simple, Flexible, and Transparent solutions for the traffic industry that collect and use data to make
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationSecurity: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration
Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.
More informationNEXT GENERATION CLOUD SECURITY
SESSION ID: CMI-F02 NEXT GENERATION CLOUD SECURITY Myles Hosford Head of FSI Security & Compliance Asia Amazon Web Services Agenda Introduction to Cloud Security Benefits of Cloud Security Cloud APIs &
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationAWS Data Security Security Update
AWS Data Security Security Update December 1 st 2015 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Security Agenda 1:00 pm AWS Security Overview + What s New 2:00 pm Network
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCloud Security Strategy - Adapt to Changes with Security Automation -
SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1 Agenda New Normal of Security
More informationCloud security 2.0: Joko nyt pilveen voi luottaa?
Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland
More informationBuilding a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS
Building a Self-Defending Border Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS www.cloudsec.com #cloudsec Building A Defending Borders Protect Your Web-facing Workloads
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More information#AWSSummit. Démarrer sur AWS. L élasticité et les outils de gestions
#AWSSummit Démarrer sur AWS L élasticité et les outils de gestions https://aws.amazon.com/getting-started Boris Sassou Technical Account Manager, Amazon Web Services 2018, Amazon Web Services, Inc. or
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationWHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.
WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud www.cloudcheckr.com TABLE OF CONTENTS Overview 3 What Is ELB? 3 How ELB Works 4 Classic Load Balancer 5 Application
More informationArchitecting for Greater Security in AWS
Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationProtecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protecting Your Data in AWS 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypting Data in AWS AWS Key Management Service, CloudHSM and other options What to expect from this
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationMcAfee Cloud Workload Security Product Guide
Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationAWS Landing Zone. AWS User Guide. November 2018
AWS Landing Zone AWS User Guide November 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. AWS Landing Zone User Guide is licensed under the terms of the Amazon Software License available
More informationAWS Security. Stephen E. Schmidt, Directeur de la Sécurité
AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationBuilding a Modular and Scalable Virtual Network Architecture with Amazon VPC
Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)
More informationDeep Freeze Cloud. Architecture and Security Overview
Deep Freeze Cloud Architecture and Security Overview 2018 Faronics Corporation or its affiliates. All rights reserved. NOTICE: This document is provided for informational purposes only. It represents Faronics
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationCloud Transformation and Significance of Security
Cloud Transformation and Significance of Security Mohit Sharma, Chief Architect & Cloud Evangelist @onlinesince2009 www.cloudsec.com Datacenter Management Change Management Policy Physical Network Management
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationNetflix OSS Spinnaker on the AWS Cloud
Netflix OSS Spinnaker on the AWS Cloud Quick Start Reference Deployment August 2016 Huy Huynh and Tony Vattathil Solutions Architects, Amazon Web Services Contents Overview... 2 Architecture... 3 Prerequisites...
More informationElastic Load Balancing
Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,
More informationWho done it: Gaining visibility and accountability in the cloud
Who done it: Gaining visibility and accountability in the cloud By Ryan Nolette Squirrel Edition $whoami 10+ year veteran of IT, Security Operations, Threat Hunting, Incident Response, Threat Research,
More informationAWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster
AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster Protecting highly dynamic AWS resources with a static firewall setup is neither efficient nor economical. A CloudGen Firewall Auto Scaling
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationCyberPosture Intelligence for Your Hybrid Infrastructure
VALUE BRIEF CyberPosture Intelligence for Your Hybrid Infrastructure CyberPosture is a consolidated risk score, based on configuration and workload analysis, that executives can present to their board,
More informationOracle WebLogic Server 12c on AWS. December 2018
Oracle WebLogic Server 12c on AWS December 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Building Multi-Region Applications Jan Metzner, Solutions Architect Brian Wagner, Solutions Architect 2015, Amazon Web Services,
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationProduct Guide Revision B. McAfee Cloud Workload Security 5.0.0
Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationAbout Intellipaat. About the Course. Why Take This Course?
About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationTraining on Amazon AWS Cloud Computing. Course Content
Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud
More informationARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS
ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI
More informationTransit VPC Deployment Using AWS CloudFormation Templates. White Paper
Transit VPC Deployment Using AWS CloudFormation Templates White Paper Introduction Amazon Web Services(AWS) customers with globally distributed networks commonly need to securely exchange data between
More informationLook Who s Hiring! AWS Solution Architect AWS Cloud TAM
Look Who s Hiring! AWS Solution Architect https://www.amazon.jobs/en/jobs/362237 AWS Cloud TAM https://www.amazon.jobs/en/jobs/347275 AWS Principal Cloud Architect (Professional Services) http://www.reqcloud.com/jobs/701617/?k=wxb6e7km32j+es2yp0jy3ikrsexr
More informationAWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.
AWS Storage Amazon EFS Amazon EBS Amazon EC2 Instance storage Amazon S3 Amazon Glacier AWS Storage Gateway File Block Object Hybrid integrated storage Amazon S3 Amazon Glacier Amazon EBS Amazon EFS Durable
More informationEnroll Now to Take online Course Contact: Demo video By Chandra sir
Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationPuppet on the AWS Cloud
Puppet on the AWS Cloud Quick Start Reference Deployment AWS Quick Start Reference Team March 2016 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/puppet/. Contents
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationHackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm
whitepaper Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm When your company s infrastructure was built on the model of a traditional on-premise data center, security was pretty
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationAspirin as a Service: Using the Cloud to Cure Security Headaches
SESSION ID: CSV-T10 Aspirin as a Service: Using the Cloud to Cure Security Headaches Bill Shinn Principle Security Solutions Architect Amazon Web Services Rich Mogull CEO Securosis @rmogull Little. Cloudy.
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationSecurity by Design Running Compliant workloads in AWS
Security by Design Running Compliant workloads in 2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent
More informationMagento Commerce Architecture and Security Model Last updated: Aug 2017
Magento Commerce Architecture and Security Model Last updated: Aug 2017 Architecture The Magento Commerce architecture is designed to provide a highly secure environment. Each customer is deployed into
More informationAutomating Elasticity. March 2018
Automating Elasticity March 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS s current product
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationStandardized Architecture for PCI DSS on the AWS Cloud
AWS Enterprise Accelerator Compliance Standardized Architecture for PCI DSS on the AWS Cloud Quick Start Reference Deployment AWS Professional Services AWS Quick Start Reference Team May 2016 (last update:
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About Customer... 3 Use Case Description... 3 Technical Stack... 3 AWS Solution... 4 Security... 4 Benefits... 5 Scope This document provides a detailed use case study on Hosting GSP
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More informationWEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM
SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud
More informationAWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
1) A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI.
More informationTECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA
TECHNICAL WORKBOOK PCI Compliance in the AWS Cloud Report Date: October 17, 2016 Authors: Adam Gaydosh, QSA Jordan Wiseman, QSA A NITIAN COPYRIGHT Copyright 2016 by Anitian Corporation All rights reserved.
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationCASE STUDY Application Migration and optimization on AWS
CASE STUDY Application Migration and optimization on AWS Newt Global Consulting LLC. AMERICAS INDIA HQ Address: www.newtglobal.com/contactus 2018 Newt Global Consulting. All rights reserved. Referred products/
More informationMicroservices on AWS. Matthias Jung, Solutions Architect AWS
Microservices on AWS Matthias Jung, Solutions Architect AWS Agenda What are Microservices? Why Microservices? Challenges of Microservices Microservices on AWS What are Microservices? What are Microservices?
More informationPROTECT YOUR DATA FROM MALWARE AND ENSURE BUSINESS CONTINUITY ON THE CLOUD WITH NAVLINK MANAGED AMAZON WEB SERVICES MANAGED AWS
PROTECT YOUR DATA FROM MALWARE AND ENSURE BUSINESS CONTINUITY ON THE CLOUD WITH NAVLINK MANAGED AMAZON WEB SERVICES MANAGED AWS Improved performance Faster go-to-market Better security In today s disruptive
More informationForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3
ForeScout CounterACT Hybrid Cloud Module: Amazon Web Services (AWS) Plugin Version 1.3 Table of Contents Amazon Web Services Plugin Overview... 4 Use Cases... 5 Providing Consolidated Visibility... 5 Dynamic
More informationSecurely Access Services Over AWS PrivateLink. January 2019
Securely Access Services Over AWS PrivateLink January 2019 Notices This document is provided for informational purposes only. It represents AWS s current product offerings and practices as of the date
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationStandardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security
AWS Enterprise Accelerator Compliance Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security Quick Start Reference Deployment AWS Professional Services
More informationAmazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.
Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect Amazon.com, Inc. and its affiliates. All rights reserved. Learning about Cloud Computing with AWS What is Cloud Computing and
More informationSignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer
SignalFx Platform: Security and Compliance MARZENA FULLER Chief Security Officer SignalFx Platform: Security and Compliance INTRODUCTION COMPLIANCE PROGRAM GENERAL DATA PROTECTION DATA SECURITY Data types
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationCloud Services. Introduction
Introduction adi Digital have developed a resilient, secure, flexible, high availability Software as a Service (SaaS) cloud platform. This Platform provides a simple to use, cost effective and convenient
More informationPass4test Certification IT garanti, The Easy Way!
Pass4test Certification IT garanti, The Easy Way! http://www.pass4test.fr Service de mise à jour gratuit pendant un an Exam : SOA-C01 Title : AWS Certified SysOps Administrator - Associate Vendor : Amazon
More information