Additional Security Services on AWS

Similar documents
Advanced Techniques for DDoS Mitigation and Web Application Defense

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

haltdos - Web Application Firewall

Getting started with AWS security

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

Who done it: Gaining visibility and accountability in the cloud

Getting started with AWS security

Title: Planning AWS Platform Security Assessment?

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Getting Started with AWS Security

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Securing Microservices Containerized Security in AWS

Amazon Web Services Training. Training Topics:

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Certificate of Registration

Training on Amazon AWS Cloud Computing. Course Content

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Cloud Security Strategy - Adapt to Changes with Security Automation -

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

CogniFit Technical Security Details

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

Hackproof Your Cloud Responding to 2016 Threats

Streamline AWS Security Incidents

Amazon Web Services (AWS) Training Course Content

AWS Solution Architect Associate

LINUX, WINDOWS(MCSE),

Minfy MS Workloads Use Case

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Imperva Incapsula Product Overview

Accelerating your Business with Security

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Understanding Perimeter Security

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Network Security & Access Control in AWS

NGF0502 AWS Student Slides

About Intellipaat. About the Course. Why Take This Course?

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Amazon GuardDuty. Amazon Guard Duty User Guide

Cloud Computing /AWS Course Content

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Incident Response and Forensics in your Pyjamas

Introduction to Cloud Computing

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

A10 HARMONY CONTROLLER

#AWSSummit. Démarrer sur AWS. L élasticité et les outils de gestions

AWS Well Architected Framework

Elastic Load Balancing

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Sucuri Technical Overview

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

DDoS Detection&Mitigation: Radware Solution

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

OptiSol FinTech Platforms

Minfy MS Workloads Use Case

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

SIEMLESS THREAT DETECTION FOR AWS

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

PwC China and Hong Kong Cloud Security Enablement Services

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Simple Security for Startups. Mark Bate, AWS Solutions Architect

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Magento Commerce Architecture and Security Model Last updated: Aug 2017

SignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer

Amazon Search Services. Christoph Schmitter

Securing Your Amazon Web Services Virtual Networks

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

AWS 101. Patrick Pierson, IonChannel

Imperva Incapsula Website Security

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

AWS Data Security Security Update

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Splunk & Amazon Web Services

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Pass4test Certification IT garanti, The Easy Way!

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

AKAMAI CLOUD SECURITY SOLUTIONS

Mid-Atlantic CIO Forum

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

CYBER SECURITY WHITEPAPER

INTRO TO AWS: SECURITY

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

High School Technology Services myhsts.org Certification Courses

Transcription:

Additional Security Services on AWS Bertram Dorn Specialized Solutions Architect Security / Compliance / DataProtection AWS EMEA

The Landscape

The Paths Application Data Path Path Cloud Managed by Customer Command Path

Services Command Path Guard Duty AWS KMS EBS S3 SQS Work* SSM AWS CloudTrail Amazon ES Amazon Macie AWS Config AWS Organizations IAM Amazon CloudWatch flow logs

Services Data Path virtual private cloud AWS WAF AWS Certificate Manager Internet gateway AWS CloudHSM VPN gateway Amazon CloudFront Amazon Route 53 AWS Shield Amazon API Gateway Amazon EC2 Systems Manager AWS Lambda customer gateway AWS Direct Connect Elastic Load Balancing* Amazon Inspector VPC peering

Four Pillars of our approach to Protection AWS Integration DDoS protection without infrastructure changes Always-On Detection and Mitigation Minimize impact on application latency Affordable Don t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications

Guard Duty

Find the Needle, Skip the Haystack GuardDuty helps security professionals quickly find the threats (needle) to their environments in the sea of log data (haystack) so they can focus on hardening their AWS environments and responding quickly to malicious or suspicious behavior. Amazon GuardDuty: All Signal, No Noise

GuardDuty Data Sources VPC Flow Logs DNS Logs CloudTrail Events VPC flow logs DNS Logs CloudTrail Events Flow Logs for VPCs Do Not Need to Be Turned On to Generate Findings, data is consumed through independent duplicate stream. Suggested Turning On VPC Flow Logs to Augment Data Analysis (charges apply). DNS Logs are based on queries made from EC2 instances to known questionable domains. DNS Logs are in addition to Route 53 query logs. Route 53 is not required for GuardDuty to generate DNS based findings. CloudTrail history of AWS API calls used to access the Management Console, SDKs, CLI, etc. presented by GuardDuty. Identification of user and account activity including source IP address used to make the calls. Capture and save all event data via CWE or API Call for long term retention. Additional charges apply.

GuardDuty Findings: Threat Purpose Details Describes the primary purpose of the threat. Available at launch, more coming! Backdoor: resource compromised and capable of contacting source home Behavior: activity that differs from established baseline Crypto Currency: detected software associated with Crypto currencies Pentest: activity detected similar to that generated by known pen testing tools Recon: attack scoping vulnerabilities by probing ports, listening, database tables, etc. Stealth: attack trying to hide actions / tracks Trojan: program detected carrying out suspicious activity Unauthorized Access: suspicious activity / pattern by unauthorized user

GuardDuty Demo

Macies

Macie Overview Understand Your Data Natural Language Processing (NLP) Understand Data Access Predictive User Behavior Analytics (UBA)

Macie User Behavior Analytics We use behavioral analytics to baseline normal behavior patterns. Contextualize by value of data being accessed. Goals: Go to crazy lengths to avoid false positives Features, features Compare peers Tell a narrative

Macie Content Classification PII and personal data Source code SSL certificates, private keys ios and Android app signing keys Database backups OAuth and Cloud SAAS API Keys

Macies Demo

WAF/Shield

DDoS Size Trend 1600 1400 1200 Largest DDoS Attacks (Gbps) Memcached Attacks 1000 800 Mirai Attacks 600 400 200 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

DDoS Threats and Trends AWS Shield detects and mitigates 1,000 s of DDoS Attacks Daily Source: AWS Global Threat Dashboard (Available for AWS Shield Advanced customers)

AWS Shield Standard AWS Shield Standard Layer 3/4 Protection for Everyone ü ü ü Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 SYN Floods, UDP Floods, Reflection Attacks, etc. AWS WAF Layer 7 Protection Available via AWS WAF ü Self-service & pay-as-you-go ü Flexible rule language ü Fast rule propagation

AWS Shield Advanced: Enhanced Protection Detection Mitigation Layer 7 attack detection (HTTP Floods, DNS Query Floods) Baselining and Anomaly detection Enhanced Layer 3 attack detection Granular detection thresholds (for regional services EC2/ELB only) Proprietary packet filtering stacks Suspicion-based filtering Advanced mitigations like SYN Throttling Pre-configured mitigations according to resource type Customer defined Mitigations Traffic Engineering for Large DDoS Attacks Network ACLs executed at the border for EIPs

AWS Shield Advanced: DDoS Response Team (DRT) For more sophisticated and complex attacks Pre-emptive Engagements DDoS Architecture Review Fire Drills and basic DDoS WAF rules consultation Custom mitigation templates for EIPs (EC2/NLBs) Automatically engaged for availability impacting L3/4 events Customer driven support cases through AWS Support or AWS Shield Engagement Lambda Incident triaging 24x7 Incident Response Manual traffic engineering

AWS Shield Standard & Advanced DDoS Expertise Built-in DDoS Protection for Everyone Enhanced Protection 24x7 access to DDoS Response Team (DRT) Visibility & Compliance CloudWatch Metrics Attack Diagnostics Global threat environment dashboard Economic Benefits AWS WAF at no additional cost for protected resources Cost Protection for scaling

What is AWS WAF Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning

Biggest Threats to Applications today DDoS OWASP Top 10 Bad Bots Application Layer HTTP floods Abusive users SQL injection XSS Application exploits Crawlers Content scrapers Scanners & probes

What can we do with an AWS WAF? 1. Malicious traffic blocking 2. Web traffic filtering 3. Active monitoring & tuning SQLi XSS IP Blacklists Rate based rules IP Match & Geo-IP filters Regex & String Match Size constraints Action: Allow/Block CloudWatch Metrics/Alarms Sampled Logs Count Action mode

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback