Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018

•

7 gostaram•3,138 visualizações

Automating Incident Response and Forensics in AWS Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session focuses on automating your cloud incident response processes covering external and insider threats, triggers, canaries, containment, and data loss prevention. Ben Potter, Security Lead for Well-Architected, Amazon Web Services

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ben Potter
Security Lead, Well-Architected, Amazon Web Services
Deenadayaalan Thirugnanasambandam
Cloud Architect, Amazon Web Services
Automating Incident Response
And Forensics In AWS

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What To Expect
Where to Start
The Insider
The Instance
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Meet Bob

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bob
Responsibilities:
• Security lead for DevOps team
• Identify security issues
• First level response
• Prevention

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bob’s Interesting Experiences
1st IAM denied attempts
2nd Instance compromised
Going to talk about !

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Where To Start
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
NIST 800-61 Computer Security Incident
Handling Guide
Preparation
Detection &
Analysis
Containment,
Eradication,
and Recovery
Post-Incident
Activity
http://bit.ly/2pGqOs6
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
I’ve used these
https://aws.amazon.com/security/
http://aws.amazon.com/well-architected/
http://bit.ly/2pFqBW4
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
I’ve used these
http://bit.ly/2ITNuxF
https://www.sleuthkit.org/
http://bit.ly/2G6oZPY
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
All Code From Session
https://github.com/awslabs/aws-security-automation
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected
• Design Principles
• Implement a strong identity foundation
• Enable traceability
• Apply security at all layers
• Automate security best practices
• Protect data in transit and at rest
• Prepare for security events
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Honeypot Or Indicators?
Honeypot is a deliberately misconfigured system
Indicators:
• Denies in AWS CloudTrail
• Denies to access Amazon S3 buckets
• Denies in Amazon VPC Flowlogs
• Abnormal behaviour
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
This Is What I Put In Place
• Enabled logging and security services
• AWS CloudTrail
• Amazon GuardDuty
• AWS Config
• Amazon VPC Flow Logs
• App & System Logs in Amazon CloudWatch Logs
• Started with most likely scenarios
?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Insider

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How I’m Going To Detect Trudy
• Notified on access denied attempt
• Who attempted from where?
• What user / role was denied?
• History of the user / role?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Access Denied Responder
Lambda:
Publish
Access
Denied
Topic:
Access
Denied
Lambda:
Publish User
Trails
Topic:
Security
Message
Lambda:
Publish IAM
User History
Slack
CloudWatch
Event
AWS
CloudTrail
Lambda:
Publish
Slack
Lambda:
Publish
Chime
Amazon
Chime

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Alert!

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Demo

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What I Learnt
• Automation is AWSome
• It saved me a lot of time
• IAM users should assume IAM roles with MFA enforced
• How can we improve?
• P4wned ex-employee Trudy … LOL

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Instance

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EC2 Auto Clean Room Forensics
Topic:
Instance ID
Step Function:
Incident Response
Instance
Isolate
Instance SG2:
Remove
Auto Scaling
(+logic)
Snapshot
Volumes
Record
Metadata
Apply
Tags1: Notify
CloudFormation:
Clean Room
Create
Cleanroom3:
Run Basic
Forensics4:
Generate
Report5: Topic:
Forensics Report
Slack
Topic:
Instance
Incident
Verify
Instance

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Oh No

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank You!

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What We Achieved
• No human interaction needed for isolation & investigation
• I was automatically given basic forensic info
• I have a mechanism to compare
• A security system didn’t break anything
And then?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lessons I (Bob) Learnt
• Incidents are always badly timed
• Security incidents can cause long term damage
• Prepare for an incident before it’s too late
• Practice through game days

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Always Stay Up To Date
Keep an eye on the security blog…
http://blogs.aws.amazon.com/security

Mais conteúdo relacionado

Mais procurados

Presented at Mountain View Cloud Native Computing Meetup Group on 5/14/2020. As you build new services across distributed applications, you need to think more about how these services communicate. In moving to event-driven mode, there are numerous factors to consider, including: • How to scale without upstream services becoming a blocker • How to manage event routing to downstream destinations • How to detect new events • Choosing between a notification pattern and a state transfer pattern In this session, James will discuss how to think about which strategy is right for your application and how to build a fully event-driven application.

Building Event-driven Architectures with Amazon EventBridge

James Beswick

Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale. Level: 100 Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS

Identity and Access Management: The First Step in AWS Security

Amazon Web Services

Cloud Security Demystified

Michael Torres

AWS Cloud Security & Compliance Basics Webinar

Amazon Web Services

As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security.

Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019

Amazon Web Services

In this workshop, we present best practices for establishing an AWS Landing Zone. We provide a demonstration of the automated AWS Landing Zone solution, and we show you how it builds a multi-account architecture that is enterprise-ready for application deployment and compliant with common operations, security, and procurement processes. You have the opportunity to modify the code for custom deployments. Leave the workshop with an understanding of the mechanism to update the AWS Landing Zone using a CI/CD pipeline, how to create new AWS accounts using the built-in account vending machine, and how the AWS Landing Zone solution components integrate to provide a secure, scalable starting environment for your cloud journey. We encourage you to attend the full AWS Landing Zone track. Search for #awslandingzone in the session catalog.

Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...

Amazon Web Services

Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.

AWS PrivateLink Fundamentals

Amazon Web Services

AWS Security Best Practices

Amazon Web Services

IAM Best Practices

Amazon Web Services

Amazon S3 & Amazon Glacier - Object Storage Overview

Amazon Web Services

Application architectures have become more distributed, heterogeneous, and reliant on supporting infrastructure tiers. In 2018, we are seeing customers beginning to realize they need to expand their application performance monitoring (APM) capabilities to provide visibility of these supporting IT infrastructure components. Application managers and IT teams are realizing that they need contextual visibility into how an infrastructure problem affects application performance, and seek APM solutions that can cross-correlate code-level and transaction-level performance with the health of the supporting physical, virtual, container and cloud infrastructures. Watch this on-demand webinar and learn why this cross-correlation is so important and what's required to achieve it: • Why monitoring applications in isolation will not be enough to monitor digital business service performance • What's required for the enterprise to achieve total performance visibility • How you can build an incremental plan for achieving transparency in digital service performance monitoring

Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...

eG Innovations

Introducing AWS DeepRacer: David Smith

AWSCOMSUM

Auto Scaling on AWS

AustinWebArch

Cloud promises a simple pay-as-you-go approach to technology, with cost-savings at the top of the list. As more enterprises adopt the cloud, cost continues to be a major issue with new pricing models, services and features that introduce waste and complexity into the decision-making process. In this webinar, you’ll learn expert strategies that will amplify your cloud performance and maximize your ROI with a level of intricacy that can’t be solved using manual process – tools and expertise are needed.

Cloud Optimization: Filling in the Gaps

2nd Watch

Aws VPC

Abhishek Amralkar

HigherEducation-Cloud Operating Model and Approach Forward.pdf

Amazon Web Services

This AWS Security Checklist webinar will help you and your auditors assess the security of your AWS environment in accordance with industry or regulatory standards. This security focused checklist builds on recently revised Operational Checklists for AWS, which helps you evaluate your applications against a list of best practices before deployment. Learning Objectives: * Evaluate the ability of AWS services to meet information security objectives and ensure future deployments within the AWS cloud are done in a secure and compliant way * Assess your existing organisational use of AWS and to ensure it meets security best practices * Develop AWS usage policies or validate that existing policies are being followed

AWS Security Checklist

Amazon Web Services

The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption.

The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019

Amazon Web Services

Our Cost Optimisation Best Practices webinar helps you learn how AWS can help you realise value and save costs using the many tools and best practice methods available to you. This webinar consisted of information to assist with establishing cost visibility, demonstrating optimisation levers and tools, providing strategic optimisation mechanisms, and showing you different avenues of support. Joining us at this webinar was veteran of AWS Cost and Security specialist, Paul Wakeford, who represented Fairfax Media and shared their story. This was part of the AWS Webinar Series in Australia & New Zealand, presented in September 2018 by Jon Janes.

AWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies

Amazon Web Services

Deep Dive on AWS Single Sign-On - AWS Online Tech Talks

Amazon Web Services

Mais procurados (20)

Building Event-driven Architectures with Amazon EventBridge

Identity and Access Management: The First Step in AWS Security

Cloud Security Demystified

AWS Cloud Security & Compliance Basics Webinar

Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019

Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...

AWS PrivateLink Fundamentals

AWS Security Best Practices

IAM Best Practices

Amazon S3 & Amazon Glacier - Object Storage Overview

Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...

Introducing AWS DeepRacer: David Smith

Auto Scaling on AWS

Cloud Optimization: Filling in the Gaps

Aws VPC

HigherEducation-Cloud Operating Model and Approach Forward.pdf

AWS Security Checklist

The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019

AWS Webinar Series - Cost Optimisation Levers, Tools, and Strategies

Deep Dive on AWS Single Sign-On - AWS Online Tech Talks

Semelhante a Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018

Automating Incident Response and Forensics in AWS

Amazon Web Services

Come discover the latest and greatest tricks for automating your incident response and forensics in the cloud. This session focuses on automating your cloud incident response processes covering external and insider threats, triggers, canaries, containment, and data loss prevention. We'll demo how to perform basic disk based forensics on an EC2 instance using open source projects. Speaker: Ben Potter, Well-Architected Security Lead, AWS

Automating Incident Response and Forensics in AWS

Amazon Web Services

Automating Incident Response and Forensics

Amazon Web Services

Learn about the threat detection capabilities of Amazon GuardDuty and the available remediation options by walking through some real-world threat scenarios. First, explore a scenario where an Amazon EC2 instance is compromised, then one where IAM credentials are compromised. In each scenario, we explore a method to remediate the threat. We use the following services: AWS CloudFormation, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch events, Amazon SNS, Amazon S3, AWS Lambda, and, of course, Amazon GuardDuty. Be sure you have an AWS account. This should be your own personal account and not one through your company. We provide AWS credits to help cover any costs incurred during the lab.

Amazon GuardDuty Threat Detection and Remediation

Amazon Web Services

Governments have some big cyber security problems to face. In a time where the global Cyber Crime market hit an estimated $600 Billion and gets its own “As A Service Category,” public sector agencies must find mechanisms to improve their security posture and fill the serious shortage in cyber professionals. Using guidance from the NIST Cyber Security Framework (CSF), applying principles from the Cyber Kill Chain Framework and leveraging the power and innovation of Serverless technologies, AWS demonstrates the art of the possible in Serverless Cyber Defense. AWS Serverless technologies help fill the gaps in the skilled cyber professionals able to fight the daily cyber battle. Using intelligent automation of threat management data allows customers to design architectures that are low touch, eliminate CAPEX and can reduce operations and maintenance costs.

Serverless Cyber Ops for Government

Amazon Web Services

This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future. Speaker: Michael Wasielewski - Sr. Solutions Architect

Threat Detection & Remediation Workshop

Amazon Web Services

A Case Study on Insider Threat Detection

Amazon Web Services

In previous years, we introduced and explored AWS-oriented intrusion detection and incident response. We also presented a variety of related idea-to-code demonstrations, from automating penetration testing using IoT buttons to force-multiplying your security team with Alexa. We are back with new tips, tricks, and demos that you will love, of course, but this time, you will learn about turning off your pager and getting a full night's sleep while the machines do all your incident response work.

AWS Security in Your Sleep: Build End-to-End Automation for IR Workflows (SEC...

Amazon Web Services

by Greg McConnel, Sr. Security Solutions Architect, AWS This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future.

Threat Detection & Remediation Workshop - Module 4

Amazon Web Services

Join us for this hands-on workshop where you learn about a number of AWS services involved with threat detection and remediation as we walk through some real-world threat scenarios. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each hands-on scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch Events, Amazon SNS, Amazon Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector and, of course, Amazon GuardDuty.

Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...

Amazon Web Services

Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit

Amazon Web Services

Come Out From Behind Your Firewall

Amazon Web Services

Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.

How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...

Amazon Web Services

In this session, we dive deep into the actual code behind various security automation and remediation functions. We demonstrate each script, describe the use cases, and perform a code review explaining the various challenges and solutions. All use cases are based on customer and C-level feedback and challenges. We look at things like IAM policy scope reduction, alert and ticket integration for security events, forensics and research on AWS resources, secure pipelines, and more. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Five New Security Automations Using AWS Security Services & Open Source (SEC4...

Amazon Web Services

A Case Study on Insider Threat Detection

Amazon Web Services

Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit

Amazon Web Services

In this session, we provide an overview of how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that can be used to detect and remediate threats to AWS. Finally, we conclude with examples of threat detection and remediation on AWS and an provide an opportunity for key service demos.

SID301 Threat Detection and Mitigation

Amazon Web Services

This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future. Level: 200 Speaker: Sean Leviseur - Security Architect, AWS Professional Services

Threat Detection and Remediation Workshop

Amazon Web Services

Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit

Amazon Web Services

Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...

Amazon Web Services

Semelhante a Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018 (20)

Automating Incident Response and Forensics in AWS

Automating Incident Response and Forensics

Amazon GuardDuty Threat Detection and Remediation

Serverless Cyber Ops for Government

Threat Detection & Remediation Workshop

A Case Study on Insider Threat Detection

AWS Security in Your Sleep: Build End-to-End Automation for IR Workflows (SEC...

Threat Detection & Remediation Workshop - Module 4

Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...

Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit

Come Out From Behind Your Firewall

How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...

Five New Security Automations Using AWS Security Services & Open Source (SEC4...

A Case Study on Insider Threat Detection

Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit

SID301 Threat Detection and Mitigation

Threat Detection and Remediation Workshop

Threat Detection and Mitigation at Scale on AWS - SID301 - Chicago AWS Summit

Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...

Mais de Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ben Potter Security Lead, Well-Architected, Amazon Web Services Deenadayaalan Thirugnanasambandam Cloud Architect, Amazon Web Services Automating Incident Response And Forensics In AWS

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. NIST 800-61 Computer Security Incident Handling Guide Preparation Detection & Analysis Containment, Eradication, and Recovery Post-Incident Activity http://bit.ly/2pGqOs6 ?

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Well-Architected • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Prepare for security events ?

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Honeypot Or Indicators? Honeypot is a deliberately misconfigured system Indicators: • Denies in AWS CloudTrail • Denies to access Amazon S3 buckets • Denies in Amazon VPC Flowlogs • Abnormal behaviour ?

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. This Is What I Put In Place • Enabled logging and security services • AWS CloudTrail • Amazon GuardDuty • AWS Config • Amazon VPC Flow Logs • App & System Logs in Amazon CloudWatch Logs • Started with most likely scenarios ?

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How I’m Going To Detect Trudy • Notified on access denied attempt • Who attempted from where? • What user / role was denied? • History of the user / role?

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Access Denied Responder Lambda: Publish Access Denied Topic: Access Denied Lambda: Publish User Trails Topic: Security Message Lambda: Publish IAM User History Slack CloudWatch Event AWS CloudTrail Lambda: Publish Slack Lambda: Publish Chime Amazon Chime

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What I Learnt • Automation is AWSome • It saved me a lot of time • IAM users should assume IAM roles with MFA enforced • How can we improve? • P4wned ex-employee Trudy … LOL

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. EC2 Auto Clean Room Forensics Topic: Instance ID Step Function: Incident Response Instance Isolate Instance SG2: Remove Auto Scaling (+logic) Snapshot Volumes Record Metadata Apply Tags1: Notify CloudFormation: Clean Room Create Cleanroom3: Run Basic Forensics4: Generate Report5: Topic: Forensics Report Slack Topic: Instance Incident Verify Instance

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What We Achieved • No human interaction needed for isolation & investigation • I was automatically given basic forensic info • I have a mechanism to compare • A security system didn’t break anything And then?

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lessons I (Bob) Learnt • Incidents are always badly timed • Security incidents can cause long term damage • Prepare for an incident before it’s too late • Practice through game days

Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018

Semelhante a Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018 (20)

Mais de Amazon Web Services

Mais de Amazon Web Services (20)

Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018