Add Intelligence to Applications - AIM203 - Anaheim AWS Summit
Seu SlideShare está sendo baixado.
×
Confira estes a seguir
Recomendadas
Mais Conteúdo rRelacionado
Diapositivos para si (20)
Semelhante a Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Clara AWS Summit (20)
Mais de Amazon Web Services (20)
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Clara AWS Summit
- 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Find all the threats: AWS threat detection and mitigation Roger Cheeks Solutions architect, security specialized Amazon Web Services S E C 3 0 2 Brandon Baxter Solutions architect, security specialized Amazon Web Services
- 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Source: 2018 Data Breach Investigation Report, Verizon, 11th edition 2018 Data breach patterns
- 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection and response Introduction
- 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why is threat detection so hard? Skills shortageSignal to noiseLarge datasets
- 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity & Access Management (IAM) AWS Single Sign-On AWS Directory Service Amazon Cognito AWS Organizations AWS Secrets Manager AWS Resource Access Manager AWS Security Hub Amazon GuardDuty AWS Config AWS CloudTrail Amazon CloudWatch VPC Flow Logs AWS Systems Manager AWS Shield AWS WAF – Web application firewall AWS Firewall Manager Amazon Inspector Amazon VPC AWS KMS AWS CloudHSM AWS Certificate Manager Amazon Macie Server-side encryption AWS Config rules AWS Lambda AWS Systems Manager Identity Detect Infrastructure protection Respond Data protection Deep set of security tools
- 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS threat detection services
- 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Log data inputs DNS logs Track user activity and API usage IP traffic to and from network interfaces in a VPC Monitor apps using log data, store, and access log files Log of DNS queries in a VPC when using the VPC DNS resolver AWS CloudTrail Flow logs Amazon CloudWatch
- 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Machine learning Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads Machine learning-powered security service to discover, classify, and protect sensitive data Amazon GuardDuty Amazon Macie
- 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: AWS Security Hub—in preview • Comprehensive view of your security and compliance state within AWS • Aggregates security findings generated by other AWS security services and partners • Analyze security trends and identify the highest-priority security issues Amazon Inspector Amazon GuardDuty Amazon Macie AWS Security Hub Security findings providers Findings Insights & Standards Other AWS Config Partner solutions
- 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Amazon GuardDuty
- 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Evocations and triggers Continuously tracks your resource configuration changes and if they violate any of the conditions in your rules Delivers a near-real time stream of system events that describe changes in AWS resources Amazon CloudWatch Events AWS Config
- 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Stages Reconnaissance Establish foothold Escalate privileges Internal reconnaissance Maintain persistence
- 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Attacker actions RDP brute force RAT installed Exfiltrate data over DNS Probe API with temp creds Attempt to compromise account
- 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Amazon GuardDuty findings RDP brute force RAT Installed Exfiltrate data over DNS Probe API with temp creds Attempt to compromise account Malicious or suspicious IP Unusual ports DNS exfiltration Unusual traffic volume Connect to blacklisted site Recon:EC2/PortProbeUnprotectedPort Anonymizing proxy Temp credentials used off-instance Unusual ISP caller Bitcoin activity Unusual instance launch
- 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Respond
- 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Amazon CloudWatch Events Amazon GuardDuty findings AWS Lambda function Partner solutions Automated response Anything else Amazon CloudWatch Events
- 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Services AWS Systems Manager AWS Lambda Amazon Inspector Run code for virtually any kind of application or backend service – zero administration Gain operational insights and take action on AWS resources Automate security assessments of Amazon EC2 instances
- 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: High-level playbook Adversary or intern Your environment Lambda function CloudWatch Events
- 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Detailed playbook Amazon CloudWatch Events AWS CloudTrail AWS Config Lambda function AWS APIs Detect Investigate Respond Team collaboration (Slack, etc.) Amazon GuardDuty VPC Flow Logs Amazon Inspector Amazon Macie AWS Security Hub
- 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Workshop walk-through https://scaling-threat-detection.awssecworkshops.com/
- 21. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 22. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
