SlideShare uma empresa Scribd logo

Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Clara AWS Summit

Amazon Web Services
Amazon Web Services

In this chalk talk, we cover a number of AWS services involved with threat detection and mitigation, and we walk through some real-world threat scenarios. We discuss the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, Amazon VPC Flow Logs, Amazon CloudWatch Events, Amazon SNS, Amazon Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector and, of course, Amazon GuardDuty. Come with your questions on threat detection on AWS.

1 de 22
Baixar para ler offline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Find all the threats: AWS threat detection and mitigation Roger Cheeks Solutions architect, security specialized Amazon Web Services S E C 3 0 2 Brandon Baxter Solutions architect, security specialized Amazon Web Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Source: 2018 Data Breach Investigation Report, Verizon, 11th edition 2018 Data breach patterns
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection and response Introduction
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why is threat detection so hard? Skills shortageSignal to noiseLarge datasets
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity & Access Management (IAM) AWS Single Sign-On AWS Directory Service Amazon Cognito AWS Organizations AWS Secrets Manager AWS Resource Access Manager AWS Security Hub Amazon GuardDuty AWS Config AWS CloudTrail Amazon CloudWatch VPC Flow Logs AWS Systems Manager AWS Shield AWS WAF – Web application firewall AWS Firewall Manager Amazon Inspector Amazon VPC AWS KMS AWS CloudHSM AWS Certificate Manager Amazon Macie Server-side encryption AWS Config rules AWS Lambda AWS Systems Manager Identity Detect Infrastructure protection Respond Data protection Deep set of security tools
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS threat detection services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Log data inputs DNS logs Track user activity and API usage IP traffic to and from network interfaces in a VPC Monitor apps using log data, store, and access log files Log of DNS queries in a VPC when using the VPC DNS resolver AWS CloudTrail Flow logs Amazon CloudWatch
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Machine learning Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads Machine learning-powered security service to discover, classify, and protect sensitive data Amazon GuardDuty Amazon Macie
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: AWS Security Hub—in preview • Comprehensive view of your security and compliance state within AWS • Aggregates security findings generated by other AWS security services and partners • Analyze security trends and identify the highest-priority security issues Amazon Inspector Amazon GuardDuty Amazon Macie AWS Security Hub Security findings providers Findings Insights & Standards Other AWS Config Partner solutions
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Amazon GuardDuty
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Evocations and triggers Continuously tracks your resource configuration changes and if they violate any of the conditions in your rules Delivers a near-real time stream of system events that describe changes in AWS resources Amazon CloudWatch Events AWS Config
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Stages Reconnaissance Establish foothold Escalate privileges Internal reconnaissance Maintain persistence
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Attacker actions RDP brute force RAT installed Exfiltrate data over DNS Probe API with temp creds Attempt to compromise account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Amazon GuardDuty findings RDP brute force RAT Installed Exfiltrate data over DNS Probe API with temp creds Attempt to compromise account Malicious or suspicious IP Unusual ports DNS exfiltration Unusual traffic volume Connect to blacklisted site Recon:EC2/PortProbeUnprotectedPort Anonymizing proxy Temp credentials used off-instance Unusual ISP caller Bitcoin activity Unusual instance launch
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Respond
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Amazon CloudWatch Events Amazon GuardDuty findings AWS Lambda function Partner solutions Automated response Anything else Amazon CloudWatch Events
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Services AWS Systems Manager AWS Lambda Amazon Inspector Run code for virtually any kind of application or backend service – zero administration Gain operational insights and take action on AWS resources Automate security assessments of Amazon EC2 instances
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: High-level playbook Adversary or intern Your environment Lambda function CloudWatch Events
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Detailed playbook Amazon CloudWatch Events AWS CloudTrail AWS Config Lambda function AWS APIs Detect Investigate Respond Team collaboration (Slack, etc.) Amazon GuardDuty VPC Flow Logs Amazon Inspector Amazon Macie AWS Security Hub
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Workshop walk-through https://scaling-threat-detection.awssecworkshops.com/
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recomendados

Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfPerforming real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Building IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitBuilding IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitAmazon Web Services
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitAmazon Web Services
 
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Amazon Web Services
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Amazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 

Recomendados

Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfPerforming real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Building IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitBuilding IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitAmazon Web Services
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitAmazon Web Services
 
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Amazon Web Services
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Amazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 
Add Intelligence to Applications - AIM203 - Anaheim AWS Summit
Add Intelligence to Applications - AIM203 - Anaheim AWS SummitAdd Intelligence to Applications - AIM203 - Anaheim AWS Summit
Add Intelligence to Applications - AIM203 - Anaheim AWS SummitAmazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Amazon Web Services
 
Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Amazon Web Services
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon Web Services
 
Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWSAmazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Amazon Web Services
 
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Amazon Web Services
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...Amazon Web Services
 
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...Amazon Web Services
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudAmazon Web Services
 
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 

Mais conteúdo relacionado

Mais procurados

Add Intelligence to Applications - AIM203 - Anaheim AWS Summit
Add Intelligence to Applications - AIM203 - Anaheim AWS SummitAdd Intelligence to Applications - AIM203 - Anaheim AWS Summit
Add Intelligence to Applications - AIM203 - Anaheim AWS SummitAmazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Amazon Web Services
 
Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Amazon Web Services
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon Web Services
 
Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWSAmazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Amazon Web Services
 
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Amazon Web Services
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...Amazon Web Services
 
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...Amazon Web Services
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudAmazon Web Services
 
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...Amazon Web Services
 

Mais procurados (20)

Add Intelligence to Applications - AIM203 - Anaheim AWS Summit
Add Intelligence to Applications - AIM203 - Anaheim AWS SummitAdd Intelligence to Applications - AIM203 - Anaheim AWS Summit
Add Intelligence to Applications - AIM203 - Anaheim AWS Summit
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
 
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
 
Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
 
Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWS
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...
 
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
Ambient Intelligence: Bringing ML & AI to the Connected Home - SVC302 - Anahe...
 
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
 
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
Overcoming tomorrow's operational challenges with AIOps - DEM05-R1 - Santa Cl...
 

Semelhante a Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Clara AWS Summit

Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitAmazon Web Services
 
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitDetecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitAmazon Web Services
 
Architecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentArchitecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentAmazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the CloudAmazon Web Services
 
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSSecurity & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSAmazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Amazon Web Services
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 
Secure and Automate AWS Deployments with Next Generation Security
Secure and Automate AWS Deployments with Next Generation SecuritySecure and Automate AWS Deployments with Next Generation Security
Secure and Automate AWS Deployments with Next Generation SecurityAmazon Web Services
 

Semelhante a Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Clara AWS Summit (20)

Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWS
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS Summit
 
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitDetecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
 
Architecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentArchitecting security & governance across your AWS environment
Architecting security & governance across your AWS environment
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the Cloud
 
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSSecurity & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS
 
Secure and Automate AWS Deployments with Next Generation Security
Secure and Automate AWS Deployments with Next Generation SecuritySecure and Automate AWS Deployments with Next Generation Security
Secure and Automate AWS Deployments with Next Generation Security
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Clara AWS Summit

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Find all the threats: AWS threat detection and mitigation Roger Cheeks Solutions architect, security specialized Amazon Web Services S E C 3 0 2 Brandon Baxter Solutions architect, security specialized Amazon Web Services
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Source: 2018 Data Breach Investigation Report, Verizon, 11th edition 2018 Data breach patterns
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection and response Introduction
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why is threat detection so hard? Skills shortageSignal to noiseLarge datasets
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity & Access Management (IAM) AWS Single Sign-On AWS Directory Service Amazon Cognito AWS Organizations AWS Secrets Manager AWS Resource Access Manager AWS Security Hub Amazon GuardDuty AWS Config AWS CloudTrail Amazon CloudWatch VPC Flow Logs AWS Systems Manager AWS Shield AWS WAF – Web application firewall AWS Firewall Manager Amazon Inspector Amazon VPC AWS KMS AWS CloudHSM AWS Certificate Manager Amazon Macie Server-side encryption AWS Config rules AWS Lambda AWS Systems Manager Identity Detect Infrastructure protection Respond Data protection Deep set of security tools
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS threat detection services
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Log data inputs DNS logs Track user activity and API usage IP traffic to and from network interfaces in a VPC Monitor apps using log data, store, and access log files Log of DNS queries in a VPC when using the VPC DNS resolver AWS CloudTrail Flow logs Amazon CloudWatch
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Machine learning Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads Machine learning-powered security service to discover, classify, and protect sensitive data Amazon GuardDuty Amazon Macie
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: AWS Security Hub—in preview • Comprehensive view of your security and compliance state within AWS • Aggregates security findings generated by other AWS security services and partners • Analyze security trends and identify the highest-priority security issues Amazon Inspector Amazon GuardDuty Amazon Macie AWS Security Hub Security findings providers Findings Insights & Standards Other AWS Config Partner solutions
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Amazon GuardDuty
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat detection: Evocations and triggers Continuously tracks your resource configuration changes and if they violate any of the conditions in your rules Delivers a near-real time stream of system events that describe changes in AWS resources Amazon CloudWatch Events AWS Config
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Stages Reconnaissance Establish foothold Escalate privileges Internal reconnaissance Maintain persistence
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Attacker actions RDP brute force RAT installed Exfiltrate data over DNS Probe API with temp creds Attempt to compromise account
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Attacker lifecycle: Amazon GuardDuty findings RDP brute force RAT Installed Exfiltrate data over DNS Probe API with temp creds Attempt to compromise account Malicious or suspicious IP Unusual ports DNS exfiltration Unusual traffic volume Connect to blacklisted site Recon:EC2/PortProbeUnprotectedPort Anonymizing proxy Temp credentials used off-instance Unusual ISP caller Bitcoin activity Unusual instance launch
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Respond
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Amazon CloudWatch Events Amazon GuardDuty findings AWS Lambda function Partner solutions Automated response Anything else Amazon CloudWatch Events
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Services AWS Systems Manager AWS Lambda Amazon Inspector Run code for virtually any kind of application or backend service – zero administration Gain operational insights and take action on AWS resources Automate security assessments of Amazon EC2 instances
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: High-level playbook Adversary or intern Your environment Lambda function CloudWatch Events
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Threat response: Detailed playbook Amazon CloudWatch Events AWS CloudTrail AWS Config Lambda function AWS APIs Detect Investigate Respond Team collaboration (Slack, etc.) Amazon GuardDuty VPC Flow Logs Amazon Inspector Amazon Macie AWS Security Hub
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Workshop walk-through https://scaling-threat-detection.awssecworkshops.com/
  • 21. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.