SlideShare uma empresa Scribd logo

Security Challenges and Use Cases in the Modern Application Build-and-Deploy Pipeline (ANT209-S) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

Modern application build-and-deploy workflows are creating new challenges for traditional security models. Traditional workflows need to be recast in new datasets, and new workflows need to be added to cover the expanding threat surface area. In this session, we explore the security challenges created by modern application build-and-deploy pipelines. We also discuss basic considerations for security defense, example use cases, and a customer case study to illustrate the concepts. This session is brought to you by AWS partner, Sumo Logic.

1 de 28
Baixar para ler offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Challenges and Use Cases in the Modern Application Build-and- Deploy Pipeline Dave Frampton, VP Security Solutions, Sumo Logic Olaf Stein, Sr. Security Architect, Sumo Logic Brad Segobiano, Sr. Software Engineer, Genesys A N T 2 0 9 - S
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Today’s build & deploy models provide new challenges for security ● Distributed tools ● New perimeters ● Microservices, containers, service chaining ● Fragmented, diverse context ● Lack of holistic view ● Production security data volumes ● New DevSecOps workflows
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Maintaining security insight & posture across the tool sprawl is a significant challenge
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. People & process many-to-many mappings compound the problem Cloud Chenges ● Tools and tech stacks vary by team ● Many owners and stakeholders for each process ● Dozens of AWS accounts, no standards, different owners ● Churn in accounts, tools, software, libraries ● Unpredictable scale demands QA Development IT DevOps SRE Security Operations Version control Coding Monitoring & alerting CI/CD Project mgt Config mgt Testing Pen testing Vuln scan Access control
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Four attributes of emerging solutions Current disruptions Emerging Democratization of security analytics Close the loop between DevSecOps & SOC Cloud & App Stack Integration Accelerate workflow
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Depth Code Build DeployTest dev prod
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Breadth Code Build DeployTest dev prod Corporate tools Security tools
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Risk of compromise • Risks of compromise Data leaks Loss of intellectual property Compromise of infrastructure Loss of compliance Aid further reconnaissance/attack
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Depth • Indicators of compromise Anomalous behavior by users Anomalous behavior by origin Anomalous behavior by timing Activity from known bad actors • Who & how to monitor IT Dev(Ops) SRE App security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Depth • Indicators of compromise Authentication events Privileged activity Account management events System/config changes Who & how to monitor IT Dev(Ops) SRE App security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Breadth • Indicators of compromise Correlate across all activity by origin or time Volume analysis Unusual sequences Correlate with corporate or security tools Who & how to monitor Corporate security Production security App security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate everything DevSecOps with Genesys
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Genesys platforms
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure scale •200+ Microservices •10 AWS Accounts •5 AWS Regions •Noc-less •Immutable •DevOps
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deployments per week
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 19 Genesys build pipeline + Build Base AMI Build artifactSCM
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20 Genesys build pipeline & security + AMI creation Centralized reporting Security workflow Amazon EC2 + Amazon Inspector
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21 Genesys deploy pipeline Across account orchestration tool Dev deploy Integration test Promotion Prod deploy Failed Success
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22 Genesys deploy pipeline & security Across account orchestration tool Application security audit tools Centralized reporting
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23 Genesys infrastructure security monitoring Examples •AWS “root” login attempts •Open security groups •Failed AWS login attempts •Instance age •Amazon Simple Storage Service (Amazon S3) bucket permissions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24 Genesys host security monitoring + Build Base AMI Examples ● Whoami, id, nc, nmap, tcpdump, curl, wget, yum, rpm, and others ● File transfers
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Genesys application monitoring Examples •Anomalous spikes (for example, expect “x”, alert when “y”) •Recon (directory enumeration, and so on) •Attacks (XSS, SQLi, and so on)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. E-mail notifications Also used for routine success/failure/problem e-mail notifications in the CI/CD pipeline (or other areas) ← Recent unsuccessful promotions Recent ACL changes →
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. + Application security audit tools Centralized reporting
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use cases span both old and new Cloud Chenges Coding Authentication MfA Geography Origin VPN Failed Successful Brute Force Embargoed Country Bastion Public Key Age of Creds SAML Spike First Usage Accounts/permissions/other System changes Threat Actor Locked Out Terminated New Shortlived No CR Privileged Logging Stopped Age of Creds Unlocked Disabled Enabled Never Used Used Once Permit Any SG Password Policies MfA Remote root Network traffic Enabled Service Disabled Service IAM Security Groupsusermod Audit Policy ChangeLog Cleared Bucket Permissions change EC2 Scans Undocumented Ports Long connections Data Exfiltration Denied Spikes New DestinationsLateral Movement Subnets Threat Actors
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. dframpton@sumologic.com olaf@sumologic.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recomendados

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...
Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...
Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...Amazon Web Services
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
 
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...Amazon Web Services
 
Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...
Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...
Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...Amazon Web Services
 
Accelerate Innovation and Maximize Business Value with Serverless Application...
Accelerate Innovation and Maximize Business Value with Serverless Application...Accelerate Innovation and Maximize Business Value with Serverless Application...
Accelerate Innovation and Maximize Business Value with Serverless Application...Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
 
High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...
High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...
High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...Amazon Web Services
 

Recomendados

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...
Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...
Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...Amazon Web Services
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
 
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...Amazon Web Services
 
Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...
Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...
Closing Loops and Opening Minds: How to Take Control of Systems, Big and Smal...Amazon Web Services
 
Accelerate Innovation and Maximize Business Value with Serverless Application...
Accelerate Innovation and Maximize Business Value with Serverless Application...Accelerate Innovation and Maximize Business Value with Serverless Application...
Accelerate Innovation and Maximize Business Value with Serverless Application...Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
 
High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...
High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...
High Performance Data Streaming with Amazon Kinesis: Best Practices (ANT322-R...Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Amazon Web Services
 
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...Amazon Web Services
 
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...Amazon Web Services
 
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...Amazon Web Services
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Amazon Web Services
 
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...Amazon Web Services
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessAmazon Web Services
 
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Amazon Web Services
 
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...Amazon Web Services
 
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018Amazon Web Services
 
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018Amazon Web Services
 
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Amazon Web Services
 
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Amazon Web Services
 
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...Amazon Web Services
 
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...Amazon Web Services
 
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...Amazon Web Services
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Amazon Web Services
 
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...Amazon Web Services
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessAmazon Web Services
 
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Amazon Web Services
 
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...Amazon Web Services
 
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018Amazon Web Services
 
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018Amazon Web Services
 
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Amazon Web Services
 
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...Amazon Web Services
 

Mais procurados (20)

Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
 
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
Distributed Solar Systems at EDF Renewables and AWS IoT: A Natural Fit (PUT30...
 
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
Real-Time Web Analytics with Amazon Kinesis Data Analytics (ADT401) - AWS re:...
 
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
Operationalizing Your Analysis with AWS IoT Analytics (IOT358-R1) - AWS re:In...
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
 
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
Implement a Modern Flash-to-Flash-to-Cloud Backup Environment (DEV205-S) - AW...
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with Serverless
 
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
 
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
 
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
Managing Modern Infrastructure in Enterprises (ENT227-R1) - AWS re:Invent 2018
 
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
Machine Learning Inference at the Edge (IOT322-R1) - AWS re:Invent 2018
 
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
 
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
Building IoT Analytics (IOT327-R1) - AWS re:Invent 2018
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
Driving Machine Learning and Analytics Use Cases with AWS Storage (STG302) - ...
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
 
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
Automate & Audit Cloud Governance & Compliance in Your Landing Zone (ENT315-R...
 

Semelhante a Security Challenges and Use Cases in the Modern Application Build-and-Deploy Pipeline (ANT209-S) - AWS re:Invent 2018

A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...Amazon Web Services
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018Amazon Web Services
 
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Amazon Web Services
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notesAmazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon Web Services
 
Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...
Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...
Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...Amazon Web Services
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Amazon Web Services
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSTom Laszewski
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 

Semelhante a Security Challenges and Use Cases in the Modern Application Build-and-Deploy Pipeline (ANT209-S) - AWS re:Invent 2018 (20)

A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
 
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notes
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and Remediation
 
Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...
Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...
Join HPE to Learn How to Keep Your Career Relevant and Not Be Automated out o...
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWS
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Security Challenges and Use Cases in the Modern Application Build-and-Deploy Pipeline (ANT209-S) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Challenges and Use Cases in the Modern Application Build-and- Deploy Pipeline Dave Frampton, VP Security Solutions, Sumo Logic Olaf Stein, Sr. Security Architect, Sumo Logic Brad Segobiano, Sr. Software Engineer, Genesys A N T 2 0 9 - S
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Today’s build & deploy models provide new challenges for security ● Distributed tools ● New perimeters ● Microservices, containers, service chaining ● Fragmented, diverse context ● Lack of holistic view ● Production security data volumes ● New DevSecOps workflows
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Maintaining security insight & posture across the tool sprawl is a significant challenge
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. People & process many-to-many mappings compound the problem Cloud Chenges ● Tools and tech stacks vary by team ● Many owners and stakeholders for each process ● Dozens of AWS accounts, no standards, different owners ● Churn in accounts, tools, software, libraries ● Unpredictable scale demands QA Development IT DevOps SRE Security Operations Version control Coding Monitoring & alerting CI/CD Project mgt Config mgt Testing Pen testing Vuln scan Access control
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Four attributes of emerging solutions Current disruptions Emerging Democratization of security analytics Close the loop between DevSecOps & SOC Cloud & App Stack Integration Accelerate workflow
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Depth Code Build DeployTest dev prod
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Breadth Code Build DeployTest dev prod Corporate tools Security tools
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Risk of compromise • Risks of compromise Data leaks Loss of intellectual property Compromise of infrastructure Loss of compliance Aid further reconnaissance/attack
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Depth • Indicators of compromise Anomalous behavior by users Anomalous behavior by origin Anomalous behavior by timing Activity from known bad actors • Who & how to monitor IT Dev(Ops) SRE App security
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Depth • Indicators of compromise Authentication events Privileged activity Account management events System/config changes Who & how to monitor IT Dev(Ops) SRE App security
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Breadth • Indicators of compromise Correlate across all activity by origin or time Volume analysis Unusual sequences Correlate with corporate or security tools Who & how to monitor Corporate security Production security App security
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate everything DevSecOps with Genesys
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Genesys platforms
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure scale •200+ Microservices •10 AWS Accounts •5 AWS Regions •Noc-less •Immutable •DevOps
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deployments per week
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 19 Genesys build pipeline + Build Base AMI Build artifactSCM
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20 Genesys build pipeline & security + AMI creation Centralized reporting Security workflow Amazon EC2 + Amazon Inspector
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21 Genesys deploy pipeline Across account orchestration tool Dev deploy Integration test Promotion Prod deploy Failed Success
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22 Genesys deploy pipeline & security Across account orchestration tool Application security audit tools Centralized reporting
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23 Genesys infrastructure security monitoring Examples •AWS “root” login attempts •Open security groups •Failed AWS login attempts •Instance age •Amazon Simple Storage Service (Amazon S3) bucket permissions
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24 Genesys host security monitoring + Build Base AMI Examples ● Whoami, id, nc, nmap, tcpdump, curl, wget, yum, rpm, and others ● File transfers
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Genesys application monitoring Examples •Anomalous spikes (for example, expect “x”, alert when “y”) •Recon (directory enumeration, and so on) •Attacks (XSS, SQLi, and so on)
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. E-mail notifications Also used for routine success/failure/problem e-mail notifications in the CI/CD pipeline (or other areas) ← Recent unsuccessful promotions Recent ACL changes →
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. + Application security audit tools Centralized reporting
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use cases span both old and new Cloud Chenges Coding Authentication MfA Geography Origin VPN Failed Successful Brute Force Embargoed Country Bastion Public Key Age of Creds SAML Spike First Usage Accounts/permissions/other System changes Threat Actor Locked Out Terminated New Shortlived No CR Privileged Logging Stopped Age of Creds Unlocked Disabled Enabled Never Used Used Once Permit Any SG Password Policies MfA Remote root Network traffic Enabled Service Disabled Service IAM Security Groupsusermod Audit Policy ChangeLog Cleared Bucket Permissions change EC2 Scans Undocumented Ports Long connections Data Exfiltration Denied Spikes New DestinationsLateral Movement Subnets Threat Actors
  • 27. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. dframpton@sumologic.com olaf@sumologic.com
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.