Viacheslav Viniarskyi

1. Automated Defense with
Serverless computing
Viacheslav Viniarskyi
DevOps in Critical Services, SoftServe

2. What is serverless?
Serverless computing is a cloud-computing execution
model in which the cloud provider runs the server, and
dynamically manages the allocation of machine resources.
Pricing is based on the actual amount of resources
consumed by an application, rather than on pre-purchased
units of capacity.

3. ▪ FaaS – Function as a Service
o Event-driven architecture
o Primary focus on code
o Service provider carry on about all underlaying things
o Workloads and functions themselves are stateless
o Elastically response to workload
▪ BaaS – Backend as a Service
o Service provide web app and mobile app typical things like
authentication, user management, database, storage, push
notifications, integration with social networks.
Serverless types

4. ▪ AWS Lambda by Amazon
▪ Google Cloud Functions by Google
▪ Microsoft Azure Fuctions by Microsoft
▪ IBM Cloud Functions & OpenWhisk by IBM with RedHat and others
▪ Project Fn by Oracle
▪ Pivotal Function Service by Pivotal
▪ Alibaba Cloud Function by Alibaba Cloud
▪ Knative & Riff for kubernetes
Serverless vendors

5. ▪ Event source - S3, SNS, SES, SQS, Kinessis, DuynamoDB, ELB, ALB,
Cognito, Lex, Alexa, API Gateway, CloudFront, CloudFormation,
CloudWatch, CodeCommit, AWS Config.
▪ Code of function (computing resource).
▪ Downstream resource (Consumers of functions output).
Serverless parts

6. CloudTrail case
In this scenario,CloudTrail writes
access logs to your S3 bucket.As
for AWS Lambda,Amazon S3 is the
event source so Amazon S3
publishes events to AWS Lambda
and invokes your Lambda function,
which send notification.This
scenario can be leveraged to
revert undesired changes in
Security groups for example.
Full article is available here:
https://docs.aws.amazon.com/la
mbda/latest/dg/with-cloudtrail-
example.html

7. Inspector case
After running an assessment and
publishing any security findings
to SNS topic which will trigger AWS
Lambda function.This function
examines the findings,and then
implements the appropriate
remediation based on the type of
issue.Additionally this can be
intergeted with 3-party ticketing
system through another SNS topic.
Full article is available here:
https://aws.amazon.com/blogs/se
curity/how-to-remediate-amazon-
inspector-security-findings-
automatically/

8. Appsecco case
Taking a list of attackers IPv4
addresses from their completely
secured ELK monitoring setup and
with just 50 lines of standard
Python code,were able to create
an automated way to block the IP’s
at the VPC level itself.
Full article is available here:
https://blog.appsecco.com/autom
ated-defense-using-serverless-
computing-84ee04b9b129

9. ▪ https://github.com/anaibol/awesome-serverless#security
▪ https://github.com/puresec/awesome-serverless-security/
▪ OWASP ServerlessGoat
▪ https://landscape.cncf.io/format=serverless
▪ https://www.puresec.io
▪ https://www.threatstack.com
Useful links

10. Automated Defense with
Serverless computing
Viacheslav Viniarskyi
DevOps in Critical Services, SoftServe
Q & A