SlideShare uma empresa Scribd logo

Securing AWS Environments

Ashish Kaushik
Ashish Kaushik

What AWS services can be leveraged to have a Compliant and Secure Architecture.

Tecnologia
1 de 18
SECURING AWS ENVIRONMENTS Ashish Kaushik Architect
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ Why Security is discussed so much? > ● Important and Tough ● Complex processes ● Manual Intervention makes it difficult to implement. Security is Job Zero At AWS Security is Everyone’s Responsibility
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Shared Responsibility Model
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Infrastructure Security DDoS Mitigation Data Encryption Inventory and Configuration Monitoring and Logging Penetration Testing Security Landscape 01 02 03 060504
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Infrastructure Security Amazon VPC Encryption at rest (default and Customer controlled) VPN Encrypted Traffic (Internal & External) 01 02 03 04
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential DDoS AutoScaling CloudFront Route5301 02 03
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Encryption Available in Storage and DB services (EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift) Key Management - KMS(CMK) Encrypted Queues - SQS Dedicated - CloudHSM
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Inventory and Configuration Automated Assessment - Amazon Inspector. Inventory-AWS Config. Template - AWS CloudFormation.
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Monitoring and Logging API Audit - CloudTrail. Aggregation - CloudWatch Logs Alerting -CloudWatch Events Monitoring - CloudWatch Metrics 01 02 04 03
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Penetration Testing AWS Pentesting Public and available as Artifacts. Customer Pentesting Many service without Approval. For other you can raise ticket for approval. (DNS, Flooding, DDoS, )
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Compliance
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Compliance Enablers https://aws.amazon.com/compliance/ Amazon GuardDuty AWS Artifact AWS BAA (Data Centers) AWS Re:Inforce 01 02 03 04
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - DevOps Approach>
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - Automation Architecture>
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - Analytics>
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - Security Dashboard>
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Real World Blocked number of requests: 160K
www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </THANK YOU!> Ashish Kaushik

Recomendados

Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
DDoS Response Team - Engagement, Advanced Countermeasures and Capabilities
DDoS Response Team - Engagement, Advanced Countermeasures and CapabilitiesDDoS Response Team - Engagement, Advanced Countermeasures and Capabilities
DDoS Response Team - Engagement, Advanced Countermeasures and CapabilitiesAmazon Web Services
 
Enhanced Security Analytics using WAF logs & Elastic Search
Enhanced Security Analytics using WAF logs & Elastic SearchEnhanced Security Analytics using WAF logs & Elastic Search
Enhanced Security Analytics using WAF logs & Elastic SearchAmazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Amazon Web Services
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAmazon Web Services
 
Getting started - Protect your applications in under 30 mins
Getting started - Protect your applications in under 30 minsGetting started - Protect your applications in under 30 mins
Getting started - Protect your applications in under 30 minsAmazon Web Services
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
 

Recomendados

Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
DDoS Response Team - Engagement, Advanced Countermeasures and Capabilities
DDoS Response Team - Engagement, Advanced Countermeasures and CapabilitiesDDoS Response Team - Engagement, Advanced Countermeasures and Capabilities
DDoS Response Team - Engagement, Advanced Countermeasures and CapabilitiesAmazon Web Services
 
Enhanced Security Analytics using WAF logs & Elastic Search
Enhanced Security Analytics using WAF logs & Elastic SearchEnhanced Security Analytics using WAF logs & Elastic Search
Enhanced Security Analytics using WAF logs & Elastic SearchAmazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Amazon Web Services
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAmazon Web Services
 
Getting started - Protect your applications in under 30 mins
Getting started - Protect your applications in under 30 minsGetting started - Protect your applications in under 30 mins
Getting started - Protect your applications in under 30 minsAmazon Web Services
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
AWS WAF
AWS WAFAWS WAF
AWS WAFAmazon Web Services
 
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Amazon Web Services
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSAmazon Web Services
 
Flash card Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in AzureFlash card Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in AzureYoong Seng Lai
 
Automated Forensics and Incident Response on AWS - AWS Summit Sydney
Automated Forensics and Incident Response on AWS - AWS Summit SydneyAutomated Forensics and Incident Response on AWS - AWS Summit Sydney
Automated Forensics and Incident Response on AWS - AWS Summit SydneyAmazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
Flash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in AzureFlash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in AzureYoong Seng Lai
 
AWS: Mit Sicherheit!
AWS: Mit Sicherheit!AWS: Mit Sicherheit!
AWS: Mit Sicherheit!Andrej Maya
 
Flash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in AzureFlash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in AzureYoong Seng Lai
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
 
Linux Container Primitives and Runtimes - AWS Summit Sydney
Linux Container Primitives and Runtimes - AWS Summit SydneyLinux Container Primitives and Runtimes - AWS Summit Sydney
Linux Container Primitives and Runtimes - AWS Summit SydneyAmazon Web Services
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitAmazon Web Services
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...Amazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Amazon Web Services
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSAmazon Web Services
 
Flash card Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in AzureFlash card Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in AzureYoong Seng Lai
 
Automated Forensics and Incident Response on AWS - AWS Summit Sydney
Automated Forensics and Incident Response on AWS - AWS Summit SydneyAutomated Forensics and Incident Response on AWS - AWS Summit Sydney
Automated Forensics and Incident Response on AWS - AWS Summit SydneyAmazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
Flash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in AzureFlash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in AzureYoong Seng Lai
 
AWS: Mit Sicherheit!
AWS: Mit Sicherheit!AWS: Mit Sicherheit!
AWS: Mit Sicherheit!Andrej Maya
 
Flash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in AzureFlash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in AzureYoong Seng Lai
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
 
Linux Container Primitives and Runtimes - AWS Summit Sydney
Linux Container Primitives and Runtimes - AWS Summit SydneyLinux Container Primitives and Runtimes - AWS Summit Sydney
Linux Container Primitives and Runtimes - AWS Summit SydneyAmazon Web Services
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitAmazon Web Services
 

Mais procurados (20)

Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
 
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWS
 
Flash card Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in AzureFlash card Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in Azure
 
Automated Forensics and Incident Response on AWS - AWS Summit Sydney
Automated Forensics and Incident Response on AWS - AWS Summit SydneyAutomated Forensics and Incident Response on AWS - AWS Summit Sydney
Automated Forensics and Incident Response on AWS - AWS Summit Sydney
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
 
Flash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in AzureFlash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in Azure
 
AWS: Mit Sicherheit!
AWS: Mit Sicherheit!AWS: Mit Sicherheit!
AWS: Mit Sicherheit!
 
Flash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in AzureFlash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in Azure
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
 
Linux Container Primitives and Runtimes - AWS Summit Sydney
Linux Container Primitives and Runtimes - AWS Summit SydneyLinux Container Primitives and Runtimes - AWS Summit Sydney
Linux Container Primitives and Runtimes - AWS Summit Sydney
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS Summit
 

Semelhante a Securing AWS Environments

Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...Amazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 
Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Puma Security, LLC
 
Cloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServicePuma Security, LLC
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAmazon Web Services
 
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Amazon Web Services
 
AWSome Day - Barcelona - 26 Febrero
AWSome Day - Barcelona - 26 FebreroAWSome Day - Barcelona - 26 Febrero
AWSome Day - Barcelona - 26 FebreroCAPSiDE
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Daniel Zivkovic
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & LearnAmazon Web Services
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfAmazon Web Services
 

Semelhante a Securing AWS Environments (20)

Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2
 
Cloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata Service
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
 
AWSome Day - Barcelona - 26 Febrero
AWSome Day - Barcelona - 26 FebreroAWSome Day - Barcelona - 26 Febrero
AWSome Day - Barcelona - 26 Febrero
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdf
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 

Último

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Securing AWS Environments

  • 2. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ Why Security is discussed so much? > ● Important and Tough ● Complex processes ● Manual Intervention makes it difficult to implement. Security is Job Zero At AWS Security is Everyone’s Responsibility
  • 3. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Shared Responsibility Model
  • 4. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Infrastructure Security DDoS Mitigation Data Encryption Inventory and Configuration Monitoring and Logging Penetration Testing Security Landscape 01 02 03 060504
  • 5. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Infrastructure Security Amazon VPC Encryption at rest (default and Customer controlled) VPN Encrypted Traffic (Internal & External) 01 02 03 04
  • 6. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential DDoS AutoScaling CloudFront Route5301 02 03
  • 7. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Encryption Available in Storage and DB services (EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift) Key Management - KMS(CMK) Encrypted Queues - SQS Dedicated - CloudHSM
  • 8. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Inventory and Configuration Automated Assessment - Amazon Inspector. Inventory-AWS Config. Template - AWS CloudFormation.
  • 9. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Monitoring and Logging API Audit - CloudTrail. Aggregation - CloudWatch Logs Alerting -CloudWatch Events Monitoring - CloudWatch Metrics 01 02 04 03
  • 10. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Penetration Testing AWS Pentesting Public and available as Artifacts. Customer Pentesting Many service without Approval. For other you can raise ticket for approval. (DNS, Flooding, DDoS, )
  • 11. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Compliance
  • 12. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Compliance Enablers https://aws.amazon.com/compliance/ Amazon GuardDuty AWS Artifact AWS BAA (Data Centers) AWS Re:Inforce 01 02 03 04
  • 13. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - DevOps Approach>
  • 14. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - Automation Architecture>
  • 15. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - Analytics>
  • 16. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </ WAF Analyzer - Security Dashboard>
  • 17. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential Real World Blocked number of requests: 160K
  • 18. www.sourcefuse.com | Copyright © 2019 SourceFuse | Private and Confidential </THANK YOU!> Ashish Kaushik