SlideShare uma empresa Scribd logo

Security for AWS : Journey to Least Privilege (update)

Transferir como PPTX, PDF
D
dhubbard858

I created the baker's dozen of things to think about when migrating or deploying in AWS. Use comments to add your input. Read time approx. 15-20 minutes max. There is also a long form written version of this on https://blog.lacework.com.

Tecnologia
1 de 244
.start
Bakers Dozen to Securing AWS
Dan Hubbard, Lacework
@dhubbard858
So, you are running in AWS?
AWS has amazing advantages….
Speed
Velocity
Auto-scale
They run the infrastructure.
And let you focus on your apps.
That is what matters.
But how do you secure all of this?
Think different.
It’s less about the castle and moat.
And more about automation.
scale.
visibility.
context.
And most importantly….
Shrinking your attack surface.
Minimizing mistakes.
And fitting security INTO your architecture.
NOT in FRONT of it.
Where do we start?
Drive towards least-privilege systems.
I know, you may not be there TODAY.
You may be migrating
Least Privilege is easier said than done.
But it’s a destination you want to drive to.
And if you have the luxury of starting over.
then start with least privilege.
Start with templatized workload configuration.
Terraform (multi-platform)
CloudFormation = AWS specific
Next select your orchestration system.
Kubernetes
Docker Swarm
Mesos.
Choose your favorite container tech.
Likely Docker or equiv..
And finally your favorite OS.
CoreOS
Redhat
Ubuntu
OK, now let’s think about the security...
Start with AWS Accounts.
Then your services
API’s
Compliance
Applications
Users
Secure your AWS account.1
Design your accounts carefully !
This is not easy to unwind and it’s super important.
Balance accounts and responsibilities.
Watch for sprawl.
You do not want to have too many accounts.
If you have a reason for a LOT of accounts.
Justify it !
Use AWS organizations.
MFA critical for all console authentication.
Use instance roles for services.
Roles manage ephemeral keys internally
CloudTrail2
Make sure it’s on for ALL accounts.
Log it in a place that you can query.
CloudTrail is very noisy
You need to understand the needles in the data
Context is critical
Understand relevant change.
Change in config’s
Change in API usage
Change in critical services.
Change in user patterns.
Attackers can delete / turn off CloudTrail
Segment S3 bucket with different from monitored account
Secure Services3
EC2, S3, RDS, KMS...
Set a policy and a framework for your services
Each service has unique attack surface
How do you think about threats in 1000’s of services.
Lambda surface?
ECS ?
EKS ?
S3 ?
RDS ?
Redshift ?
Don’t boil the ocean YET.
Understand what you use, why, and focus on those.
Learn what dev. is looking at next.
Compliance4
Your accounts and services need continual checks
This is not your annual compliance audit
Its all the time every time.
Start with CIS for AWS benchmarks
Expand into your relevant areas.
PCI
SOC II
HIPAA.
Secure the network.5
It’s not your network.
Yeah it’s virtual.
Limit what can go in and out.
Minimize in AND out.
Understand inter network traffic (east-west)
But the network diminishes in importance in cloud.
Like console access to the router
Firmare on edge router.
You don’t own it. Get used to that.
Network often static.
But systems are dynamic.
Containers and orchestration limit relevance.
But monitor config’s still important in VPC’s.
Secure the applications.6
What are they talking to?
And Why ?
Understand application topologies and systems.
Gain insight into typical system behavior
Understand outliers.
Log ALL application behaviors.
Abstract containers : translate apps : containers : machines.
Did I mention log everything.
Ephemeral workloads must be monitored
in near real-time.
Make meaning of the logs.
Good data turns into information when it answers questions.
Who ran this app?
When did it run?
What did it do?
Where did it connect to?
Good data turns into information
when you either gain security knowledge
or when your can answer questions with context.
“Hey Dan, did you mean to install 50 new GPU instances in the Europe Region running Bitcoin Miners last night”?
Secure Users.7
Who can log into what machines.
Why?
Limit logins wherever you can!
Least Privileged systems.
If logins necessary….
NO SHARED ACCOUNTS
Unique accounts per user
Use MFA.
Setup a bastion.
3 Factors of ID..
Setup VPN
Limit access via IP
Use IAM (oauth, SAML)
3 Factors
Account password
Temporary password
And keys.
Log ALL logins.
Failures and Successes
Avoid service accounts logging in.
Yes no login as say...
ubuntu
coreos
admin
Or...root !!!!
Where possible limit users from installing apps.
Immutable images.
Use the orchestration. That is what its for.
Understand the app behaviors.
Both to from and to the Internet.
And laterally from application to application.
Within your “network”
And from container to container.
Secure the Data.8
Encrypt it.
ALL OF IT.
Its likely someone will find value in your data
Regardless of what you think.
Keys are critical.
Look into vaults.
Rotate.
Ephemeral keys
Layer 8 : People9
“DevSecOps”
It’s just a made up word.
Establish communication channel from/to devops and security.
#Slack works.
Alert on criticals : PagerDuty or ?
Log criticals and below in #channel
Email still works too.
Retrospectives on alerts.
Get good at triage.
A great security product/system will help bridge gaps
from developers to security
from security to developers.
within or across teams.
Best practices.10
There is no time continuum in security.
It does not stop or start.
It is just part of the system
And the system needs testing.
Pen testing.
Vulnerability testing
It’s not as scary as it sounds.
War game with dev.
Think evil.
What if I had privileged access to ….
Think about.
Data exfil.
Data destruction.
Public disclosures.
Inadvertent configuration mistakes.
Compliance failures.
Low level bugs out of your control.
Ring0 happens.
Be prepared
For recovery
It’s not *if* the market will ask about your security.
It’s *when*.
Have the answers before they ask.
But what about bugs in MY applications? 11
Be responsible.
Follow responsible disclosures.
Answer security@yourdomain
Be friendly to bug hunters
Bug bounty not mandatory but look into it.
Don’t be held hostage to hunters.
But be responsible.
They are saving your time, money, and potentially losses.
Run your own internal bug program.
Hack a thons are great for this.
And finally….
Have fun.12
Be thankful.
You are designing the future state.
Starting over is a privilege.
Learn from past mistakes.
To determine the future.
Wait, bakers dozen!13
What do you feel is missing?
Add your comments here.
Share your experiences.
Give back to the community :)
Lacework : Let us run your security
Lacework : While you focus on your apps.
Dan Hubbard, Lacework
@dhubbard858
.end

Recomendados

Security for AWS : Journey to Least Privilege
Security for AWS : Journey to Least PrivilegeSecurity for AWS : Journey to Least Privilege
Security for AWS : Journey to Least Privilegedhubbard858
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Priyanka Aash
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
 

Recomendados

Security for AWS : Journey to Least Privilege
Security for AWS : Journey to Least PrivilegeSecurity for AWS : Journey to Least Privilege
Security for AWS : Journey to Least Privilegedhubbard858
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Priyanka Aash
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Using Access Advisor to Strike the Balance Between Security and Usability - S...
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
 
The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 
Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final projectBrianCooper73
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017Amazon Web Services
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slideCloudVillage
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
ENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationAmazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)Brian Brazil
 
Prometheus - Open Source Forum Japan
Prometheus - Open Source Forum JapanPrometheus - Open Source Forum Japan
Prometheus - Open Source Forum JapanBrian Brazil
 

Mais conteúdo relacionado

Mais procurados

The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 
Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final projectBrianCooper73
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017Amazon Web Services
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slideCloudVillage
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
ENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationAmazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 

Mais procurados (20)

The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
 
Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final project
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slide
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
ENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital Transformation
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To Us
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
 
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 

Semelhante a Security for AWS : Journey to Least Privilege (update)

An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)Brian Brazil
 
Prometheus - Open Source Forum Japan
Prometheus - Open Source Forum JapanPrometheus - Open Source Forum Japan
Prometheus - Open Source Forum JapanBrian Brazil
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 
Evolving to Cloud-Native - Nate Schutta (2/2)
Evolving to Cloud-Native - Nate Schutta (2/2)Evolving to Cloud-Native - Nate Schutta (2/2)
Evolving to Cloud-Native - Nate Schutta (2/2)VMware Tanzu
 
Cloud basics for pen testers, red teamers, and defenders
Cloud basics for pen testers, red teamers, and defendersCloud basics for pen testers, red teamers, and defenders
Cloud basics for pen testers, red teamers, and defendersGerald Steere
 
Microservices pros and cons
Microservices pros and consMicroservices pros and cons
Microservices pros and consAndrew Siemer
 
Cloud-Native Fundamentals: An Introduction to 12-Factor Applications
Cloud-Native Fundamentals: An Introduction to 12-Factor ApplicationsCloud-Native Fundamentals: An Introduction to 12-Factor Applications
Cloud-Native Fundamentals: An Introduction to 12-Factor ApplicationsVMware Tanzu
 
Gluecon Monitoring Microservices and Containers: A Challenge
Gluecon Monitoring Microservices and Containers: A ChallengeGluecon Monitoring Microservices and Containers: A Challenge
Gluecon Monitoring Microservices and Containers: A ChallengeAdrian Cockcroft
 
Availability in a cloud native world v1.6 (Feb 2019)
Availability in a cloud native world v1.6 (Feb 2019)Availability in a cloud native world v1.6 (Feb 2019)
Availability in a cloud native world v1.6 (Feb 2019)Haytham Elkhoja
 
Evolving to Cloud-Native - Nate Schutta 2/2
Evolving to Cloud-Native - Nate Schutta 2/2Evolving to Cloud-Native - Nate Schutta 2/2
Evolving to Cloud-Native - Nate Schutta 2/2VMware Tanzu
 
Herding cats in the Cloud
Herding cats in the CloudHerding cats in the Cloud
Herding cats in the CloudDewey Sasser
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud MigrationVMware Tanzu
 
Moving to Microservices with the Help of Distributed Traces
Moving to Microservices with the Help of Distributed TracesMoving to Microservices with the Help of Distributed Traces
Moving to Microservices with the Help of Distributed TracesKP Kaiser
 
Practical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPractical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPriyanka Aash
 
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...NETWAYS
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Skynet project: Monitor, analyze, scale, and maintain a system in the Cloud
Skynet project: Monitor, analyze, scale, and maintain a system in the CloudSkynet project: Monitor, analyze, scale, and maintain a system in the Cloud
Skynet project: Monitor, analyze, scale, and maintain a system in the CloudSylvain Kalache
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 

Semelhante a Security for AWS : Journey to Least Privilege (update) (20)

An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)
 
Prometheus - Open Source Forum Japan
Prometheus - Open Source Forum JapanPrometheus - Open Source Forum Japan
Prometheus - Open Source Forum Japan
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
 
Evolving to Cloud-Native - Nate Schutta (2/2)
Evolving to Cloud-Native - Nate Schutta (2/2)Evolving to Cloud-Native - Nate Schutta (2/2)
Evolving to Cloud-Native - Nate Schutta (2/2)
 
Cloud basics for pen testers, red teamers, and defenders
Cloud basics for pen testers, red teamers, and defendersCloud basics for pen testers, red teamers, and defenders
Cloud basics for pen testers, red teamers, and defenders
 
Microservices pros and cons
Microservices pros and consMicroservices pros and cons
Microservices pros and cons
 
Cloud-Native Fundamentals: An Introduction to 12-Factor Applications
Cloud-Native Fundamentals: An Introduction to 12-Factor ApplicationsCloud-Native Fundamentals: An Introduction to 12-Factor Applications
Cloud-Native Fundamentals: An Introduction to 12-Factor Applications
 
Gluecon Monitoring Microservices and Containers: A Challenge
Gluecon Monitoring Microservices and Containers: A ChallengeGluecon Monitoring Microservices and Containers: A Challenge
Gluecon Monitoring Microservices and Containers: A Challenge
 
Availability in a cloud native world v1.6 (Feb 2019)
Availability in a cloud native world v1.6 (Feb 2019)Availability in a cloud native world v1.6 (Feb 2019)
Availability in a cloud native world v1.6 (Feb 2019)
 
Evolving to Cloud-Native - Nate Schutta 2/2
Evolving to Cloud-Native - Nate Schutta 2/2Evolving to Cloud-Native - Nate Schutta 2/2
Evolving to Cloud-Native - Nate Schutta 2/2
 
Herding cats in the Cloud
Herding cats in the CloudHerding cats in the Cloud
Herding cats in the Cloud
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
 
Moving to Microservices with the Help of Distributed Traces
Moving to Microservices with the Help of Distributed TracesMoving to Microservices with the Help of Distributed Traces
Moving to Microservices with the Help of Distributed Traces
 
Practical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPractical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOps
 
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
stackconf 2023 | Infrastructure-From-Code and the end of Microservices by Ala...
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
Skynet project: Monitor, analyze, scale, and maintain a system in the Cloud
Skynet project: Monitor, analyze, scale, and maintain a system in the CloudSkynet project: Monitor, analyze, scale, and maintain a system in the Cloud
Skynet project: Monitor, analyze, scale, and maintain a system in the Cloud
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Security for AWS : Journey to Least Privilege (update)