Shared Responsibility In Action

•

5 gostaram•1,359 visualizações

An examination of how the shared responsibility model for cloud security works in the real world. Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.

Software

SHARED RESponsibility
in action
@marknca

Mark Nunnikhoven
Vice President, Cloud & Emerging Technologies
Trend Micro
@marknca

TRADITIONAL ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization

SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Conﬁg
More info on the model is available at h‫מּ‬p://aws.amazon.com/security

SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Conﬁg
Verify
Compliance information available at h‫מּ‬p://aws.amazon.com/compliance

Physical
Network
Virtualization
Operation System
Application
Data
DIY SaaSIaaS PaaS
*you

BETTER SERVICE TYPES
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Infrastructure
Abstract
Container

SERVICE Examples
Fantastic reference by AWS’ Mark Ryland at h‫מּ‬p://4mn.ca/ZZeDbA
Service Type *aaS
SQS, S3, Route53 Abstract SaaS
RDS, EMR, OpsWorks Container PaaS
EC2, EBS, VPC Infrastructure IaaS

More responsibilities
Less responsibilities

Critical embargoed bug discovered in Xen, details at h‫מּ‬p://4mn.ca/1rcXTTN

A small percentage on instances scheduled for a reboot

ACTIONS TO TAKE
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Nothing for cloud-native architectures
Manage availability
For EC2
Nothing for Multi-AZ instances
Standard maintenance window for
single instances
For RDS

CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption

A‫מּ‬ack forces an older cipher choice. Details at h‫מּ‬p://4mn.ca/1EYfBEA

ACTIONS TO TAKE
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Select a non-aﬀected cipher suite
For ELB
Enable TLS_FALLBACK_SCSV
Disable support for SSL 3.0*
For Web Servers

More info on bash is available at h‫מּ‬p://www.gnu.org/soﬞware/bash/

10/10 vulnerability. Widespread & easy to exploit
(){}; attacka:() { b; } | a‫מּ‬ack;

ACTIONS TO TAKE
Update bash
Use an intrusion prevent system
For EC2

Applied at the boundary
Majority of security controls are traditionally applied at the boundary

Same controls applied in the AWS Cloud, now to each instance
Applied to each instance

@marknca
Thank you.Learn more at testdrive.trendmicro.com

Mais conteúdo relacionado

Mais procurados

CSS17: Dallas - The AWS Shared Responsibility Model in Practice

Alert Logic

The AWS Shared Security Responsibility Model in Practice

Alert Logic

AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives. View a recording of the webinar based on this presentation on YouTube here: http://youtu.be/rXPyGDWKHIo

Journey Through The Cloud - Security Best Practices

Amazon Web Services

10월 29일에 있었던 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다. 내용 요약: 이 세션에서는 IT 운영 및 관리 방식에 변화를 가져온 AWS의 서비스들에 대해 알아보고, IT 운영 가시성을 향상시켜주는 AWS 클라우드의 다양한 기능과 엔터프라이즈 조직에서의 DevOps 문화, 더 넓은 범위에 대한 상세한 모니터링과 운영 분석 등 향상된 IT 관리환경이 주는 이점 등 클라우드가 IT 시스템 관리 전반에 가져온 새로운 기회들에 대해서도 알아보도록 하겠습니다.

AWS Enterprise Summit - AWS로 IT 운영 및 관리 재편하기 - 양승도

Amazon Web Services Korea

CSS17: Atlanta - The AWS Shared Responsibility Model in Practice

Alert Logic

Introduction to AWS Security

LalitMohanSharma8

The AWS Shared Responsibility Model in Practice

Alert Logic

Vortrag "Einführung - Compliance mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P Das AWS Compliance-Programm ist der Schlüssel für Kunden, um die von AWS getroffenen technischen und organisatorischen Maßnahmen zu verstehen, welche getroffen werden, um Kundendaten zu sichern. Der Vortrag wird einen Einblick in die Grundlagen der Verfahren von ISO270xx, SOC1/2/3 und PCI DSS geben. Auch werden wir uns dem Lesen dieser Zertifikate und Berichte widmen, um deren Inhalt mit den typischen Fragen und Voraussetzungen von Datenverarbeitung, Verfügbarkeit und Risikoabsicherung zu verbinden.

Einführung „Compliance mit AWS" - AWS Security Web Day

AWS Germany

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

Intro to AWS: Security

Amazon Web Services

CSS17: DC - The AWS Shared Responsibility Model in Practice

Alert Logic

Security and Compliance in the Cloud

Amazon Web Services

Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin

Amazon Web Services

From the Trenches: Building Comprehensive and Secure Solutions in AWS

Alert Logic

AWS Security for Financial Services

Amazon Web Services

Security and compliance automation have become the most important drivers for IT Transformation to the cloud. Foundational cloud security services provide an unprecedented capability to ensure your cloud platform is secure, programmatically monitored, and adaptive. This session will demonstrate how Federal and Enterprise customers are embracing adaptive techniques in managing their most critical application workloads.

Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...

Amazon Web Services

Security & Compliance in AWS

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Iolaire Mckinnon, Senior Consultant - Security, Risk & Compliance, Professional Services, AWS

AWS Shared Responsibility Model & Compliance Program Overview

Amazon Web Services

Does meeting stringent compliance requirements keep you up at night? Do you worry about having the right audit trails in place as proof? In this session, you will learn why building security in from the beginning saves you time (and painful retrofits) later, how to gather and retain audit evidence for instances that are only up for minutes or hours, and how to meet many compliance requirements and ensured that Amazon EC2 instances are immediately protected as they come online.

Compliance with AWS

Amazon Web Services

AWS Security Week: Security, Identity, & Compliance

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability and control. You have to know what you have and where it is before you can assess the environment against best practices and internal or compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says: "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish.

Understanding AWS security

Amazon Web Services

Mais procurados (20)

CSS17: Dallas - The AWS Shared Responsibility Model in Practice

The AWS Shared Security Responsibility Model in Practice

Journey Through The Cloud - Security Best Practices

AWS Enterprise Summit - AWS로 IT 운영 및 관리 재편하기 - 양승도

CSS17: Atlanta - The AWS Shared Responsibility Model in Practice

Introduction to AWS Security

The AWS Shared Responsibility Model in Practice

Einführung „Compliance mit AWS" - AWS Security Web Day

Intro to AWS: Security

CSS17: DC - The AWS Shared Responsibility Model in Practice

Security and Compliance in the Cloud

Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin

From the Trenches: Building Comprehensive and Secure Solutions in AWS

AWS Security for Financial Services

Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...

Security & Compliance in AWS

AWS Shared Responsibility Model & Compliance Program Overview

Compliance with AWS

AWS Security Week: Security, Identity, & Compliance

Understanding AWS security

Destaque

In Depth: AWS Shared Security Model

Amazon Web Services

The AWS Shared Security Responsibility Model in Practice

Amazon Web Services

Cloudsolutionday 2016: DevOps workflow with Docker on AWS

AWS Vietnam Community

Amazon Web Services Security

Jason Chan

Information Security in AWS - Dave Walker

East Midlands Cyber Security Forum

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Getting Started with AWS Security

Amazon Web Services

You can help maintain control of your environment by choosing the right AWS security tools. In this webinar, we show how AWS Identity and Access Management (IAM), AWS Config Rules, and AWS Cloud Trail can help you maintain that control. In a live demo, we show you how to track changes, monitor compliance, and keep an audit record of API requests. Learning Objectives: • Learn what IAM is and how to leverage it appropriately. • Gain familiarity with how to track changes and monitor for compliance. • Keep an audit record of API requests for reporting purposes. • Understand how these services complement each other.

Introduction to Three AWS Security Services - November 2016 Webinar Series

Amazon Web Services

Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

Amazon Web Services

Shared Responsibility in Accountability

EduSkills OECD

The AWS Shared Security Responsibility Model in Practice

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture. Speakers: Rob Whitmore, AWS Solutions Architect

Introduction to AWS Security

Amazon Web Services

Join ClearScale and AWS to learn how the San Jose Water Company worked with ClearScale to leverage Docker and the latest AWS DevOps tools including Amazon ECS, Amazon EC2 Container Registry (ECR) and AWS CodePipeline, to deliver new app features faster, with lower overhead. Gaining a competitive edge in the modern business landscape often depends on delivering apps with small, quick changes that create faster time-to-market, with focused value for the end customer. Successful companies adopt a DevOps model that automates continuous app delivery and may use a software containerization platform, both to accelerate releases and reduce risk. ClearScale is an AWS DevOps Premier Consulting Partner that helps decrease your time to market, governance and compliance risks, and lower your operational costs. Join us to learn: • The advantages of DevOps on AWS, using the latest AWS tools and Docker • Best practices to design and deploy containers on AWS, based on experiences of the San Jose Water Company • Learn from ClearScale experts about proven automation techniques for DevOps on AWS Who should attend: CTOs, CIOs, CISOs, VPs of Engineering, VPs of Development, Business Development Directors, Senior Development Managers, Senior Architects, Business Development Managers

ClearScale: Continuous Automation with Docker on AWS

Amazon Web Services

Shared Responsibility and Setting Up Secure Account Structures

Amazon Web Services

Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.

Architecting for Greater Security on AWS

Amazon Web Services

AWS Security

Amazon Web Services

Infrastructure as code: running microservices on AWS using Docker, Terraform,...

Yevgeniy Brikman

Destaque (16)

In Depth: AWS Shared Security Model

The AWS Shared Security Responsibility Model in Practice

Cloudsolutionday 2016: DevOps workflow with Docker on AWS

Amazon Web Services Security

Information Security in AWS - Dave Walker

Getting Started with AWS Security

Introduction to Three AWS Security Services - November 2016 Webinar Series

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

Shared Responsibility in Accountability

The AWS Shared Security Responsibility Model in Practice

Introduction to AWS Security

ClearScale: Continuous Automation with Docker on AWS

Shared Responsibility and Setting Up Secure Account Structures

Architecting for Greater Security on AWS

AWS Security

Infrastructure as code: running microservices on AWS using Docker, Terraform,...

Semelhante a Shared Responsibility In Action

Security OF The Cloud

Mark Nunnikhoven

Power Struggle: Balancing Relationships & Responsibility in the Cloud

Mark Nunnikhoven

Cloud Security Alliance's GRC Stack Overview

Valdez Ladd MBA, CISSP, CISA,

While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline four strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools. Andrew Watts-Curnow, Solutions Architect, Amazon Web Services, ASEAN Justin Foster, CISSP Head of Cloud Workload Security, Trend Micro

3 Secrets to Becoming a Cloud Security Superhero

Amazon Web Services

When choosing to migrate to the cloud, many organizations struggle with the amount of information about their existing infrastructure. CloudScape by RISC Networks analyzes their existing environment to quickly identify which applications to retire and which ones to migrate to the AWS Cloud; thus simplifying the migration process. Join the upcoming webinar in which RISC Networks, AWS, and Turner Broadcasting will be discussing how Turner Leveraged RISC Networks CloudScape to simplify their migration process. Customer Presenter: Don Browning, VP of Cloud Architecture, Turner Broadcasting Partner Presenter: Jeremy Littlejohn, RISC Networks AWS Presenter: Carmen Puccio, Solutions Architect

Simplify Migration with RISC Network’s Complete App Analysis

Amazon Web Services

Before beginning the migration process, organizations need a deep understanding the what they have in their current environment. CloudScape from RISC Networks provides organizations with actionable data about the applications and data in their on-premises environment to properly formulate a plan for migration. RISC Networks breaks down this process in four phases: agentless discovery of data, add intelligence to the data, consume the intelligence, and act on the intelligence. These crucial steps help organizations determine which applications should be moved to the cloud before others, and which ones to retire. Leveraging the tools provided by RISC Networks to begin your migration to AWS ensures that your organization will have a total understanding of your entire infrastructure and a tailored migration plan. Once migrated to AWS, RISC Networks continues to track application analytics, to ensure they are working properly.

Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis

RISC Networks

This presentation covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.

Cloud Reference Architecture - Part 1 Foundation

Ammar Hasayen

Providing development and engineering teams with access to cloud resources introduces challenges around deploying the proper security policies. Organizations need automated security solutions that enable their engineers to spin up their own secure environments for application development with a push of a button. Join our upcoming webinar with Palo Alto Networks, REAN Cloud, and AWS, to learn how organizations are leveraging Palo Alto Networks VM-Series and REAN Cloud to build a simple, fast, and automated solution on AWS that helps provision secure environments for developers.

Automate the Provisioning of Secure Developer Environments on AWS PPT

Amazon Web Services

Cloud Security (AWS)

Scott Arveseth

Organizations that are transitioning from a traditional data center to an on-demand IT environment, such as AWS, are quickly finding that automating and scaling legacy security services for comprehensive workload security can be challenging. In light of these challenges, it is necessary to deploy a security solution that employs the same versatility and elasticity as the cloud workloads it is meant to protect. CloudPassage® Halo® provides virtually instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds like AWS. Join Xero and CloudPassage to learn about best practices for migrating your security workloads to the cloud. Join us to learn: - Best practices for maintaining workload security - How you can align cloud security deployment methods with on-premises deployment methods - Key considerations for architecting your infrastructure to scale quickly and securely Who should attend: CTOs, CIOs, CISOs, Directors and Managers of Security, IT Administers, IT Architects and IT Security Engineers

CloudPassage Best Practices for Automatic Security Scaling

Amazon Web Services

Learn how to leverage AWS and security super friends like Trend Micro to create an impenetrable fortress for your AWS workloads, without hindering performance or agility. Join this session and learn three cloud security super powers that will help you thwart villains interested in your workloads. We will walk through three stories of Amazon EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools. Join us to learn: • Design a workload-centric security architecture • Improve visibility of AWS-only or hybrid environments • Stop patching live instances but still prevent exploits

3 Secrets to Becoming a Cloud Security Superhero

Amazon Web Services

Governance, risk, and control of technology is critical for the performance of any organization’s assurance management process. In practice, implementation of this is a near impossible task given the constantly evolving regulatory landscape, massive amounts of incoming and outgoing data, and business units working within siloes. However, through automation, IT departments and compliance teams can efficiently support numerous audit demands imposed on organizations within highly regulated industries like Financial Services, Healthcare, and Life Science. AWS will share best practices around infrastructure design, configuration set-up, and monitoring to augment your compliance operating model so that you can easily automate updates and real-time notifications to take human error out of your compliance functions and demonstrate comprehensive governance of your business. Learning Objectives: • Learn what an comprehensive governance model looks like • Learn why it's important for an organization to automate in its 3 lines of defense – operations, compliance, and internal audit • Learn what AWS services you can enable to Who Should Attend: • Technology risk managers, third-party risk managers, compliance officers, information security executives

Automating Compliance Defense in the Cloud - September 2016 Webinar Series

Amazon Web Services

Rackspace provides a comprehensive set of tooling and expertise on AWS that further unlocks your ability to secure your environment efficiently and cost effectively. The dynamic environment of data, applications, and infrastructure can pose challenges for businesses trying to manage security while following compliance regulations. To mitigate these challenges, businesses need a scalable security solution to ensure their data is safe, secure, and stable. In this webinar, Brad Schulteis, Jarret Raim and Todd Gleason will discuss the topic of security control requirements on AWS through the lens of three common compliance scenarios: HIPAA, PCI-DSS, and generalized security compliance based on the NIST Risk Management Framework. Watch our webinar to learn how Rackspace combines AWS and security expertise with tools like AWS CloudFormation, AWS CodeCommit and AWS CodeDeploy to help customers meet their security and compliance needs. Join us to learn: • Best practices for securely operating workloads on the AWS Cloud • Architecting a secure environment for dynamic workloads • How to incorporate Security by Design principles to address compliance needs across 3 use cases: HIPAA, PCI-DSS and generalized security compliance based on the NIST Risk Management Framework Who should attend: Directors and Managers of Security, IT Administers, IT Architects, and IT Security Engineers

Rackspace: Best Practices for Security Compliance on AWS

Amazon Web Services

Staying Secure in the Cloud

Amazon Web Services

The Trouble with Saas and Hybrid Cloud

Novosco

Getting Started with AWS Security

Amazon Web Services

Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.

(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014

Amazon Web Services

Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...

Amazon Web Services

(Pdf) yury chemerkin ita_2013

STO STRATEGY

(Pdf) yury chemerkin intelligence_sec_2013

STO STRATEGY

Semelhante a Shared Responsibility In Action (20)

Security OF The Cloud

Power Struggle: Balancing Relationships & Responsibility in the Cloud

Cloud Security Alliance's GRC Stack Overview

3 Secrets to Becoming a Cloud Security Superhero

Simplify Migration with RISC Network’s Complete App Analysis

Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis

Cloud Reference Architecture - Part 1 Foundation

Automate the Provisioning of Secure Developer Environments on AWS PPT

Cloud Security (AWS)

CloudPassage Best Practices for Automatic Security Scaling

3 Secrets to Becoming a Cloud Security Superhero

Automating Compliance Defense in the Cloud - September 2016 Webinar Series

Rackspace: Best Practices for Security Compliance on AWS

Staying Secure in the Cloud

The Trouble with Saas and Hybrid Cloud

Getting Started with AWS Security

(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014

Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...

(Pdf) yury chemerkin ita_2013

(Pdf) yury chemerkin intelligence_sec_2013

Mais de Mark Nunnikhoven

Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud. This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.

Advanced Security Automation Made Simple

Mark Nunnikhoven

AWS re:Invent 2017 re:View

Mark Nunnikhoven

Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run. Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team. It doesn't have to be that way. Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem. When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on. In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture. Presented at BC Aware Day, 31-Jan-2017

Security Teams & Tech In A Cloud World

Mark Nunnikhoven

Defending your workloads with aws waf and deep security

Mark Nunnikhoven

AWS re:Invent 2015 re:Cap

Mark Nunnikhoven

When it hits the fan, one of the first questions that you get asked is "Who did this?". And like any good mystery, trying to find the attacker takes many twists and turns. There's a trail of evidence, a red herring or two, and the inevitable plot twist before the final reveal. Unfortunately, despite what you see on TV, in the movies, or even in the press, attack attribution is hard. In face, it's one of the hardest problems in information security today. In this talk, we use real world examples to work through what it takes to properly make the connection between attack and attacker. Looking at real world techniques used to gather and validate evidence, we'll examine what it takes for that evidence to hold up to cross examination. We'll look at the role each of your security controls play in the attribution process and the steps you can take to immediately make attribution easier. Come learn what it takes to actually prove who the attacker is and where attribution fits into your daily security practice.

Whodunit, The Mechanics of Attack Attribution

Mark Nunnikhoven

Software-defined networking is the latest technology in a move to abstract a variety of data center resources. As more and more of the data center is defined in code, some unique security challenges come to the fore. In this session, we'll explore both sides of the security challenge. What types of controls and implementations are required to define security as part of your infrastructure code? What challenges does maintaining an infrastructure codebase present? You'll learn not only how to integrate security into your infrastructure code but also how to properly and securely manage that codebase.

Infrastructure as (Secure) Code

Mark Nunnikhoven

Updating Security Operations For The Cloud

Mark Nunnikhoven

This talk looks at the challenges we face as a defender today by examining several recent, prominent breaches and one of their common causes. The first 2/3 of this talk are the same as "Is That Normal?" (http://www.slideshare.net/marknca/is-that-normal-behaviour-modelling-on-the-cheap) but in the last 3rd, instead of diving in the the mechanics of behavioural analysis, this talk looks at what we should be doing with the results. Originally presented at the Gartner Security & Risk Management Summit in London, 08-Sep-2014

The Most Common Failure With Today's Defences

Mark Nunnikhoven

Originally presented at BSides Ottawa on 06-Sep-2014, this talk lays out the challenges faced by todays defender (for context), the gap in our current defensive strategies (what we'll address), and explains how to start a basic behavioural analysis practice with minimal investment. Remember this is a BSides presentation so there may be some language which causes a double-take ;-) Open with caution.

Is That Normal? Behaviour Modelling On The Cheap

Mark Nunnikhoven

Mais de Mark Nunnikhoven (10)

Advanced Security Automation Made Simple

AWS re:Invent 2017 re:View

Security Teams & Tech In A Cloud World

Defending your workloads with aws waf and deep security

AWS re:Invent 2015 re:Cap

Whodunit, The Mechanics of Attack Attribution

Infrastructure as (Secure) Code

Updating Security Operations For The Cloud

The Most Common Failure With Today's Defences

Is That Normal? Behaviour Modelling On The Cheap

Último

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

SelfMade bd

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

masabamasaba

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

Looking for an efficient way to manage your finances? Look no further than our money management app. With easy-to-use features, you can track your expenses, create budgets, and monitor your savings goals all in one place. Our app provides real-time updates on your spending habits and helps you make smarter financial decisions. Take control of your finances today with our user-friendly money management app.

Right Money Management App For Your Financial Goals

Jhone kinadey

%in Harare+277-882-255-28 abortion pills for sale in Harare

masabamasaba

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

masabamasaba

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts In Chinsurah ❤Personal Whatsapp Number Chinsurah Call Girls 8617697112 💦✅. Chinsurah escorts we are avaliable for our all types budget customers with offer great deals in Chinsurah.Call Now our Chinsurah escort service & call girls ... Independent call girls in Chinsurah escorts available 24 hours a day for discreet incall and outcall bookings from trusted call girls - Elis.in. Nitya salvi Chinsurah escorts service agency # Are you looking for sexy call girls ? Call our agency to get you dream independent call girl, ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...

Nitya salvi

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

At the recent Microsoft Ignite 2023 conference, Microsoft unveiled a groundbreaking strategy that will redefine enterprise work management. The plan involves integrating Microsoft’s key planning tools, Microsoft To Do, Microsoft Planner, and Microsoft Project for the web into a unified experience called “Microsoft Planner.” What does this new strategy from Microsoft mean for current users? Join us and learn how best to take advantage of this announcement while gaining a clear path on how to elevate the current state of Microsoft Planner from a basic task manager to a comprehensive tool for Enterprise Work Management using OnePlan. Learn how OnePlan’s integration with Microsoft Planner allows for strategic alignment with business goals through advanced features like strategic planning, portfolio management, resource management, financial management, and more!

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution

OnePlan Solutions

Software Quality Assurance Interview Questions

Arshad QA

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

Shared Responsibility In Action

1. SHARED RESponsibility in action @marknca

2. Mark Nunnikhoven Vice President, Cloud & Emerging Technologies Trend Micro @marknca

3. Modelling security on AWS

4. TRADITIONAL ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization

5. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Conﬁg More info on the model is available at h‫מּ‬p://aws.amazon.com/security

6. SHARED ResponsibilitY Physical Operating System Infrastructure Application Network Data Virtualization Security Groups Network Conﬁg Verify Compliance information available at h‫מּ‬p://aws.amazon.com/compliance

7. Physical Network Virtualization Operation System Application Data DIY SaaSIaaS PaaS *you

8. BETTER SERVICE TYPES From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Infrastructure Abstract Container

9. SERVICE Examples Fantastic reference by AWS’ Mark Ryland at h‫מּ‬p://4mn.ca/ZZeDbA Service Type *aaS SQS, S3, Route53 Abstract SaaS RDS, EMR, OpsWorks Container PaaS EC2, EBS, VPC Infrastructure IaaS

10. Less responsibilities

11. More responsibilities Less responsibilities

12. Options : Responsibilities

13. Re:Boot

14. Critical embargoed bug discovered in Xen, details at h‫מּ‬p://4mn.ca/1rcXTTN

15. A small percentage on instances scheduled for a reboot

16. ACTIONS TO TAKE From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Nothing for cloud-native architectures Manage availability For EC2 Nothing for Multi-AZ instances Standard maintenance window for single instances For RDS

17. POODLE

18. CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption

19. A‫מּ‬ack forces an older cipher choice. Details at h‫מּ‬p://4mn.ca/1EYfBEA

20. ACTIONS TO TAKE From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA Select a non-aﬀected cipher suite For ELB Enable TLS_FALLBACK_SCSV Disable support for SSL 3.0* For Web Servers

21. Shellshock

22. More info on bash is available at h‫מּ‬p://www.gnu.org/soﬞware/bash/

23. 10/10 vulnerability. Widespread & easy to exploit (){}; attacka:() { b; } | a‫מּ‬ack;

24. ACTIONS TO TAKE Update bash Use an intrusion prevent system For EC2

25. Applied at the boundary Majority of security controls are traditionally applied at the boundary

26. Same controls applied in the AWS Cloud, now to each instance Applied to each instance

27.

28.

29. Options : Responsibilities

30. @marknca Thank you.Learn more at testdrive.trendmicro.com

Shared Responsibility In Action

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (16)

Semelhante a Shared Responsibility In Action

Semelhante a Shared Responsibility In Action (20)

Mais de Mark Nunnikhoven

Mais de Mark Nunnikhoven (10)

Último

Último (20)

Shared Responsibility In Action