SlideShare uma empresa Scribd logo

Monitorización de seguridad y detección de amenazas con AWS

Transferir como PPTX, PDF
javier ramirez
javier ramirez

The document discusses Amazon Web Services (AWS) security services including AWS CloudTrail, VPC Flow Logs, Amazon CloudWatch, Amazon GuardDuty, AWS Security Hub, and Amazon Detective. It provides overviews and descriptions of the features and capabilities of these services for monitoring, detecting threats, aggregating findings, and investigating security issues on AWS.

Software
1 de 37
© 2020, Amazon Web Services, Inc. or its Affiliates. Esteban Hernández Specialist Solutions Architect Security & Compliance @gamabuntasama Security monitoring andThreat detection Javier Ramirez Developer Advocate @supercoco9
© 2020, Amazon Web Services, Inc. or its Affiliates. Protect Detect Respond Automate Investigate RecoverIdentify AWS Systems Manager AWS Config AWS Lambda Amazon CloudWatch Amazon Inspector Amazon Macie Amazon GuardDuty AWS Security Hub AWS IoT Device Defender AWS KMSIAM AWS Single Sign-On Snapshot Archive AWS CloudTrail Amazon CloudWatch Amazon VPC AWS WAF AWS Shield AWS Secrets Manager AWS Firewall Manager AWS Personal Health Dashboard Amazon Route 53 AWS Direct Connect AWS Transit Gateway AWS PrivateLink AWS Step Functions Amazon Cloud Directory AWS CloudHSM AWS Certificate Manager AWS Control Tower AWS Service Catalog AWS Well- Architected Tool AWS Trusted Advisor AWS Resource Access Manager AWS Directory Service Amazon Cognito Amazon S3 Glacier AWS Security Hub AWS Systems Manager AWS CloudFormation AWS OpsWorks Amazon Detective AWS Organizations AWS foundational and layered security services Threat management services
© 2020, Amazon Web Services, Inc. or its Affiliates. Log sources
© 2020, Amazon Web Services, Inc. or its Affiliates. Different log sources AWS Managed Service Logs System Logs Application Logs
© 2020, Amazon Web Services, Inc. or its Affiliates. Overview of log delivery Collect Buffer Aggregate Transform Store
© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudTrail What is it? • A service that enables governance, compliance, and operational and risk auditing of your AWS account • With CloudTrail, you can capture and log events related to API calls and account activity events across your AWS infrastructure and resources • Simplify your compliance audits by automatically recording and storing activity logs for your AWS account • Increase visibility into your user and resource activity • Discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account What can you do? You define anAmazon S3 bucket for storage Account event occurs generating API activity CloudTrail captures and records the API activity A log of API calls is delivered to an S3 Bucket and optionally delivered to CloudWatch Events and CloudWatch Logs
© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudTrail Features • CloudTrail enables analysis of operational and security issues by providing visibility into API and event activity in your AWS account. • Key features include: • Management Event and Data Event logging • S3 log delivery • log file encryption • integrity validation • SNS notification • Cross-account S3 delivery • CloudWatch Logs integration • CloudWatch Events integration • Personal Health Dashboard integration • Ability to apply a trail to all regions (applies to new future regions) • Event filters for read/write event actions
© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudTrail Who? When? What? Where to? Where from? Bill 3:27pm Launch Instance us-west-2 72.21.198.64 Alice 8:19am Added Bob to admin group us-east-1 127.0.0.1 Steve 2:22pm Deleted DynamoDB table eu-west-1 205.251.233.176
© 2020, Amazon Web Services, Inc. or its Affiliates. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or perVPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon CloudWatch Amazon CloudWatch is a monitoring service for AWS cloud resources, applications you run on AWS and onPrem. Monitor EC2SpotTrends Monitor Other Resources Set Alarms - Events Monitor Custom Metrics Monitor & Store Logs Create Dashboards Take automated action Troubleshoot Metrics on Logs Centralize monitoring Operational Status
© 2020, Amazon Web Services, Inc. or its Affiliates. Why CloudWatch ? Monitor ActAnalyze • Metrics on resources • Observe app & Infra. health • Monitor custom metrics • Collect and monitor log files • Alarm on metrics and custom metrics • Take automated actions on alarms • Event drive corrective action • Visualization through dashboards • Unified opps. view • Extended retention if desired >
© 2020, Amazon Web Services, Inc. or its Affiliates. Log analytics flow Data Producers Collection Permanent cold storage Transformation Analysis and reporting
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon GuardDuty
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon GuardDuty: Data sources VPC Flow Logs VPC Flow Logs do not need to be turned on to generate findings; data is consumed through an independent duplicate stream Provides information about network communications for threat intel and behavioral detections DNS logs DNS logs are based on queries made from Amazon EC2 instances to known and unknown questionable domains DNS logs are additional to Amazon Route 53 query logs; Route 53 is not required for GuardDuty to generate DNS-based findings AWS CloudTrail events AWS CloudTrail provides a history of AWS API calls used to access the AWS ManagementConsole, SDKs, AWS Command Line Interface (AWS CLI), etc. Identifies user and account activity, including source IP address used to make the calls
© 2020, Amazon Web Services, Inc. or its Affiliates. How Amazon GuardDuty works VPC Flow Logs DNS logs AWS CloudTrail events FindingsData sources Threat intelligence Anomaly detection (ML) AWS Security Hub • Remediate • Partner solutions • Send to SIEM Amazon CloudWatch Event Finding types Examples Bitcoin mining C&C activity Unusual user behavior Examples • Launch instance • Change in network permissions Amazon GuardDuty Threat detection types HIGH MEDIUM LOW Unusual traffic patterns Example • Unusual ports and volume Amazon S3 bucket
© 2020, Amazon Web Services, Inc. or its Affiliates. What can Amazon GuardDuty detect? GuardDuty leverages threat intelligence from various sources • AWS security intel • AWS Partner Network (APN) Partners CrowdStrike and Proofpoint • Customer-provided threat intel Threat intelligence enables GuardDuty to identify the following: • Known malware-infected hosts • Anonymizing proxies • Sites hosting malware and hacker tools • Cryptocurrency mining pools and wallets Detecting known threats using threat intelligence
© 2020, Amazon Web Services, Inc. or its Affiliates. Unknown threats using machine learning Algorithms to detect unusual behavior • Inspecting signal patterns for heuristics • Profiling normal behavior and looking at deviations • Using machine learning classifiers
© 2020, Amazon Web Services, Inc. or its Affiliates. Reviewing findings: GuardDuty console
© 2020, Amazon Web Services, Inc. or its Affiliates. Reviewing findings: Details of API/JSON findings AWS Management Console API/JSON format Threat information • Severity • Region • Count/Frequency • Threat type • Affected resource • Source information • Viewable via Amazon CloudWatch Events
© 2020, Amazon Web Services, Inc. or its Affiliates. Reviewing findings: CloudWatch Events • GuardDuty aggregates all changes to findings that take place in five-minute intervals into a single event • CloudWatch Events can be graphed, stored, exported, and further analyzed Example: GuardDuty-related CloudWatch Event
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon CloudWatch CloudWatch Event Report Take action Amazon GuardDuty Detect Acting on findings
© 2020, Amazon Web Services, Inc. or its Affiliates. AWS Security Hub
© 2020, Amazon Web Services, Inc. or its Affiliates. Enable AWS Security Hub for all your accounts Account 1 Account 2 Account 3 Conduct automated compliance scans and checks Take action based on findings. Continuously aggregate and prioritize findings Better visibility into security issues Easier to stay in compliance Introduction to AWS Security Hub
© 2020, Amazon Web Services, Inc. or its Affiliates. Avoid the use of the "root" account Ensure CloudTrail is enabled in all Regions Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 Ensure IAM policies that allow full "*:*" administrative privileges are not created Examples 43 preconfigured rules for CIS Compliance standards
© 2020, Amazon Web Services, Inc. or its Affiliates. Compliance standards
© 2020, Amazon Web Services, Inc. or its Affiliates. Aggregated findings
© 2020, Amazon Web Services, Inc. or its Affiliates. Insights help identify resources that require attention
© 2020, Amazon Web Services, Inc. or its Affiliates. • Dashboard provides visibility into the top security findings • 20 pre-built insights provided by AWS and APN Partners • Customers can create their own insights • Examples Dashboard Amazon EC2 instances that have missing security patches Amazon S3 buckets with stored credentials Amazon S3 buckets with public read and write permissions Top AMIs by counts of findings 20 pre-built insights AWS Security Hub insights
© 2020, Amazon Web Services, Inc. or its Affiliates. Taking action on findings AWS Security Hub Amazon CloudWatch Events Amazon GuardDuty Amazon Inspector Amazon Macie Third-party providers
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective Quickly analyze, investigate, and identify the root cause of security issues Built-in data collection Automated analysis Visual insights
© 2020, Amazon Web Services, Inc. or its Affiliates. How does Amazon Detective work?
© 2020, Amazon Web Services, Inc. or its Affiliates. Easy-to-use visualizations Faster and more effective investigations Ability to save time and effort with continuous data updates Amazon Detective: Key benefits
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective: Sample use cases Incident investigation
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective:Workflow integration SIEM/alert console Orchestration/ticketing system
© 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective: Integrations and managed services APN Partners
© 2020, Amazon Web Services, Inc. or its Affiliates. Gracias Síguenos en twitter: https://twitter.com/awscloud_es Webinars y eventos: https://aws.amazon.com/es/about-aws/events/eventos-es/ Contacto: https://aws.amazon.com/es/contact-us/ Noticias y novedades: https://aws.amazon.com/es/new No olvides rellenar la encuesta para ayudarnos a mejorar Esteban Hernández Specialist Solutions Architect Security & Compliance @gamabuntasama Javier Ramirez Developer Advocate @supercoco9

Recomendados

Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...
Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...
Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...javier ramirez
 
Building a Modern Data Platform in the Cloud. AWS Initiate Portugal
Building a Modern Data Platform in the Cloud. AWS Initiate PortugalBuilding a Modern Data Platform in the Cloud. AWS Initiate Portugal
Building a Modern Data Platform in the Cloud. AWS Initiate Portugaljavier ramirez
 
¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...
¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...
¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...javier ramirez
 
Recomendaciones, predicciones y detección de fraude usando servicios de intel...
Recomendaciones, predicciones y detección de fraude usando servicios de intel...Recomendaciones, predicciones y detección de fraude usando servicios de intel...
Recomendaciones, predicciones y detección de fraude usando servicios de intel...javier ramirez
 
OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOps
OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOpsOpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOps
OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOpsjavier ramirez
 
Re:Invent 2019 Recap. AWS User Group Zaragoza. Javier Ramirez
Re:Invent 2019 Recap. AWS User Group Zaragoza. Javier RamirezRe:Invent 2019 Recap. AWS User Group Zaragoza. Javier Ramirez
Re:Invent 2019 Recap. AWS User Group Zaragoza. Javier Ramirezjavier ramirez
 
Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez
Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez
Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirezjavier ramirez
 
Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...
Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...
Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...Amazon Web Services
 

Recomendados

Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...
Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...
Consulta cualquier fuente de datos usando SQL con Amazon Athena y sus consult...javier ramirez
 
Building a Modern Data Platform in the Cloud. AWS Initiate Portugal
Building a Modern Data Platform in the Cloud. AWS Initiate PortugalBuilding a Modern Data Platform in the Cloud. AWS Initiate Portugal
Building a Modern Data Platform in the Cloud. AWS Initiate Portugaljavier ramirez
 
¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...
¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...
¿Son las bases de datos de contabilidad interesantes, o son parte del hype al...javier ramirez
 
Recomendaciones, predicciones y detección de fraude usando servicios de intel...
Recomendaciones, predicciones y detección de fraude usando servicios de intel...Recomendaciones, predicciones y detección de fraude usando servicios de intel...
Recomendaciones, predicciones y detección de fraude usando servicios de intel...javier ramirez
 
OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOps
OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOpsOpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOps
OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOpsjavier ramirez
 
Re:Invent 2019 Recap. AWS User Group Zaragoza. Javier Ramirez
Re:Invent 2019 Recap. AWS User Group Zaragoza. Javier RamirezRe:Invent 2019 Recap. AWS User Group Zaragoza. Javier Ramirez
Re:Invent 2019 Recap. AWS User Group Zaragoza. Javier Ramirezjavier ramirez
 
Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez
Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez
Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirezjavier ramirez
 
Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...
Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...
Well-architected Amazon WorkSpaces: Enterprise deployment at scale - SVC304 -...Amazon Web Services
 
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...Amazon Web Services
 
Bringing Cloud to the Edge - AWS Summit Sydney
Bringing Cloud to the Edge - AWS Summit SydneyBringing Cloud to the Edge - AWS Summit Sydney
Bringing Cloud to the Edge - AWS Summit SydneyAmazon Web Services
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PAAmazon Web Services
 
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitDiscover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitGetting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitAmazon Web Services
 
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitTwelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitAmazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Amazon Web Services
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Amazon Web Services
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲Amazon Web Services
 
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?Amazon Web Services
 
Getting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep DiveGetting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep Divejavier ramirez
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
Database Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitDatabase Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitAmazon Web Services
 
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitConnecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitAmazon Web Services
 
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Amazon Web Services
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...Amazon Web Services
 
Bringing Cloud to the Edge - AWS Summit Sydney
Bringing Cloud to the Edge - AWS Summit SydneyBringing Cloud to the Edge - AWS Summit Sydney
Bringing Cloud to the Edge - AWS Summit SydneyAmazon Web Services
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitDiscover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitGetting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitAmazon Web Services
 
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitTwelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitAmazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Amazon Web Services
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Amazon Web Services
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲Amazon Web Services
 
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?Amazon Web Services
 
Getting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep DiveGetting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep Divejavier ramirez
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
Database Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitDatabase Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitAmazon Web Services
 
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitConnecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitAmazon Web Services
 
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Amazon Web Services
 

Mais procurados (20)

Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
Connecting buildings to new opportunities with AWS IoT - SVC204 - New York AW...
 
Bringing Cloud to the Edge - AWS Summit Sydney
Bringing Cloud to the Edge - AWS Summit SydneyBringing Cloud to the Edge - AWS Summit Sydney
Bringing Cloud to the Edge - AWS Summit Sydney
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PA
 
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitDiscover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei server
 
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitGetting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
 
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitTwelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environment
 
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECS
 
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
 
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
去中心化身分識別-Decentralized-Identifiers-如何改變著未來的網路型態?
 
Getting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep DiveGetting started with streaming analytics: Deep Dive
Getting started with streaming analytics: Deep Dive
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
Database Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitDatabase Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS Summit
 
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitConnecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
 
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
 

Semelhante a Monitorización de seguridad y detección de amenazas con AWS

AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
 
AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理Amazon Web Services
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application securityRobSutter2
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Amazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAmazon Web Services
 
DevSecOps-Teams das Security-Steuer überlassen
DevSecOps-Teams das Security-Steuer überlassenDevSecOps-Teams das Security-Steuer überlassen
DevSecOps-Teams das Security-Steuer überlassenBATbern
 
DevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as CodeDevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as Codejeromevdl
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAmazon Web Services
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
 
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...Amazon Web Services
 

Semelhante a Monitorización de seguridad y detección de amenazas con AWS (20)

AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
 
AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWS
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application security
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best Practices
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
DevSecOps-Teams das Security-Steuer überlassen
DevSecOps-Teams das Security-Steuer überlassenDevSecOps-Teams das Security-Steuer überlassen
DevSecOps-Teams das Security-Steuer überlassen
 
DevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as CodeDevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as Code
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your Applications
 
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
 

Mais de javier ramirez

¿Se puede vivir del open source? T3chfest
¿Se puede vivir del open source? T3chfest¿Se puede vivir del open source? T3chfest
¿Se puede vivir del open source? T3chfestjavier ramirez
 
QuestDB: The building blocks of a fast open-source time-series database
QuestDB: The building blocks of a fast open-source time-series databaseQuestDB: The building blocks of a fast open-source time-series database
QuestDB: The building blocks of a fast open-source time-series databasejavier ramirez
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...javier ramirez
 
Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...
Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...
Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...javier ramirez
 
Deduplicating and analysing time-series data with Apache Beam and QuestDB
Deduplicating and analysing time-series data with Apache Beam and QuestDBDeduplicating and analysing time-series data with Apache Beam and QuestDB
Deduplicating and analysing time-series data with Apache Beam and QuestDBjavier ramirez
 
Your Database Cannot Do this (well)
Your Database Cannot Do this (well)Your Database Cannot Do this (well)
Your Database Cannot Do this (well)javier ramirez
 
Your Timestamps Deserve Better than a Generic Database
Your Timestamps Deserve Better than a Generic DatabaseYour Timestamps Deserve Better than a Generic Database
Your Timestamps Deserve Better than a Generic Databasejavier ramirez
 
Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...
Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...
Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...javier ramirez
 
QuestDB-Community-Call-20220728
QuestDB-Community-Call-20220728QuestDB-Community-Call-20220728
QuestDB-Community-Call-20220728javier ramirez
 
Processing and analysing streaming data with Python. Pycon Italy 2022
Processing and analysing streaming data with Python. Pycon Italy 2022Processing and analysing streaming data with Python. Pycon Italy 2022
Processing and analysing streaming data with Python. Pycon Italy 2022javier ramirez
 
QuestDB: ingesting a million time series per second on a single instance. Big...
QuestDB: ingesting a million time series per second on a single instance. Big...QuestDB: ingesting a million time series per second on a single instance. Big...
QuestDB: ingesting a million time series per second on a single instance. Big...javier ramirez
 
Servicios e infraestructura de AWS y la próxima región en Aragón
Servicios e infraestructura de AWS y la próxima región en AragónServicios e infraestructura de AWS y la próxima región en Aragón
Servicios e infraestructura de AWS y la próxima región en Aragónjavier ramirez
 
Primeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverlessPrimeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverlessjavier ramirez
 
How AWS is reinventing the cloud
How AWS is reinventing the cloudHow AWS is reinventing the cloud
How AWS is reinventing the cloudjavier ramirez
 
Analitica de datos en tiempo real con Apache Flink y Apache BEAM
Analitica de datos en tiempo real con Apache Flink y Apache BEAMAnalitica de datos en tiempo real con Apache Flink y Apache BEAM
Analitica de datos en tiempo real con Apache Flink y Apache BEAMjavier ramirez
 
Getting started with streaming analytics
Getting started with streaming analyticsGetting started with streaming analytics
Getting started with streaming analyticsjavier ramirez
 
Getting started with streaming analytics: Setting up a pipeline
Getting started with streaming analytics: Setting up a pipelineGetting started with streaming analytics: Setting up a pipeline
Getting started with streaming analytics: Setting up a pipelinejavier ramirez
 
Getting started with streaming analytics: streaming basics (1 of 3)
Getting started with streaming analytics: streaming basics (1 of 3)Getting started with streaming analytics: streaming basics (1 of 3)
Getting started with streaming analytics: streaming basics (1 of 3)javier ramirez
 
Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...
Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...
Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...javier ramirez
 
En un mundo hiperconectado, las bases de datos de grafos son tu arma secreta
En un mundo hiperconectado, las bases de datos de grafos son tu arma secretaEn un mundo hiperconectado, las bases de datos de grafos son tu arma secreta
En un mundo hiperconectado, las bases de datos de grafos son tu arma secretajavier ramirez
 

Mais de javier ramirez (20)

¿Se puede vivir del open source? T3chfest
¿Se puede vivir del open source? T3chfest¿Se puede vivir del open source? T3chfest
¿Se puede vivir del open source? T3chfest
 
QuestDB: The building blocks of a fast open-source time-series database
QuestDB: The building blocks of a fast open-source time-series databaseQuestDB: The building blocks of a fast open-source time-series database
QuestDB: The building blocks of a fast open-source time-series database
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
 
Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...
Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...
Ingesting Over Four Million Rows Per Second With QuestDB Timeseries Database ...
 
Deduplicating and analysing time-series data with Apache Beam and QuestDB
Deduplicating and analysing time-series data with Apache Beam and QuestDBDeduplicating and analysing time-series data with Apache Beam and QuestDB
Deduplicating and analysing time-series data with Apache Beam and QuestDB
 
Your Database Cannot Do this (well)
Your Database Cannot Do this (well)Your Database Cannot Do this (well)
Your Database Cannot Do this (well)
 
Your Timestamps Deserve Better than a Generic Database
Your Timestamps Deserve Better than a Generic DatabaseYour Timestamps Deserve Better than a Generic Database
Your Timestamps Deserve Better than a Generic Database
 
Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...
Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...
Cómo se diseña una base de datos que pueda ingerir más de cuatro millones de ...
 
QuestDB-Community-Call-20220728
QuestDB-Community-Call-20220728QuestDB-Community-Call-20220728
QuestDB-Community-Call-20220728
 
Processing and analysing streaming data with Python. Pycon Italy 2022
Processing and analysing streaming data with Python. Pycon Italy 2022Processing and analysing streaming data with Python. Pycon Italy 2022
Processing and analysing streaming data with Python. Pycon Italy 2022
 
QuestDB: ingesting a million time series per second on a single instance. Big...
QuestDB: ingesting a million time series per second on a single instance. Big...QuestDB: ingesting a million time series per second on a single instance. Big...
QuestDB: ingesting a million time series per second on a single instance. Big...
 
Servicios e infraestructura de AWS y la próxima región en Aragón
Servicios e infraestructura de AWS y la próxima región en AragónServicios e infraestructura de AWS y la próxima región en Aragón
Servicios e infraestructura de AWS y la próxima región en Aragón
 
Primeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverlessPrimeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverless
 
How AWS is reinventing the cloud
How AWS is reinventing the cloudHow AWS is reinventing the cloud
How AWS is reinventing the cloud
 
Analitica de datos en tiempo real con Apache Flink y Apache BEAM
Analitica de datos en tiempo real con Apache Flink y Apache BEAMAnalitica de datos en tiempo real con Apache Flink y Apache BEAM
Analitica de datos en tiempo real con Apache Flink y Apache BEAM
 
Getting started with streaming analytics
Getting started with streaming analyticsGetting started with streaming analytics
Getting started with streaming analytics
 
Getting started with streaming analytics: Setting up a pipeline
Getting started with streaming analytics: Setting up a pipelineGetting started with streaming analytics: Setting up a pipeline
Getting started with streaming analytics: Setting up a pipeline
 
Getting started with streaming analytics: streaming basics (1 of 3)
Getting started with streaming analytics: streaming basics (1 of 3)Getting started with streaming analytics: streaming basics (1 of 3)
Getting started with streaming analytics: streaming basics (1 of 3)
 
Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...
Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...
Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...
 
En un mundo hiperconectado, las bases de datos de grafos son tu arma secreta
En un mundo hiperconectado, las bases de datos de grafos son tu arma secretaEn un mundo hiperconectado, las bases de datos de grafos son tu arma secreta
En un mundo hiperconectado, las bases de datos de grafos son tu arma secreta
 

Último

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationShrmpro
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 

Último (20)

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 

Monitorización de seguridad y detección de amenazas con AWS

  • 1. © 2020, Amazon Web Services, Inc. or its Affiliates. Esteban Hernández Specialist Solutions Architect Security & Compliance @gamabuntasama Security monitoring andThreat detection Javier Ramirez Developer Advocate @supercoco9
  • 2. © 2020, Amazon Web Services, Inc. or its Affiliates. Protect Detect Respond Automate Investigate RecoverIdentify AWS Systems Manager AWS Config AWS Lambda Amazon CloudWatch Amazon Inspector Amazon Macie Amazon GuardDuty AWS Security Hub AWS IoT Device Defender AWS KMSIAM AWS Single Sign-On Snapshot Archive AWS CloudTrail Amazon CloudWatch Amazon VPC AWS WAF AWS Shield AWS Secrets Manager AWS Firewall Manager AWS Personal Health Dashboard Amazon Route 53 AWS Direct Connect AWS Transit Gateway AWS PrivateLink AWS Step Functions Amazon Cloud Directory AWS CloudHSM AWS Certificate Manager AWS Control Tower AWS Service Catalog AWS Well- Architected Tool AWS Trusted Advisor AWS Resource Access Manager AWS Directory Service Amazon Cognito Amazon S3 Glacier AWS Security Hub AWS Systems Manager AWS CloudFormation AWS OpsWorks Amazon Detective AWS Organizations AWS foundational and layered security services Threat management services
  • 3. © 2020, Amazon Web Services, Inc. or its Affiliates. Log sources
  • 4. © 2020, Amazon Web Services, Inc. or its Affiliates. Different log sources AWS Managed Service Logs System Logs Application Logs
  • 5. © 2020, Amazon Web Services, Inc. or its Affiliates. Overview of log delivery Collect Buffer Aggregate Transform Store
  • 6. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudTrail What is it? • A service that enables governance, compliance, and operational and risk auditing of your AWS account • With CloudTrail, you can capture and log events related to API calls and account activity events across your AWS infrastructure and resources • Simplify your compliance audits by automatically recording and storing activity logs for your AWS account • Increase visibility into your user and resource activity • Discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account What can you do? You define anAmazon S3 bucket for storage Account event occurs generating API activity CloudTrail captures and records the API activity A log of API calls is delivered to an S3 Bucket and optionally delivered to CloudWatch Events and CloudWatch Logs
  • 7. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudTrail Features • CloudTrail enables analysis of operational and security issues by providing visibility into API and event activity in your AWS account. • Key features include: • Management Event and Data Event logging • S3 log delivery • log file encryption • integrity validation • SNS notification • Cross-account S3 delivery • CloudWatch Logs integration • CloudWatch Events integration • Personal Health Dashboard integration • Ability to apply a trail to all regions (applies to new future regions) • Event filters for read/write event actions
  • 8. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudTrail Who? When? What? Where to? Where from? Bill 3:27pm Launch Instance us-west-2 72.21.198.64 Alice 8:19am Added Bob to admin group us-east-1 127.0.0.1 Steve 2:22pm Deleted DynamoDB table eu-west-1 205.251.233.176
  • 9. © 2020, Amazon Web Services, Inc. or its Affiliates. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or perVPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 10. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon CloudWatch Amazon CloudWatch is a monitoring service for AWS cloud resources, applications you run on AWS and onPrem. Monitor EC2SpotTrends Monitor Other Resources Set Alarms - Events Monitor Custom Metrics Monitor & Store Logs Create Dashboards Take automated action Troubleshoot Metrics on Logs Centralize monitoring Operational Status
  • 11. © 2020, Amazon Web Services, Inc. or its Affiliates. Why CloudWatch ? Monitor ActAnalyze • Metrics on resources • Observe app & Infra. health • Monitor custom metrics • Collect and monitor log files • Alarm on metrics and custom metrics • Take automated actions on alarms • Event drive corrective action • Visualization through dashboards • Unified opps. view • Extended retention if desired >
  • 12. © 2020, Amazon Web Services, Inc. or its Affiliates. Log analytics flow Data Producers Collection Permanent cold storage Transformation Analysis and reporting
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon GuardDuty
  • 14. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon GuardDuty: Data sources VPC Flow Logs VPC Flow Logs do not need to be turned on to generate findings; data is consumed through an independent duplicate stream Provides information about network communications for threat intel and behavioral detections DNS logs DNS logs are based on queries made from Amazon EC2 instances to known and unknown questionable domains DNS logs are additional to Amazon Route 53 query logs; Route 53 is not required for GuardDuty to generate DNS-based findings AWS CloudTrail events AWS CloudTrail provides a history of AWS API calls used to access the AWS ManagementConsole, SDKs, AWS Command Line Interface (AWS CLI), etc. Identifies user and account activity, including source IP address used to make the calls
  • 15. © 2020, Amazon Web Services, Inc. or its Affiliates. How Amazon GuardDuty works VPC Flow Logs DNS logs AWS CloudTrail events FindingsData sources Threat intelligence Anomaly detection (ML) AWS Security Hub • Remediate • Partner solutions • Send to SIEM Amazon CloudWatch Event Finding types Examples Bitcoin mining C&C activity Unusual user behavior Examples • Launch instance • Change in network permissions Amazon GuardDuty Threat detection types HIGH MEDIUM LOW Unusual traffic patterns Example • Unusual ports and volume Amazon S3 bucket
  • 16. © 2020, Amazon Web Services, Inc. or its Affiliates. What can Amazon GuardDuty detect? GuardDuty leverages threat intelligence from various sources • AWS security intel • AWS Partner Network (APN) Partners CrowdStrike and Proofpoint • Customer-provided threat intel Threat intelligence enables GuardDuty to identify the following: • Known malware-infected hosts • Anonymizing proxies • Sites hosting malware and hacker tools • Cryptocurrency mining pools and wallets Detecting known threats using threat intelligence
  • 17. © 2020, Amazon Web Services, Inc. or its Affiliates. Unknown threats using machine learning Algorithms to detect unusual behavior • Inspecting signal patterns for heuristics • Profiling normal behavior and looking at deviations • Using machine learning classifiers
  • 18. © 2020, Amazon Web Services, Inc. or its Affiliates. Reviewing findings: GuardDuty console
  • 19. © 2020, Amazon Web Services, Inc. or its Affiliates. Reviewing findings: Details of API/JSON findings AWS Management Console API/JSON format Threat information • Severity • Region • Count/Frequency • Threat type • Affected resource • Source information • Viewable via Amazon CloudWatch Events
  • 20. © 2020, Amazon Web Services, Inc. or its Affiliates. Reviewing findings: CloudWatch Events • GuardDuty aggregates all changes to findings that take place in five-minute intervals into a single event • CloudWatch Events can be graphed, stored, exported, and further analyzed Example: GuardDuty-related CloudWatch Event
  • 21. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon CloudWatch CloudWatch Event Report Take action Amazon GuardDuty Detect Acting on findings
  • 22. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS Security Hub
  • 23. © 2020, Amazon Web Services, Inc. or its Affiliates. Enable AWS Security Hub for all your accounts Account 1 Account 2 Account 3 Conduct automated compliance scans and checks Take action based on findings. Continuously aggregate and prioritize findings Better visibility into security issues Easier to stay in compliance Introduction to AWS Security Hub
  • 24. © 2020, Amazon Web Services, Inc. or its Affiliates. Avoid the use of the "root" account Ensure CloudTrail is enabled in all Regions Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 Ensure IAM policies that allow full "*:*" administrative privileges are not created Examples 43 preconfigured rules for CIS Compliance standards
  • 25. © 2020, Amazon Web Services, Inc. or its Affiliates. Compliance standards
  • 26. © 2020, Amazon Web Services, Inc. or its Affiliates. Aggregated findings
  • 27. © 2020, Amazon Web Services, Inc. or its Affiliates. Insights help identify resources that require attention
  • 28. © 2020, Amazon Web Services, Inc. or its Affiliates. • Dashboard provides visibility into the top security findings • 20 pre-built insights provided by AWS and APN Partners • Customers can create their own insights • Examples Dashboard Amazon EC2 instances that have missing security patches Amazon S3 buckets with stored credentials Amazon S3 buckets with public read and write permissions Top AMIs by counts of findings 20 pre-built insights AWS Security Hub insights
  • 29. © 2020, Amazon Web Services, Inc. or its Affiliates. Taking action on findings AWS Security Hub Amazon CloudWatch Events Amazon GuardDuty Amazon Inspector Amazon Macie Third-party providers
  • 30. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective
  • 31. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective Quickly analyze, investigate, and identify the root cause of security issues Built-in data collection Automated analysis Visual insights
  • 32. © 2020, Amazon Web Services, Inc. or its Affiliates. How does Amazon Detective work?
  • 33. © 2020, Amazon Web Services, Inc. or its Affiliates. Easy-to-use visualizations Faster and more effective investigations Ability to save time and effort with continuous data updates Amazon Detective: Key benefits
  • 34. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective: Sample use cases Incident investigation
  • 35. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective:Workflow integration SIEM/alert console Orchestration/ticketing system
  • 36. © 2020, Amazon Web Services, Inc. or its Affiliates. Amazon Detective: Integrations and managed services APN Partners
  • 37. © 2020, Amazon Web Services, Inc. or its Affiliates. Gracias Síguenos en twitter: https://twitter.com/awscloud_es Webinars y eventos: https://aws.amazon.com/es/about-aws/events/eventos-es/ Contacto: https://aws.amazon.com/es/contact-us/ Noticias y novedades: https://aws.amazon.com/es/new No olvides rellenar la encuesta para ayudarnos a mejorar Esteban Hernández Specialist Solutions Architect Security & Compliance @gamabuntasama Javier Ramirez Developer Advocate @supercoco9

Notas do Editor

  1. Identify Protect Detect Respond Recover CloudFormation, OpsWorks, - recovery is not just about the data, but also the ability to recover their entire infrastructure and apps extremely fast.
  2. Integrity validation uses Who changed what, when, and using what credentials?
  3. How does Integrity Validation work? CloudTrail creates a digest file, when it delivers new logs into your Amazon S3 Bucket CloudTrail uses a private key per-region to cryptographically sign the digest file Customers can use a public key, that correlates to the private key, to validate signatures SNS notifications when new CloudTrail log files are delivered to Amazon S3 Bucket
  4. Who made the API call? When was the API call made? What was the API call? Which resources were acted up on in the API call? Where was the API call made from and made to? Stored durably in S3 Discuss ways to consume CloudTrail logs (Console, CLI, Splunk, SumoLogic, AlertLogic, Loggly, DataDog, etc.)
  5. No Agents! Just Turn it on. No really, Ill wait. Enable per ENI, per Subnet or per VPC All network traffic data is logged to CloudWatch logs so you get durable storage but also all the analysis features such as filter queries and metric creation And then Create Alarms on those metrics Collected, processed and stored in ~10 minute capture windows into Cloudwatch Logs
  6. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS and OnPrem. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances etc, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application, infrastructure and operations running smoothly. At a high-level CloudWatch allows to: Spot Trends Centralize Monitoring Troubleshoot Create Metrics on Logs to evaluate behavior Take automated action with event and alarms And have a operational status view through dashboards.
  7. Data Sources GuardDuty analyzes AWS VPC Flow Logs, DNS and CloudTrail Events. It is optimized to consume large volumes of. AWS does all of the heavy lifting you are not required to turn on any logging. Data is NOT stored by GuardDuty – It is pulled from internal sources, analyzed in memory and then discarded. GuardDuty ONLY stores the results from the findings that are produced. Thus your data remains your data Click
  8. With threat intel being applied to data sources Guard Duty can detect known threats and produce instant findings (they are known !). Things like (READ bottom of slide) Threat Intel comes from: AWS Security Intel – GuardDuty has access to AWS’ own security intel feed (from ASIS team). This is the only way you can access this feed. This Intel is constantly being updated by AWS Security team. Commercial/partner Intelligence is currently provided by CrowdStrike and ProofPoint. At no extra cost to the customer. Customer’s can provide there own Threat Intelligence data and customer provided threat intel does not get shared across customers. What Else can GD detect…
  9. Discuss Training periods – don’t try to test these For detecting unknown threats GuardDuty incorporates a heuristic or anomaly based technique that builds profiles of "normal" behavior and then looks for deviations from that normal behavior. This is done using very simplistic state-machines to represent normal behavior, to approximating normal behavior
  10. GuardDuty has an AWS console that consists of a findings dashboard and functionality for customers to review, investigate, search, filter, manage, and respond to GuardDuty security findings Auto – Archive feature (Examples: SSH for bastion, portscan for vuln tool, anything you don’t want to action on) In the right hand pane GuardDuty provides actionable alerts that include detailed information about the threat and AWS resources involved.
  11. GuardDuty can be leveraged vie the CLI/SDK/API using a JSON format which really means all of the information can be used in a machine to machine use case or more generally integrating with various technologies Using…
  12. CloudWatch Events Aggregation logic Auto-Archive suppression Sample Findings
  13. AWS Security Hub workflow Get started in a few clicks and a few more for multi-account rollup No normalization or parsing needed with AWS Security Finding Format 28 partner integrations with simple setup (a few clicks to 15 min of CloudFormation deployment); 3 fully automated AWS integrations 25+ out-of-the-box AWS correlation and stacking rules called “insights” and ability for customers to create their own; plus default ones from partners coming soon. Automated compliance checks via CIS AWS Foundations Benchmark Automated response and remediation actions on specific findings via CloudWatch Events rules and targets You can set up AWS Security Hub in the AWS Management Console by clicking the “Enable Security Hub” button and adding your AWS accounts to the service. The process of ingesting data across the AWS security services begins. Security Hub (CLICK) aggregates findings from AWS security services and partner security tools and correlate them to identify the highest priority findings. As an additional step, (CLICK) Security Hub conducts continuous and automated compliance checks using industry standards and provide the results to you for remediation. Finally, you may review the findings (CLICK) in the console and select the ones for specific actions such as sending finding to ticketing, chat, email, or automated remediation via CloudWatch Events and Lambda.
  14. AWS Security Hub workflow Get started in a few clicks and a few more for multi-account rollup No normalization or parsing needed with AWS Security Finding Format 28 partner integrations with simple setup (a few clicks to 15 min of CloudFormation deployment); 3 fully automated AWS integrations 25+ out-of-the-box AWS correlation and stacking rules called “insights” and ability for customers to create their own; plus default ones from partners coming soon. Automated compliance checks via CIS AWS Foundations Benchmark Automated response and remediation actions on specific findings via CloudWatch Events rules and targets You can set up AWS Security Hub in the AWS Management Console by clicking the “Enable Security Hub” button and adding your AWS accounts to the service. The process of ingesting data across the AWS security services begins. Security Hub (CLICK) aggregates findings from AWS security services and partner security tools and correlate them to identify the highest priority findings. As an additional step, (CLICK) Security Hub conducts continuous and automated compliance checks using industry standards and provide the results to you for remediation. Finally, you may review the findings (CLICK) in the console and select the ones for specific actions such as sending finding to ticketing, chat, email, or automated remediation via CloudWatch Events and Lambda.
  15. 1.1 Avoid the use of the "root" account 1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password 1.3 Ensure credentials unused for 90 days or greater are disabled 1.4 Ensure access keys are rotated every 90 days or less 1.5 Ensure IAM password policy requires at least one uppercase letter 1.6 Ensure IAM password policy requires at least one lowercase letter 1.7 Ensure IAM password policy requires at least one symbol 1.8 Ensure IAM password policy requires at least one number 1.9 Ensure IAM password policy requires minimum password length of 14 or greater 1.10 Ensure IAM password policy prevents password reuse 1.11 Ensure IAM password policy expires passwords within 90 days or less 1.12 Ensure no root account access key exists 1.13 Ensure MFA is enabled for the "root" account 1.14 Ensure hardware MFA is enabled for the "root" account 1.16 Ensure IAM policies are attached only to groups or roles 1.20  1.22 Ensure IAM policies that allow full "*:*" administrative privileges are not created 2.1 Ensure CloudTrail is enabled in all regions 2.2 Ensure CloudTrail log file validation is enabled 2.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible 2.4 Ensure CloudTrail trails are integrated with CloudWatch Logs 2.5 Ensure AWS Config is enabled in all regions 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket 2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs 2.8 Ensure rotation for customer created CMKs is enabled 2.9 Ensure VPC flow logging is enabled in all VPCs 3.1 Ensure a log metric filter and alarm exist for unauthorized API calls 3.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA 3.3 Ensure a log metric filter and alarm exist for usage of "root" account 3.4 Ensure a log metric filter and alarm exist for IAM policy changes 3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures 3.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs 3.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes 4.1 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 4.2 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 4.3 Ensure the default security group of every VPC restricts all traffic
  16. 1.1 Avoid the use of the "root" account 1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password 1.3 Ensure credentials unused for 90 days or greater are disabled 1.4 Ensure access keys are rotated every 90 days or less 1.5 Ensure IAM password policy requires at least one uppercase letter 1.6 Ensure IAM password policy requires at least one lowercase letter 1.7 Ensure IAM password policy requires at least one symbol 1.8 Ensure IAM password policy requires at least one number 1.9 Ensure IAM password policy requires minimum password length of 14 or greater 1.10 Ensure IAM password policy prevents password reuse 1.11 Ensure IAM password policy expires passwords within 90 days or less 1.12 Ensure no root account access key exists 1.13 Ensure MFA is enabled for the "root" account 1.14 Ensure hardware MFA is enabled for the "root" account 1.16 Ensure IAM policies are attached only to groups or roles 1.20  1.22 Ensure IAM policies that allow full "*:*" administrative privileges are not created 2.1 Ensure CloudTrail is enabled in all regions 2.2 Ensure CloudTrail log file validation is enabled 2.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible 2.4 Ensure CloudTrail trails are integrated with CloudWatch Logs 2.5 Ensure AWS Config is enabled in all regions 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket 2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs 2.8 Ensure rotation for customer created CMKs is enabled 2.9 Ensure VPC flow logging is enabled in all VPCs 3.1 Ensure a log metric filter and alarm exist for unauthorized API calls 3.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA 3.3 Ensure a log metric filter and alarm exist for usage of "root" account 3.4 Ensure a log metric filter and alarm exist for IAM policy changes 3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures 3.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs 3.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes 4.1 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 4.2 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 4.3 Ensure the default security group of every VPC restricts all traffic
  17. Standards is one of the methods used by Security Hub to process findings. This method uses compliance frameworks that are based on regulatory requirements or AWS best practices. AWS has defined specific evaluation checks that align to the controls within a certain compliance standard. CIS, or Center for Internet Security, AWS Foundations Benchmark is the compliance standard currently being used by Security Hub. AWS Security Hub creates a score to inform you how your AWS environment is doing against the CIS Benchmark and displays it on the main dashboard. When you click through to the standard, you will see a summary of the controls that need your attention. Security Hub also shows informational best practices on how to mitigate each compliance issue.
  18. We do all the heavy lifting of provisions processing and storing logs We take those logs and extract important records and combine them into a federated view Then present them in an organized time series view that power investigations and reduce mean time to respond Out of the box we keep this information for a full year so you can historically go back in time
  19.    Amazon Detective automatically processes terabytes of event data records about IP traffic, AWS management operations, and malicious or unauthorized activity. It organizes the data into a graph model that summarizes all the security-related relationships in your AWS environment. Amazon Detective then queries this model to create visualizations used in investigations. The graph model is continuously updated as new data becomes available from AWS resources, so you spend less time managing constantly changing data. Amazon Detective is integrated with AWS security services such as Amazon GuardDuty and AWS Security Hub as well as AWS partner security products to help quickly investigate security findings identified in these services. Using a single-click from these integrated services you can go to Amazon Detective and immediately see events related to the finding, drill down into relevant historical activities and investigate the issue. For example, from an Amazon GuardDuty finding, you can launch Amazon Detective by clicking on “Investigate” that provides instant insight into the relevant activity for the involved resource, giving you the details and context to quickly decide whether the detected finding reflects actual suspicious activity. Amazon Detective produces visualizations with the information you need to investigate and respond to security findings. It helps you answer questions like ‘is this normal for this role to have so many failed API calls?’ or ‘is this spike in traffic from this instance expected?’ without having to organize any data or develop, configure, or tune your own queries and algorithms. Amazon Detective maintains up to a year of historical event data that shows changes in the type and volume of activity over a selected time window, and links those changes to security findings.
  20. Benefits [“Why”]   Faster and more effective investigations Amazon Detective presents a unified view of user and resource interactions over time, with all the context and details in one place to help you quickly analyze and get to the root cause of a security finding. For example, an Amazon GuardDuty finding, like an unusual Console Login API call, can be quickly investigated in Amazon Detective with details about the API call trends over time, and user login attempts on a geolocation map. These details enable you to quickly identify if you think it is legitimate or an indication of a compromised AWS resource. Save time and effort with continuous data updates Amazon Detective automatically processes terabytes of event data records about IP traffic, AWS management operations, and malicious or unauthorized activity. It organizes the data into a graph model that summarizes all the security-related relationships in your AWS environment. Amazon Detective then queries this model to create visualizations used in investigations. The graph model is continuously updated as new data becomes available from AWS resources, so you spend less time managing constantly changing data. Easy to use visualizations Amazon Detective produces visualizations with the information you need to investigate and respond to security findings. It helps you answer questions like ‘is this normal for this role to have so many failed API calls?’ or ‘is this spike in traffic from this instance expected?’ without having to organize any data or develop, configure, or tune your own queries and algorithms. Amazon Detective maintains up to a year of historical event data that shows changes in the type and volume of activity over a selected time window, and links those changes to security findings.
  21. You may be organized with tier one analysts Or you may have a small team that is responsible for all of it