SlideShare ist ein Scribd-Unternehmen logo

Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow Logs and Other AWS Tools (Sponsored by Cisco Stealthwatch) - AWS Summit Sydney

Amazon Web Services
Amazon Web Services

Visibility is a must for detecting threats and compromises in the cloud, containers, and on-premises networks. In this session, we will explore how Stealthwatch Cloud uses VPC Flow logs and network telemetry combined with advanced analytics such as entity modeling and threat intelligence feeds like Cisco Talos to detect attacks, data exfiltration, unusual remote access, and traffic that is not compliant with your policies.

1 von 22
S U M M I T S Y DNEY
Cisco Stealthwatch Cloud: How to achieve better visibility, stronger security and receive actionable alerts using VPC Flow Logs Mindy Schlueter Principal Cybersecurity Systems Engineer
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why is this important? - Smarter threats are more difficult to detect Motivated and targeted adversaries Insider Threats Increased attack sophistication State sponsored Financial/espionage motives $1T cybercrime market Compromised credentials Disgruntled employees Admin/privileged accounts Advanced persistent threats Encrypted malware Zero-day exploits Industry average detection time for a breach Industry average time to contain a breach Average cost of a data breach Time Source: Ponemon 2018 Cost of a Data Breach Study
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What is required? - Visibility is required for detection but is it enough? Crypto Mining Network Recon Ransomware Compliance Network Visualization Bad User Behavior Shadow IT Unapproved DNS High Risk Countries Poor Security Posture
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Challenge – How do we analyze massive amounts of data from many sources to find the interesting event? Network Users HQ Data Center Admin Branch RECORD every conversation Understand what is NORMAL Be alerted to CHANGE KNOW every host Respond to THREATS quickly Roaming Users Cloud
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Solution! - Stealthwatch Cloud Help with Visibility, Threat Identification and Network Compliance Using Dynamic Entity Modeling (Machine Learning) Cloud Native Logs Premises Network Flows Virtual Sensor NetFlow IPFIX Mirror/Span AWS
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Entity Modeling (Machine Learning) How? - Use cloud native APIs and data sources to ingest the traffic in near real time What? Maintain a model (a kind of simulation) of each and every device & entity on your network Why? - Have a derived understanding of typical behavior, be able to detect when behavior changes that represents a security risk © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How we do it?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Machine Learning provides better threat detection 36 Day Baseline Collect Input Draw ConclusionsPerform Analysis CloudTrail NetFlow/IPFIX IAM Logs Watch lists 3rd Party Services VPC Flow Logs Dynamic Entity Modeling Using Machine Learning Group Consistency Rules Forecast Role What ports/protocols does the device continually use or never use? Do all roles behave similarly? Do all remote desktop servers communicate the same? Does it communicate internally only? What countries does it talk to? Should the connection be allowed? How much data does the device normally send/receive by profile, time of day, etc? What is the role of the device? Should this role being doing this on the network? Turn Network data into actionable alerts! Start – collect meta data
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Day Baseline Monitor and model behavior Classify roles Dynamically assign roles to entities Alert Triggers for Database Exfiltration Database server identified IP address detected Data access from regular location Machine Learning helps us to detect abnormal activity for an entity New External Connection osbservation New High Throughput Connection Existing IP accesses database server Communicates with set of IPs Data stays within environment ? Discovery & Learning Role Detected Baselineing Normal Behaviour Anamoly Detected Alert Generated Machine Learning
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Excessive failed access attempts Produce Low-noise alerts Made possible via Machine Learning DDoS and amplification attacks Potential data exfiltration Geographically unusual remote access Suspected botnet interaction ALERT: Anomaly detected 96% of customers rated the alerts generated by Stealthwatch Cloud’s entity modeling solutions as “helpful” E.g. 10k endpoints = 1-2 Alerts/day
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Create an understanding of the resource/entity http://www.cisco.obsrvbl.com/roles X IP Addresses Traffic Counters 30 Day Dashboard Connectivity Counters Matched Traffic Profiles For example we monitor an entities:
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Expected Behavior based on Role Lambda Nat Gateway Database Services ELBs Terminal Servers http://www.cisco.obsrvbl.com/roles X We use roles to predict how an entity will operate – determined by APIs or behavior Someone scanning the IP of the NAT Gateway (role) is not as interesting as someone scanning my databases. Entity with this role then scan less important Entity with this role then scan more important
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Visibility In addition to entity visibility SWC can provide visibility of network resources as well!
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A database server exporting data to a foreign country Note the supporting Observations
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Talos Intelligence - Web Probing from Tor Exit Nodes 172.23.3.45 entity appears on multiple watch (black) lists Leverage threat feeds like Cisco’s Talos to identify bad hosts
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Failed SSH connection attempts seen Multiple access failures – entity does not have SSH locked down Detect poor security posture – without the need to complete baselining So lets identity the gaps before they become compromises.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Building Segmentation Rules Compliance rules – catch unwanted communications Highlight forbidden communications between internal entities So lets identity the gaps before they become compromises.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Amazon Account How Does it work? - Amazon Web Services Architecture SaaS Portal API Permissions allow SWC to read AWS services Role Created for SWC in Account Amazon CloudWatch Amazon CloudTrail Amazon VPC Amazon VPC Amazon VPC Amazon Simple Storage Service (S3) AWS Identity and Access Management (IAM) Amazon GuardDuty AWS Lambda Amazon Inspector AWS Config Flow logs Flow logs Read only permissions required for VPC flow logs TLS 1.2
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How do we integrate! - Open APIs and built in services allow for integration into current systems SaaS Management Portal Web Platforms Email SIEM AWS And Other Applications S3SQS Stealthwatch Cloud SNS Because we know that security these days is not about having one point product but having a solution that can integrate with multiple applications that all work together!
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How do I get started! - 60 Day free trial via AWS Marketplace or Cisco Direct SaaS Management Portal features - Unlimited users No patching necessary Support included Available anywhere New features added monthly http://www.cisco.obsrvbl.com/roles X Link to free trial - https://aws.amazon.com/marketplace/pp/B075MWZVBM
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demo
cisco.com/go/stealthwatchcisco.com/go/stealthwatch

Empfohlen

Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Amazon Web Services
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAmazon Web Services
 
WildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopWildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopAmazon Web Services
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Amazon Web Services
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon Web Services
 

Empfohlen

Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Amazon Web Services
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAmazon Web Services
 
WildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopWildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopAmazon Web Services
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Amazon Web Services
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon Web Services
 
Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Amazon Web Services
 
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Amazon Web Services
 
Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊Amazon Web Services
 
AWS_IPC_EUC_Webinar_Deck_Final.pdf
AWS_IPC_EUC_Webinar_Deck_Final.pdfAWS_IPC_EUC_Webinar_Deck_Final.pdf
AWS_IPC_EUC_Webinar_Deck_Final.pdfAmazon Web Services
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Amazon Web Services
 
Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
Vishwakarma: Terraform modules for deploying EKS and Self-hosting KubernetesVishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
Vishwakarma: Terraform modules for deploying EKS and Self-hosting KubernetesAmazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...Amazon Web Services
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Amazon Web Services
 
AWS IoT - from Cloud to Edge | AWS Floor28
AWS IoT - from Cloud to Edge | AWS Floor28AWS IoT - from Cloud to Edge | AWS Floor28
AWS IoT - from Cloud to Edge | AWS Floor28Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
 
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...Amazon Web Services
 
AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best PracticesAmazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Amazon Web Services
 
Education : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsEducation : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsAmazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Amazon Web Services
 
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Amazon Web Services
 
Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊Amazon Web Services
 
AWS_IPC_EUC_Webinar_Deck_Final.pdf
AWS_IPC_EUC_Webinar_Deck_Final.pdfAWS_IPC_EUC_Webinar_Deck_Final.pdf
AWS_IPC_EUC_Webinar_Deck_Final.pdfAmazon Web Services
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Amazon Web Services
 
Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
Vishwakarma: Terraform modules for deploying EKS and Self-hosting KubernetesVishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
Vishwakarma: Terraform modules for deploying EKS and Self-hosting KubernetesAmazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...Amazon Web Services
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Amazon Web Services
 
AWS IoT - from Cloud to Edge | AWS Floor28
AWS IoT - from Cloud to Edge | AWS Floor28AWS IoT - from Cloud to Edge | AWS Floor28
AWS IoT - from Cloud to Edge | AWS Floor28Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
 
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...Amazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Amazon Web Services
 
Education : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsEducation : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsAmazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 

Was ist angesagt? (20)

Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...
 
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
 
Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊
 
AWS_IPC_EUC_Webinar_Deck_Final.pdf
AWS_IPC_EUC_Webinar_Deck_Final.pdfAWS_IPC_EUC_Webinar_Deck_Final.pdf
AWS_IPC_EUC_Webinar_Deck_Final.pdf
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
 
Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
Vishwakarma: Terraform modules for deploying EKS and Self-hosting KubernetesVishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
 
AWS IoT - from Cloud to Edge | AWS Floor28
AWS IoT - from Cloud to Edge | AWS Floor28AWS IoT - from Cloud to Edge | AWS Floor28
AWS IoT - from Cloud to Edge | AWS Floor28
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
Enable Your Smart Factory with the AWS Industrial IoT Reference Solution (MFG...
 
AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best Practices
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
 
Education : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsEducation : Digital transformation & AWS Foundations
Education : Digital transformation & AWS Foundations
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
 

Ähnlich wie Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow Logs and Other AWS Tools (Sponsored by Cisco Stealthwatch) - AWS Summit Sydney

AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Cisco Cybersecurity #10YearChallenge
Cisco Cybersecurity #10YearChallengeCisco Cybersecurity #10YearChallenge
Cisco Cybersecurity #10YearChallengeCristian Garcia G.
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsRobb Boyd
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Canada
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Amazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Amazon Web Services
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCase IQ
 

Ähnlich wie Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow Logs and Other AWS Tools (Sponsored by Cisco Stealthwatch) - AWS Summit Sydney (20)

AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Cisco Cybersecurity #10YearChallenge
Cisco Cybersecurity #10YearChallengeCisco Cybersecurity #10YearChallenge
Cisco Cybersecurity #10YearChallenge
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow Logs and Other AWS Tools (Sponsored by Cisco Stealthwatch) - AWS Summit Sydney

  • 1. S U M M I T S Y DNEY
  • 2. Cisco Stealthwatch Cloud: How to achieve better visibility, stronger security and receive actionable alerts using VPC Flow Logs Mindy Schlueter Principal Cybersecurity Systems Engineer
  • 3. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why is this important? - Smarter threats are more difficult to detect Motivated and targeted adversaries Insider Threats Increased attack sophistication State sponsored Financial/espionage motives $1T cybercrime market Compromised credentials Disgruntled employees Admin/privileged accounts Advanced persistent threats Encrypted malware Zero-day exploits Industry average detection time for a breach Industry average time to contain a breach Average cost of a data breach Time Source: Ponemon 2018 Cost of a Data Breach Study
  • 4. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What is required? - Visibility is required for detection but is it enough? Crypto Mining Network Recon Ransomware Compliance Network Visualization Bad User Behavior Shadow IT Unapproved DNS High Risk Countries Poor Security Posture
  • 5. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Challenge – How do we analyze massive amounts of data from many sources to find the interesting event? Network Users HQ Data Center Admin Branch RECORD every conversation Understand what is NORMAL Be alerted to CHANGE KNOW every host Respond to THREATS quickly Roaming Users Cloud
  • 6. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Solution! - Stealthwatch Cloud Help with Visibility, Threat Identification and Network Compliance Using Dynamic Entity Modeling (Machine Learning) Cloud Native Logs Premises Network Flows Virtual Sensor NetFlow IPFIX Mirror/Span AWS
  • 7. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Entity Modeling (Machine Learning) How? - Use cloud native APIs and data sources to ingest the traffic in near real time What? Maintain a model (a kind of simulation) of each and every device & entity on your network Why? - Have a derived understanding of typical behavior, be able to detect when behavior changes that represents a security risk © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How we do it?
  • 8. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Machine Learning provides better threat detection 36 Day Baseline Collect Input Draw ConclusionsPerform Analysis CloudTrail NetFlow/IPFIX IAM Logs Watch lists 3rd Party Services VPC Flow Logs Dynamic Entity Modeling Using Machine Learning Group Consistency Rules Forecast Role What ports/protocols does the device continually use or never use? Do all roles behave similarly? Do all remote desktop servers communicate the same? Does it communicate internally only? What countries does it talk to? Should the connection be allowed? How much data does the device normally send/receive by profile, time of day, etc? What is the role of the device? Should this role being doing this on the network? Turn Network data into actionable alerts! Start – collect meta data
  • 9. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Day Baseline Monitor and model behavior Classify roles Dynamically assign roles to entities Alert Triggers for Database Exfiltration Database server identified IP address detected Data access from regular location Machine Learning helps us to detect abnormal activity for an entity New External Connection osbservation New High Throughput Connection Existing IP accesses database server Communicates with set of IPs Data stays within environment ? Discovery & Learning Role Detected Baselineing Normal Behaviour Anamoly Detected Alert Generated Machine Learning
  • 10. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Excessive failed access attempts Produce Low-noise alerts Made possible via Machine Learning DDoS and amplification attacks Potential data exfiltration Geographically unusual remote access Suspected botnet interaction ALERT: Anomaly detected 96% of customers rated the alerts generated by Stealthwatch Cloud’s entity modeling solutions as “helpful” E.g. 10k endpoints = 1-2 Alerts/day
  • 11. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Create an understanding of the resource/entity http://www.cisco.obsrvbl.com/roles X IP Addresses Traffic Counters 30 Day Dashboard Connectivity Counters Matched Traffic Profiles For example we monitor an entities:
  • 12. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Expected Behavior based on Role Lambda Nat Gateway Database Services ELBs Terminal Servers http://www.cisco.obsrvbl.com/roles X We use roles to predict how an entity will operate – determined by APIs or behavior Someone scanning the IP of the NAT Gateway (role) is not as interesting as someone scanning my databases. Entity with this role then scan less important Entity with this role then scan more important
  • 13. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Visibility In addition to entity visibility SWC can provide visibility of network resources as well!
  • 14. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A database server exporting data to a foreign country Note the supporting Observations
  • 15. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Talos Intelligence - Web Probing from Tor Exit Nodes 172.23.3.45 entity appears on multiple watch (black) lists Leverage threat feeds like Cisco’s Talos to identify bad hosts
  • 16. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Failed SSH connection attempts seen Multiple access failures – entity does not have SSH locked down Detect poor security posture – without the need to complete baselining So lets identity the gaps before they become compromises.
  • 17. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Building Segmentation Rules Compliance rules – catch unwanted communications Highlight forbidden communications between internal entities So lets identity the gaps before they become compromises.
  • 18. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Amazon Account How Does it work? - Amazon Web Services Architecture SaaS Portal API Permissions allow SWC to read AWS services Role Created for SWC in Account Amazon CloudWatch Amazon CloudTrail Amazon VPC Amazon VPC Amazon VPC Amazon Simple Storage Service (S3) AWS Identity and Access Management (IAM) Amazon GuardDuty AWS Lambda Amazon Inspector AWS Config Flow logs Flow logs Read only permissions required for VPC flow logs TLS 1.2
  • 19. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How do we integrate! - Open APIs and built in services allow for integration into current systems SaaS Management Portal Web Platforms Email SIEM AWS And Other Applications S3SQS Stealthwatch Cloud SNS Because we know that security these days is not about having one point product but having a solution that can integrate with multiple applications that all work together!
  • 20. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How do I get started! - 60 Day free trial via AWS Marketplace or Cisco Direct SaaS Management Portal features - Unlimited users No patching necessary Support included Available anywhere New features added monthly http://www.cisco.obsrvbl.com/roles X Link to free trial - https://aws.amazon.com/marketplace/pp/B075MWZVBM
  • 21. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demo