SlideShare ist ein Scribd-Unternehmen logo

Automating DDos and WAF responses - AWS Summit Cape Town 2018

Amazon Web Services
Amazon Web Services

Speaker: Andrew Kane, AWS Level: 300/400 Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as AWS Web Application Firewall, AWS Shield, AWS CloudWatch, and more. You will also learn how to use Lambda functions to automate event response and integrate with your security operations tools.

1 von 54
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dr. Andrew Kane Solutions Architect, Amazon Web Services David Beukes CTO, DPO Paygate Automating DDoS and WAF Response
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager DEM O DEM O
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Types of threat Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Types of threat Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Types of threat Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DDoS threats Network / Transport Layer DDoS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. On-Premises mitigation approach • Scale network and fixed infrastructure to mitigate DDoS and WAF attacks on-site • Visibility and control • Large capital expenditures, maintenance costs, and in-house expertise
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud-Routed mitigation approach • Route traffic to other networks for better mitigation capacity, managed services • Mitigate larger attacks without upfront investment or in-house expertise • Black box solution – can introduce latency, additional points of failure, increased operating costs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud-Native mitigation approach • Automatic, always-on DDoS and WAF protection for all applications on AWS • Leverage 18 AWS Geographic Regions, 1 Local Region, 112 Edge Locations and 11 Regional Caches to mitigate large attacks close to the source • Simple, flexible, and affordable, with visibility into attacks and their remediations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. “But why do I have to?” CostScale Reliability/ Repeatability
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Wrangling security information sources CloudWatch Events On-Instance Logs VPC Flow Logs CloudWatch Logs CloudWatch Alarms (via Am azon SN S) Lambda Function Amazon S3 Access Logs S3 Bucket Macie GuardDutyCloudTrail Shield Advanced WAF
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A Quick Aside: Amazon CloudFront
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Global Content Delivery Network • Integrated with AWS WAF and AWS Shield • Intelligence of Lambda@Edge Compute Capability • Built In Security Features • Cost Effective Pricing Options Amazon CloudFront – Highlights
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront AWS WAF Amazon API Gateway Amazon CloudFront – Edge Locations Global Network Infrastructure 123 PoPs (112 Edge, 11 Regional) 26 Countries, 59 Cities
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom Origin Protection Header and ACL Content Protection Signed URL / Cookies Content Restriction Geo Blocking S3 Origin Access Identity Access Control Amazon CloudFront – Built-in Security Controls Offload Heavy-Lifting to the Edge
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Advanced Ciphers Certificate Manager RSA and ECDSA Algorithms OCSP Stapling Session Tickets Perfect Forward Secrecy Protocol Enforcement Half / Full Bridge Connections Encrypted Connections Custom Origin Protection Header and ACL Content Protection Signed URL / Cookies Content Restriction Geo Blocking S3 Origin Access Identity Access Control Compliance: PCI DSS Level 1, HIPAA, FedRamp, ISO 9001, 27001, 27017, 27018 Amazon CloudFront – Built-in Security Controls Offload Heavy-Lifting to the Edge
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield and Shield Advanced Automatically provided to all AWS customers at no additional cost Standard Protection Advanced Protection Paid service that provides additional protections, features, and benefits
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield • Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region • Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 • Application layer defense available when using AWS WAF Standard Protection Automatically provided to all AWS customers at no additional cost
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield Advanced • Attack visibility and enhanced detection • Cost Protection to mitigate economic attack vectors • AWS WAF for application-layer defense, at no additional cost • Fast escalation to the AWS DDoS Response Team (DRT) to assist with complex edge cases Advanced Protection Available globally on Amazon CloudFront, Amazon Route 53, and in select AWS Regions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS Effective Against: • Large-scale attacks DDoS Response Team
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Effective Against: • SYN Floods • Reflection Attacks • Suspicious Sources Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS DDoS Response Team
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Effective Against: • SSL Attacks • Slowloris • Malformed HTTP Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS DDoS Response Team
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Effective Against: • HTTP Floods • Bad Bots • Suspicious IPs Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS DDoS Response Team
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS Effective Against: • Sophisticated Layer 7 attacks DDoS Response Team
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEMO: SHIELD ADVANCED • Monitoring and Alerting Setup • UDP Flood Attack Mitigation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. UDP floods SYN floods Slowloris SSL abuse UDP reflection HTTP floods Types of threat Bad BotsDDoS Application Attacks Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits AWSWAF
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Application threats and Bad bots Good users and bots Bad guys Web server Database SQL injection Application exploits Bad bots Content scrapers Scanners & probes Crawlers
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS WAF Fast Incident Response Managed Rulesets APIs for Automation Flexible Rule Language “A web application firewall designed to help you defend against common web application exploits.”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace rule groups • Pre-defined rules written by AWS or AWS Partners • Designed for different purposes, e.g. • Specific applications, such as WordPress • OWASP Top 10 vulnerabilities • Automatically updated as threats emerge • No long-term contracts
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEMO: WAF VIRTUAL PATCHING • Write and roll-out patch for Struts CVE-2017-5638
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our vision is to provide an accessible, reliable, secure and comprehensive payments network across Africa.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Territories Botswana Ethiopia Ghana Kenya Malawi Mauritius Namibia Nigeria Rwanda South Africa Tanzania Uganda Zambia Zimbabwe Angola* Cabo Verde* Cameroon* DRC* Ivory Coast* Lesotho* Madagascar* Mali* Morocco* Mozambique* Réunion* Senegal* Swaziland* Togo* 14 countries in 2017 28 countries in 2018
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Industries & Volumes Online Retail Travel & Tourism 2017: 200 transactions / minute 2018: 350 transactions / minute Black Friday / Peak: 700 transactions / minute
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Payment Options
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Victim of a DDoS • On premises data center • PCI-DSS Level 1 compliant • Proof of concept attack • Threat of sustained attack • Core business impact
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 DDos mitigation with AWS DC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront DDos mitigation with AWS DC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront WAF Shield Advanced DDOS DDoS Response Team DDos mitigation with AWS DC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront Amazon EC2 Amazon EC2 Amazon EC2 Elastic Load Balancer WAF Shield Advanced DDOS DDoS Response Team DDos mitigation with AWS Auto Scaling group DC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Aftermath • No impact from subsequent attacks • Increased visibility and improved monitoring • Scale to absorb attack
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. It’s not a case of if you get targeted, but when you get targeted.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managing WAF rules at scale ALB Security Group Application Load Balancer Public Subnet AWS WAF Central Corporate Rules Application-Specific Rules Compliance-Specific Rules ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Firewall Manager • Automatic Enforcement – any AWS WAF rule on any supported resource • Resource Groups – group by Account, by Resource Type or by Tag • Multi-Account Support – integrated with AWS Organizations • Hierarchical Rules – locally-deployed rules can be layered on top of central rules • Compliance dashboard – quickly view which resources are in or out of compliance Available to Shield Advanced customers at no additional cost Available globally on Amazon CloudFront and in selected AWS Regions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service pre-requisites AWS Organizations Your organization must be using AWS Organizations to manage accounts, and All Features must be enabled. Also, delegate one account to the be Firewall Manager Administrator account AWS Config You must have AWS Config enabled for all accounts in your AWS Organization in order to allow AWS Firewall Manager to detect resource changes
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managed rule compliance dashboard
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Closing thoughts • Bots and scanners will not go away • AWS Shield makes it easier to protect applications on AWS (or elsewhere) • AWS WAF is not a black box, provides better latency and throughput • Greatly simplified incident response process • What other operational processes can we automate?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/aws-africa/ Thank you!

Empfohlen

Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...Amazon Web Services
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAmazon Web Services
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Amazon Web Services
 
Introduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationIntroduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationAmazon Web Services
 

Empfohlen

Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...Amazon Web Services
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAmazon Web Services
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Amazon Web Services
 
Introduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationIntroduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Amazon Web Services
 
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_EssentialsAmazon Web Services
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
 
Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Amazon Web Services
 
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsAmazon Web Services
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptxAmazon Web Services
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAmazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep DiveAmazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Security overview-aws-lambda
Security overview-aws-lambdaSecurity overview-aws-lambda
Security overview-aws-lambdaVIJAY REDDY
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
State of the Union : Security
State of the Union : SecurityState of the Union : Security
State of the Union : SecurityAmazon Web Services
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...RoiElbaz1
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Amazon Web Services
 
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
 
Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Amazon Web Services
 
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsAmazon Web Services
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAmazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Security overview-aws-lambda
Security overview-aws-lambdaSecurity overview-aws-lambda
Security overview-aws-lambdaVIJAY REDDY
 

Was ist angesagt? (20)

AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes Everywhere
 
Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28
 
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
 
Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...
 
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 
194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Security overview-aws-lambda
Security overview-aws-lambdaSecurity overview-aws-lambda
Security overview-aws-lambda
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
State of the Union : Security
State of the Union : SecurityState of the Union : Security
State of the Union : Security
 

Ähnlich wie Automating DDos and WAF responses - AWS Summit Cape Town 2018

Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...RoiElbaz1
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyVladimir Simek
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsBela Sojina MBA, PMP
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksAmazon Web Services
 
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksCloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksAmazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...Amazon Web Services
 

Ähnlich wie Automating DDos and WAF responses - AWS Summit Cape Town 2018 (20)

Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF Response
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
 
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksCloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
DDoS Resiliency
DDoS ResiliencyDDoS Resiliency
DDoS Resiliency
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Automating DDos and WAF responses - AWS Summit Cape Town 2018

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dr. Andrew Kane Solutions Architect, Amazon Web Services David Beukes CTO, DPO Paygate Automating DDoS and WAF Response
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager DEM O DEM O
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Types of threat Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Types of threat Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Types of threat Bad BotsDDoS Application Attacks UDP floods SYN floods Slowloris SSL abuse HTTP floods UDP reflection Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DDoS threats Network / Transport Layer DDoS
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. On-Premises mitigation approach • Scale network and fixed infrastructure to mitigate DDoS and WAF attacks on-site • Visibility and control • Large capital expenditures, maintenance costs, and in-house expertise
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud-Routed mitigation approach • Route traffic to other networks for better mitigation capacity, managed services • Mitigate larger attacks without upfront investment or in-house expertise • Black box solution – can introduce latency, additional points of failure, increased operating costs
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud-Native mitigation approach • Automatic, always-on DDoS and WAF protection for all applications on AWS • Leverage 18 AWS Geographic Regions, 1 Local Region, 112 Edge Locations and 11 Regional Caches to mitigate large attacks close to the source • Simple, flexible, and affordable, with visibility into attacks and their remediations
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. “But why do I have to?” CostScale Reliability/ Repeatability
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Wrangling security information sources CloudWatch Events On-Instance Logs VPC Flow Logs CloudWatch Logs CloudWatch Alarms (via Am azon SN S) Lambda Function Amazon S3 Access Logs S3 Bucket Macie GuardDutyCloudTrail Shield Advanced WAF
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A Quick Aside: Amazon CloudFront
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Global Content Delivery Network • Integrated with AWS WAF and AWS Shield • Intelligence of Lambda@Edge Compute Capability • Built In Security Features • Cost Effective Pricing Options Amazon CloudFront – Highlights
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront AWS WAF Amazon API Gateway Amazon CloudFront – Edge Locations Global Network Infrastructure 123 PoPs (112 Edge, 11 Regional) 26 Countries, 59 Cities
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom Origin Protection Header and ACL Content Protection Signed URL / Cookies Content Restriction Geo Blocking S3 Origin Access Identity Access Control Amazon CloudFront – Built-in Security Controls Offload Heavy-Lifting to the Edge
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Advanced Ciphers Certificate Manager RSA and ECDSA Algorithms OCSP Stapling Session Tickets Perfect Forward Secrecy Protocol Enforcement Half / Full Bridge Connections Encrypted Connections Custom Origin Protection Header and ACL Content Protection Signed URL / Cookies Content Restriction Geo Blocking S3 Origin Access Identity Access Control Compliance: PCI DSS Level 1, HIPAA, FedRamp, ISO 9001, 27001, 27017, 27018 Amazon CloudFront – Built-in Security Controls Offload Heavy-Lifting to the Edge
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield and Shield Advanced Automatically provided to all AWS customers at no additional cost Standard Protection Advanced Protection Paid service that provides additional protections, features, and benefits
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield • Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region • Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 • Application layer defense available when using AWS WAF Standard Protection Automatically provided to all AWS customers at no additional cost
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield Advanced • Attack visibility and enhanced detection • Cost Protection to mitigate economic attack vectors • AWS WAF for application-layer defense, at no additional cost • Fast escalation to the AWS DDoS Response Team (DRT) to assist with complex edge cases Advanced Protection Available globally on Amazon CloudFront, Amazon Route 53, and in select AWS Regions
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS Effective Against: • Large-scale attacks DDoS Response Team
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Effective Against: • SYN Floods • Reflection Attacks • Suspicious Sources Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS DDoS Response Team
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Effective Against: • SSL Attacks • Slowloris • Malformed HTTP Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS DDoS Response Team
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Effective Against: • HTTP Floods • Bad Bots • Suspicious IPs Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS DDoS Response Team
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defence in depth Border Network Network Layer Mitigations AWS Services Web Layer Mitigations Customer Infrastructure DDoS Detection Internet Internet- Layer Mitigations DDoS Effective Against: • Sophisticated Layer 7 attacks DDoS Response Team
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEMO: SHIELD ADVANCED • Monitoring and Alerting Setup • UDP Flood Attack Mitigation
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. UDP floods SYN floods Slowloris SSL abuse UDP reflection HTTP floods Types of threat Bad BotsDDoS Application Attacks Content scrapers Scanners & probes CrawlersApplication Layer Network/ Transport Layer SQL injection Application exploits AWSWAF
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Application threats and Bad bots Good users and bots Bad guys Web server Database SQL injection Application exploits Bad bots Content scrapers Scanners & probes Crawlers
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS WAF Fast Incident Response Managed Rulesets APIs for Automation Flexible Rule Language “A web application firewall designed to help you defend against common web application exploits.”
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace rule groups • Pre-defined rules written by AWS or AWS Partners • Designed for different purposes, e.g. • Specific applications, such as WordPress • OWASP Top 10 vulnerabilities • Automatically updated as threats emerge • No long-term contracts
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEMO: WAF VIRTUAL PATCHING • Write and roll-out patch for Struts CVE-2017-5638
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our vision is to provide an accessible, reliable, secure and comprehensive payments network across Africa.
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Territories Botswana Ethiopia Ghana Kenya Malawi Mauritius Namibia Nigeria Rwanda South Africa Tanzania Uganda Zambia Zimbabwe Angola* Cabo Verde* Cameroon* DRC* Ivory Coast* Lesotho* Madagascar* Mali* Morocco* Mozambique* Réunion* Senegal* Swaziland* Togo* 14 countries in 2017 28 countries in 2018
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Industries & Volumes Online Retail Travel & Tourism 2017: 200 transactions / minute 2018: 350 transactions / minute Black Friday / Peak: 700 transactions / minute
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Payment Options
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Victim of a DDoS • On premises data center • PCI-DSS Level 1 compliant • Proof of concept attack • Threat of sustained attack • Core business impact
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 DDos mitigation with AWS DC
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront DDos mitigation with AWS DC
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront WAF Shield Advanced DDOS DDoS Response Team DDos mitigation with AWS DC
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Amazon CloudFront Amazon EC2 Amazon EC2 Amazon EC2 Elastic Load Balancer WAF Shield Advanced DDOS DDoS Response Team DDos mitigation with AWS Auto Scaling group DC
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Aftermath • No impact from subsequent attacks • Increased visibility and improved monitoring • Scale to absorb attack
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. It’s not a case of if you get targeted, but when you get targeted.
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managing WAF rules at scale ALB Security Group Application Load Balancer Public Subnet AWS WAF Central Corporate Rules Application-Specific Rules Compliance-Specific Rules ?
  • 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Firewall Manager • Automatic Enforcement – any AWS WAF rule on any supported resource • Resource Groups – group by Account, by Resource Type or by Tag • Multi-Account Support – integrated with AWS Organizations • Hierarchical Rules – locally-deployed rules can be layered on top of central rules • Compliance dashboard – quickly view which resources are in or out of compliance Available to Shield Advanced customers at no additional cost Available globally on Amazon CloudFront and in selected AWS Regions
  • 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service pre-requisites AWS Organizations Your organization must be using AWS Organizations to manage accounts, and All Features must be enabled. Also, delegate one account to the be Firewall Manager Administrator account AWS Config You must have AWS Config enabled for all accounts in your AWS Organization in order to allow AWS Firewall Manager to detect resource changes
  • 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managed rule compliance dashboard
  • 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield ArchitectingTypes of Threats AWS WAF AWS Firewall Manager
  • 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Closing thoughts • Bots and scanners will not go away • AWS Shield makes it easier to protect applications on AWS (or elsewhere) • AWS WAF is not a black box, provides better latency and throughput • Greatly simplified incident response process • What other operational processes can we automate?
  • 54. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/aws-africa/ Thank you!